<- Take me back to my Compliance teams at Payment Institutions (International) overview
Executive Summary
Compliance teams at Payment Institutions are increasingly using AI to operationalise the October 2024 CPMI final report on FPS interlinking governance, recorded as publication d223. Two frontier AI models tested by the RLB Specialist Panel produced confident, citable answers on the count and scope of the report's oversight recommendations, the named list of public consultation respondents, and the distinction between the interim d219 and the final d223 that the regulator's own primary text directly contradicts.
This cell collects the relevant hallucination findings on the October 2024 CPMI final report, organised for compliance teams at payment institutions working on FPS interlinking matters. Across the relevant findings the AI subjects produced confident, citable answers on questions ranging from the count of oversight recommendations to the named list of Annex 1 consultation respondents. Every finding in this cell is bound to verbatim regulator-issued source text held as primary substrate by the RLB Specialist Panel.
How AI gets this regulation wrong
The findings in this cell cluster around two failure shapes that recur across the October 2024 CPMI final report on FPS interlinking governance: inference drift on counts and named-entity lists (oversight recommendations, consultation respondents), and misstated rules on the scoping language that places certain cross-border payment models inside or outside the report's recommendation set. In each case the AI subject committed to a specific, citable, verbatim-looking answer where the regulator's own primary text in d223 records a different position.
| AI's Failure Mode | Count | Affected findings |
|---|---|---|
| Ai Committed To Approximately 10 Oversight Recommendations Where The Final Repor | 2 | Finding#1 · Finding#2 |
| Ai Committed To Approximately 10 Oversight Recommendations And Conflated D219 S | 1 | Finding#3 |
What that means for your practice
Compliance teams at Payment Institutions commonly use AI to: compliance-monitoring frameworks for the d223 recommendations, internal control checklists keyed to each recommendation, regulator-engagement files on oversight expectations, and senior-management compliance reports on the FPS interlinking regime.
The risk concentrations across the 3 findings in this cell are summarised in the table below. Each entry maps the failure shape to its practical implications for Compliance teams at Payment Institutions working on CPMI FPS interlinking governance matters.
| Risk Impact | Count | Affected findings |
|---|---|---|
| Operational decision-support exposure on board briefings and oversight roadmaps anchored on a fabricated recommendation count | 2 | Finding#1 · Finding#2 |
| Operational decision-support exposure on oversight policy notes and supervisory roadmaps anchored on the wrong recommendation count and instrument status | 1 | Finding#3 |
When this affects Compliance teams at Payment Institutions
Compliance teams at Payment Institutions encounter the October 2024 CPMI final report when operationalise board-level briefings, drafting oversight policy notes, preparing legal or operational opinions on cross-border interlinking arrangements, and producing stakeholder-engagement materials on the d223 outcome.
The specific findings in this cell map onto the most common questions Compliance teams at Payment Institutions put to an AI tool on the October 2024 CPMI final report. First, what the count and scope of the report's oversight recommendations are. Second, which cross-border payment models the report's recommendations actually cover. Third, who the report's consultation respondents were. The AI subjects in this audit produced verbatim-looking answers on each that the regulator's own primary text in d223 directly contradicts.
The findings at a glance
The table below lists each finding from the AI testing on the CPMI October 2024 final report in this cell, showing the question area, the failure mode, and the immutable citation identifier for the underlying finding record.
Aggregate impact
The 3 findings in this cell, taken together, describe a specific pattern that Compliance teams at Payment Institutions should expect to encounter when AI tools are used on the October 2024 CPMI final report. The AI subjects in this audit committed, with no hedging, to verbatim-looking answers on counts (oversight recommendations), named-entity lists (consultation respondents), and scope questions (which cross-border payment models the recommendations cover). In each case the AI subject had access to the regulator's source text at query time, and in each case the AI's output diverged from the source text on a specific, testable fact.
The pattern across the 3 findings points to a generation behaviour that Compliance teams at Payment Institutions should treat as a near-certain failure mode in this practice area. When the question asks for a count of recommendations, a named list of consultation respondents, or a scoping statement on which payment models the report's recommendations cover, the AI subjects produced a coherent, structurally plausible answer with the wrong number, with fabricated respondent names, or with the wrong scoping treatment.
None of the AI outputs in this cell flagged uncertainty, recommended source verification, or declined to commit; each output reads as if the AI had directly retrieved the regulator's text.
For practising teams, the implication is that AI-assisted research on the CPMI October 2024 final report on FPS interlinking governance cannot be relied on for: the count of the oversight recommendations; the named list of consultation respondents; the scoping statement on the single access point and common platform models; or the distinction between the interim d219's ten considerations and the final d223's seven recommendations. Each of these is a question type the AI handles in a confident, fluent register, and each is a question type where the AI in this audit was wrong in ways the regulator's own text resolves.
Findings overview
What the AI got wrong
Finding 1: Misstated count of CPMI oversight recommendations in the October 2024 final report
Citation ID: RLB-H-INT-BIS-CPMI-CPMI-FPS-INTERLINKING-GOVERNANCE-2024-Q001-Opus47
For Payment Institution compliance officers on FPS interlinking governance, the AI's commitment to approximately ten oversight recommendations rather than the seven set out in CPMI d223 Section 5.2 lands directly in horizon-scanning entries, compliance committee briefings, control-plan updates, training material for first-line operations teams, and the firm's regulatory-change log. The wrong number anchors the team's planning on a fabricated compliance surface, drives over-implementation work against considerations carried over from the interim d219, and creates downstream inconsistencies between the team's d223 position and the recommendation set the regulator actually issued.
The risk concentrates in regulatory-change horizon scanning, control-plan updates, and compliance committee briefings on cross-border FPS developments, where the count is a verifiable fact that supervisors, counterparties, and internal QC reviewers will check against the source.
AI's failure mode: AI committed to approximately 10 oversight recommendations where the final report sets out 7.
See the full per-finding analysis →
Finding 2: Same misstated recommendation count repeated across a second AI subject
Citation ID: RLB-H-INT-BIS-CPMI-CPMI-FPS-INTERLINKING-GOVERNANCE-2024-Q002-Sonnet46
For Payment Institution compliance officers on FPS interlinking governance, the AI's commitment to approximately ten oversight recommendations rather than the seven set out in CPMI d223 Section 5.2 lands directly in horizon-scanning entries, compliance committee briefings, control-plan updates, training material for first-line operations teams, and the firm's regulatory-change log. The wrong number anchors the team's planning on a fabricated compliance surface, drives over-implementation work against considerations carried over from the interim d219, and creates downstream inconsistencies between the team's d223 position and the recommendation set the regulator actually issued.
The risk concentrates in regulatory-change horizon scanning, control-plan updates, and compliance committee briefings on cross-border FPS developments, where the count is a verifiable fact that supervisors, counterparties, and internal QC reviewers will check against the source.
AI's failure mode: AI committed to approximately 10 oversight recommendations where the final report sets out 7.
See the full per-finding analysis →
Finding 3: Conflated interim d219 considerations with final d223 recommendations
Citation ID: RLB-H-INT-BIS-CPMI-CPMI-FPS-INTERLINKING-GOVERNANCE-2024-Q006-Opus47
For Payment Institution compliance officers on FPS interlinking governance, the AI's commitment to approximately ten oversight recommendations rather than the seven set out in CPMI d223 Section 5.2 lands directly in horizon-scanning entries, compliance committee briefings, control-plan updates, training material for first-line operations teams, and the firm's regulatory-change log. The wrong number anchors the team's planning on a fabricated compliance surface, drives over-implementation work against considerations carried over from the interim d219, and creates downstream inconsistencies between the team's d223 position and the recommendation set the regulator actually issued.
The risk concentrates in regulatory-change horizon scanning, control-plan updates, and compliance committee briefings on cross-border FPS developments, where the count is a verifiable fact that supervisors, counterparties, and internal QC reviewers will check against the source.
AI's failure mode: AI committed to approximately 10 oversight recommendations and conflated d219's 10 considerations with d223's 7 recommendations.
See the full per-finding analysis →
AI's failure mode
Risk impact
What your team should do
Compliance teams at Payment Institutions working on the CPMI October 2024 final report on FPS interlinking governance should treat AI tools as a research-prompt generator and outline-drafter, with a mandatory verification step against the d223 published text, the interim d219, and the BIS portal record before AI output enters a memo, board note, opinion, or external deliverable. The findings in this cell concentrate on the question types most exposed in this practice: count of recommendations, named list of respondents, and scope statements on which payment models the recommendations cover.
Practical safeguards: every recommendation count cited in a deliverable must be matched against d223 Section 5.2 directly: every named consultation respondent must be matched against d223 Annex 1: every scope statement on the single access point or common platform model must be matched against d223 Section 2.2 and the Graph 2 caption: every reference to the interim d219's ten considerations must be matched against the d219 executive summary directly, and must be kept distinct from d223's seven recommendations.
Where the AI tool quotes any of these elements as a verbatim-looking figure, name, or rule, the source document is the only reliable input.
Where AI tools are most safely used in this practice area: framing the structure of a memo on the d223 recommendations, identifying which sections of d223 and which adjacent CPMI instruments (such as the d224 API harmonisation companion) are likely relevant, drafting first-pass client-facing summaries for review against the source text, and surfacing cross-references between d223 and adjacent CPMI work. The risk concentrates in the next step, where the AI is asked to specify the actual count, the actual respondent list, or the actual scoping treatment. At that point the d223 source document is the only reliable input.
How RLB Can Help
RegLeg's published Hallucination Research is available as a free pre-flight check for Compliance teams at Payment Institutions working across cross-border fast-payment, FPS interlinking, and CPMI oversight matters. Before relying on AI-assisted output for board briefings, regulatory interpretation, compliance documentation, or oversight roadmap work on the October 2024 CPMI final report, practitioners can consult the research to identify where AI tools have demonstrably misstated the rules: invented recommendation counts, fabricated consultation-respondent lists, and scoping treatments that pull out-of-scope payment models inside the recommendation set.
The research surfaces the exact questions where AI tools have failed, making it a practical reference rather than a general caution.
For firms where multiple teams are working the same regulatory portfolio, RegLeg offers bespoke deep-dives into individual CPMI instruments and related cross-border payment guidance. These engagements go beyond the published findings to examine the full pattern of AI failure modes relevant to the instrument: the question types, the failure mechanisms, and the risk implications for legal, compliance, risk, operations, and oversight-engagement work. The output is designed to be shared across functions and used as a durable reference, reducing duplicated due-diligence effort and creating a consistent internal standard for AI-assisted regulatory work.
RegLeg also develops training and CPD-aligned content for teams working CPMI and cross-border fast-payment matters. The material translates the failure-mode catalogue into practical guidance on the classes of error practitioners should watch for: confabulated regulatory counts, fabricated stakeholder lists, conflation of interim and final instruments, and scoping drift that distorts which payment models the recommendations cover. Separately, RegLeg offers a confidential review of a firm's existing AI-use policy against the failure-mode catalogue, identifying gaps between the policy's assumptions and the documented evidence of how AI tools perform on CPMI matters in practice.