AI Hallucination ResearchFindings by audiencePractitionersInternational / MultilateralPublic AuditorsDetail › Finding
Practitioners — Public Auditors · Last updated 26 May 2026 · methodology v2.1 · Hallucination Register
Share / Print X LinkedIn Email

Depth of incident response and recovery detail in the 2016 Cyber Guidance

RLB Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q019
AI's failure:Misattributed Risk for Public Auditors:Wrong deliverable on cybersecurity framework alignment
What the RLB Specialist Panel found

2. Depth of incident response and recovery detail in the 2016 Cyber Guidance

  • Question (paraphrased to protect IP): Does the CPMI-IOSCO 2016 Cyber Guidance itself specify detailed operational practices for cyber incident response and recovery, or is that level of detail addressed in later publications?
  • Source regulation: Guidance on Cyber Resilience for Financial Market Infrastructures (CPMI-IOSCO 2016)
  • What AI assistants typically say: AI tools affirmed that the 2016 Cyber Guidance dedicates specific sections to cyber incident response and recovery and provides detailed expectations for FMIs, enumerating operational items such as incident response plans, secondary site use, recovery and resumption planning, and communication protocols during incidents.
  • What the regulator actually says: The operational detail for incident response and recovery at the level described was provided by the FSB's publication "Effective Practices for Cyber Incident Response and Recovery" in October 2020 — four years after the 2016 guidance. That later document contains operational detail for the response and recovery phase that goes beyond what the 2016 guidance specifies, implying the 2016 document's treatment is principles-level rather than operationally prescriptive.
  • Why the AI went wrong: The AI described operational content from a later, supplementary publication as if it were present in the original 2016 guidance, conflating the principles-level text of the 2016 document with the operational detail developed in subsequent years by a related but distinct body.
  • Cited source(s): Regulator portal: https://www.bis.org
Impact for Public Auditors in international jurisdictions advising on the Guidance on Cyber Resilience for Financial Market Infrastructures (CPMI-IOSCO 2016)

For public auditors testing the depth of incident response and recovery controls against the cited regulator framework, treating the 2016 guidance as the source of forensic-analysis-database depth misreads the standard's level of operational specification. The granular content is in FSB 2020 'Effective Practices'. Audit testing that anchors on the wrong source under-tests the gap to FSB 2020 and exposes the audit team if the gap is surfaced on review.

References — raw findings (per AI model)
This finding also affects
← Previous finding Explicit NIST framework citation in the CPMI-IOSCO 2016 Cyber Guidance Next finding → Definition of 'cyber resilience' and alignment with the 2018 FSB Cyber Lexicon
Cite this finding

Each finding has a stable Citation ID (RLB-F-… for aggregated case-study findings, RLB-H-… for raw per-model hallucinations) — like a DOI, the ID always resolves to the canonical finding even if URLs change.

RLB Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q019
Plain text Download 
RegLeg Specialist Panel (2026). "Depth of incident response and recovery detail in the 2016 Cyber Guidance — Practitioners — Public Auditors." Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q019. RegLegBrief AI Hallucination Research, published 2026-05-26. https://reglegbrief.com/regulators/j1/int/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/practitioners/public-auditors/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-019/
APA 7th edition Download 
RegLeg Specialist Panel. (2026). Depth of incident response and recovery detail in the 2016 Cyber Guidance [Hallucination finding RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q019]. RegLegBrief AI Hallucination Research. https://reglegbrief.com/regulators/j1/int/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/practitioners/public-auditors/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-019/
Bluebook / OSCOLA (US + UK legal) Download 
RegLeg Specialist Panel, Depth of incident response and recovery detail in the 2016 Cyber Guidance [RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q019], RegLegBrief AI Hallucination Research (May 26, 2026), https://reglegbrief.com/regulators/j1/int/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/practitioners/public-auditors/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-019/.
BibTeX Download 
@misc{reglegbrief_RLB_F_INT_BIS_CPMI_IOSCO_CYBER_RESILIENCE_FMI_2016_Q019,
  author    = {RegLeg Specialist Panel},
  title     = {Depth of incident response and recovery detail in the 2016 Cyber Guidance},
  year      = {2026},
  publisher = {RegLegBrief AI Hallucination Research},
  note      = {Hallucination finding Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q019},
  url       = {https://reglegbrief.com/regulators/j1/int/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/practitioners/public-auditors/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-019/}
}
← Back to case study summary Case study detail →
About Citation IDs →

Every finding on this page compares an AI subject's account of the rule against the regulator's verbatim text from the regulator's own portal. Both are linked. Each delta, its root causes, and impact analysis are documented and published with immutable Citation IDs.