Risk teams at internationally active investment banks holding CCP counterparty exposures under the CPMI-IOSCO Initial Margin Disclosure Consultation are increasingly using AI to scope CCP due diligence assessments, draft margin model governance policy updates, generate credit risk and collateral management committee briefing notes, prepare risk appetite documentation that references the May 2026 consultative document (d232), re-baseline CCP credit limits when a CCP's disclosure programme changes, and brief the chief risk officer on how the consultation's expected obligations translate into the firm's CCP exposure management framework.
The work product feeds directly into CCP counterparty limits, collateral haircut policy, and the firm's documented view of which CCPs are inside or outside its risk appetite.
Two frontier AI models tested by the RLB Specialist Panel on the consultation's text on CCP override framework disclosure produced a confident three-part disclosure specification that the consultation does not contain, and converted a "should" expectation into a "must" mandatory requirement. The failure class is Source-Credit Fabrication: a structured enumeration of regulator-issued requirements with no basis in the source document, supported by a secondary commentary URL rather than the primary BIS d232 cover note. The structure of the closed list, multiplied across the firm's CCP counterparty universe, generates a large number of credit and collateral decisions.
For a CCP risk team, the operational consequence is that any CCP due diligence assessment built on the AI output will hold counterparties to a phantom mandatory standard. CCPs that disclose general information on their override framework without enumerating the three fabricated categories will be flagged as deficient, distorting credit risk limits, collateral management policy, and board-level risk appetite documentation. The internal audit and second-line risk review will find that the policy rationale cites obligations not in the source text, and the firm's risk governance file will show a documented gap between its assessment criteria and the actual regulator-issued expectation.
A CCP whose disclosure happens to enumerate categories close to the fabricated three will appear over-compliant, masking actual gaps the risk team should have flagged.
The finding is from a Specialist Panel application-style question, framed the way a risk analyst would type it into an AI assistant when scoping the next CCP due diligence refresh for the credit risk and collateral management committee, with the request scoped to the override framework disclosure area specifically. The Panel bound the model output against the verbatim consultation text on the override framework, held as primary substrate. Citation: RLB-H-INT-BIS-CPMI-IOSCO-INITIAL-MARGIN-DISCLOSURE-CONSULT-2026-Q005-Sonnet46.
This is the consolidated view of findings. Click the Citation IDs or 'see details →' on any item for the full details for each finding.
When a Risk team at an investment bank uses AI to determine what CCPs are required to disclose about their margin model override frameworks, and the AI asserts mandatory disclosure ('must') where the consultation only recommends it ('should'), the error embeds itself in CCP due diligence assessments, internal margin governance policy, and any regulatory mapping note circulated to business lines. A CCP assessment that holds counterparties to a phantom mandatory standard may flag compliant CCPs as deficient, distort credit risk limits and collateral management policy, or produce board-level risk appetite documentation that misrepresents the applicable regime.
When internal audit or a regulator reviews the policy rationale and the cited obligation is not in the source text, the firm faces a governance finding, and, once the consultation finalises into binding guidance, a mismatch between its documented compliance framework and the actual requirement.
Every finding on this page compares an AI subject's account of the rule against the regulator's verbatim text from the regulator's own portal. Both are linked. Each delta, its root causes, and impact analysis are documented and published with immutable Citation IDs.