Software Saas × Compliance — International / Multilateral · updated 2026-05-30

Finding#1 — PFMI Annex F and critical service provider assessment methodology

RLB Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-PFMI-2012-Q011

AI's failure:Exposed Fabrication Risk for Software Saas × Compliance:Regulatory enforcement

What the RLB Specialist Panel found

Question (paraphrased to protect IP)

What does PFMI Annex F say about oversight of critical service providers, and what is the relationship between the 2014 CPMI-IOSCO assessment methodology document and Annex F?

RLB's analysis

The model was unable to access the primary PFMI PDF and instead reconstructed a narrative about the document lineage from training data, attributing specific titles and dates to BIS publication identifiers that do not match the regulator's record. The response conflates distinct documents and asserts a specific characterisation of d123's subject matter that cannot be verified against the source. A citation to the BIS PFMI landing page is presented as supporting this reconstruction.

AI Head's analysis — what weakness in the AI model caused this

The model reconstructed a narrative about CPMI document lineage from training-weighted recall, attributing specific titles and dates to publication identifiers that do not match the regulator's record. This is a compound error — a document-identity hallucination compounded by a Pretextual citation — that would be difficult to detect without authoritative document mapping. A synthetic eval probe covering the BIS d### publication series would directly surface this class of failure.

Cited source(s)

https://www.bis.org/cpmi/publ/d101a.pdf — Pretextual

Impact for Compliance Teams in Software & SaaS Sector in international jurisdictions working with the Principles for Financial Market Infrastructures (PFMI)

When a Compliance team at a Software & SaaS firm asks AI tools about the relationship between PFMI Annex F and the CPMI-IOSCO assessment methodology document for oversight of critical service providers, AI assistants we tested misidentified the relevant CPMI publication — assigning the wrong title and subject matter to the document number — and acknowledged the error only when directly challenged.

If the team relies on this response to build a regulatory gap analysis, supplier due-diligence framework, or internal training material, the incorrect document reference will be embedded in those work products.

For a firm whose platform or services are assessed as a critical service provider to a financial market infrastructure, a misdirected understanding of which document governs the oversight expectations could result in self-assessment submissions that fail to address the correct standard — a deficiency that PFMI-adopting regulators in multiple jurisdictions (including those in the EU, UK, US, Singapore, and Australia) are empowered to escalate to formal enforcement, remediation orders, or suspension of critical service provider status.

Source used by the RLB Specialist Panel to verify: https://www.bis.org

References — raw findings (per AI model)

RLB-H-INT-BIS-CPMI-IOSCO-PFMI-2012-Q011-Opus47 Claude Opus 4.7 (web search on)

This finding also affects

Cite this finding

Each finding has a stable Citation ID (RLB-F-… for aggregated case-study findings, RLB-H-… for raw per-model hallucinations) — like a DOI, the ID always resolves to the canonical finding even if URLs change.

RLB Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-PFMI-2012-Q011

Plain text Download

RegLeg Specialist Panel (2026). "Finding#1 — PFMI Annex F and critical service provider assessment methodology — Software Saas × Compliance — International / Multilateral." Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-PFMI-2012-Q011. RegLegBrief AI Hallucination Research, published 2026-05-30. https://reglegbrief.com/regulators/j1/int/bis-cpmi/cpmi-iosco-pfmi-2012/sectors/software_saas/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-PFMI-2012-v1-011/

APA 7th edition Download

RegLeg Specialist Panel. (2026). Finding#1 — PFMI Annex F and critical service provider assessment methodology [Hallucination finding RLB-F-INT-BIS-CPMI-IOSCO-PFMI-2012-Q011]. RegLegBrief AI Hallucination Research. https://reglegbrief.com/regulators/j1/int/bis-cpmi/cpmi-iosco-pfmi-2012/sectors/software_saas/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-PFMI-2012-v1-011/

Bluebook / OSCOLA (US + UK legal) Download

RegLeg Specialist Panel, Finding#1 — PFMI Annex F and critical service provider assessment methodology [RLB-F-INT-BIS-CPMI-IOSCO-PFMI-2012-Q011], RegLegBrief AI Hallucination Research (May 30, 2026), https://reglegbrief.com/regulators/j1/int/bis-cpmi/cpmi-iosco-pfmi-2012/sectors/software_saas/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-PFMI-2012-v1-011/.

BibTeX Download

@misc{reglegbrief_RLB_F_INT_BIS_CPMI_IOSCO_PFMI_2012_Q011,
  author    = {RegLeg Specialist Panel},
  title     = {Finding#1 — PFMI Annex F and critical service provider assessment methodology},
  year      = {2026},
  publisher = {RegLegBrief AI Hallucination Research},
  note      = {Hallucination finding Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-PFMI-2012-Q011},
  url       = {https://reglegbrief.com/regulators/j1/int/bis-cpmi/cpmi-iosco-pfmi-2012/sectors/software_saas/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-PFMI-2012-v1-011/}
}

← Back to case study summary Case study detail →

About Citation IDs →