Software Saas × Compliance — International / Multilateral · updated 2026-06-04

Finding#1 — Fabricated stakeholder mapping across CPMI recommendation categories

RLB Citation ID: RLB-F-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q008

AI's failure:Exposed Fabrication Risk for Software Saas × Compliance:Wrong deliverable

What the RLB Specialist Panel found

Question (paraphrased to protect IP)

A compliance analyst asks which of the 10 CPMI API harmonisation recommendations specifically target commercial banks or correspondent banking institutions, which target payment system operators, which target central banks or regulators, and which target standards bodies—seeking a recommendation-by-recommendation stakeholder breakdown.

RLB's analysis

With no retrievable per-recommendation content, the model inferred stakeholder assignments from the recommendation category names and its knowledge of how standards-body governance typically works — BIAN, ISO, and SWIFT appear as plausible assignments to a harmonisation-processes category without any retrieved basis. The model presented this inference as a stakeholder breakdown, not as a reasoned extrapolation from category names.

AI Head's analysis — what weakness in the AI model caused this

Domain inference used as a stakeholder-assignment mechanism — assigning ISO, BIAN, and SWIFT to a harmonisation-processes category by structural reasoning — is not retrieval. The training data for this document appears to lack per-recommendation content, and the model's self-check did not flag that its output was constructed rather than retrieved. The RAG glue layer is not enforcing a 'content was found' gate before allowing domain-inference fill.

Impact for Compliance Teams in Software & SaaS Sector in international jurisdictions working with the Promoting the Harmonisation of Application Programming Interfaces to Enhance Cross-Border Payments: Recommendations and Toolkit

A Compliance analyst at a Software & SaaS firm asking AI tools to identify which CPMI API harmonisation recommendations their firm must implement — versus those falling on correspondent banks, payment system operators, or standards bodies — received a fabricated category-level stakeholder map presented as a bounded, careful response. The AI correctly declined to produce a per-recommendation breakdown but then committed to specific stakeholder assignments at a grouping level that no accessible source supports, meaning the hedge was cosmetic rather than substantive.

If that map is used to scope an obligations register or a banking-partner due diligence questionnaire, the error embeds at the foundation of the compliance programme — misallocating regulatory responsibility between the firm and its counterparties in ways that may only surface in internal audit or a regulator-facing review. Given the CPMI's global jurisdiction and the active national-level cascade of these recommendations across multiple markets, a firm operating internationally risks propagating the same scoping error across every jurisdiction simultaneously.

Source used by the RLB Specialist Panel to verify: https://www.bis.org

References — raw findings (per AI model)

RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q008-Opus47 Claude Opus 4.7 (web search on)

This finding also affects

Cite this finding

Each finding has a stable Citation ID (RLB-F-… for aggregated case-study findings, RLB-H-… for raw per-model hallucinations) — like a DOI, the ID always resolves to the canonical finding even if URLs change.

RLB Citation ID: RLB-F-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q008

Plain text Download

RegLeg Specialist Panel (2026). "Finding#1 — Fabricated stakeholder mapping across CPMI recommendation categories — Software Saas × Compliance — International / Multilateral." Citation ID: RLB-F-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q008. RegLegBrief AI Hallucination Research, published 2026-06-04. https://reglegbrief.com/regulators/j1/int/bis-cpmi/cpmi-api-harmonisation-cross-border-2024/sectors/software_saas/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-API-HARMONISATION-CROSS-BORDER-2024-v1-008/

APA 7th edition Download

RegLeg Specialist Panel. (2026). Finding#1 — Fabricated stakeholder mapping across CPMI recommendation categories [Hallucination finding RLB-F-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q008]. RegLegBrief AI Hallucination Research. https://reglegbrief.com/regulators/j1/int/bis-cpmi/cpmi-api-harmonisation-cross-border-2024/sectors/software_saas/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-API-HARMONISATION-CROSS-BORDER-2024-v1-008/

Bluebook / OSCOLA (US + UK legal) Download

RegLeg Specialist Panel, Finding#1 — Fabricated stakeholder mapping across CPMI recommendation categories [RLB-F-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q008], RegLegBrief AI Hallucination Research (June 04, 2026), https://reglegbrief.com/regulators/j1/int/bis-cpmi/cpmi-api-harmonisation-cross-border-2024/sectors/software_saas/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-API-HARMONISATION-CROSS-BORDER-2024-v1-008/.

BibTeX Download

@misc{reglegbrief_RLB_F_INT_BIS_CPMI_API_HARMONISATION_CROSS_BORDER_2024_Q008,
  author    = {RegLeg Specialist Panel},
  title     = {Finding#1 — Fabricated stakeholder mapping across CPMI recommendation categories},
  year      = {2026},
  publisher = {RegLegBrief AI Hallucination Research},
  note      = {Hallucination finding Citation ID: RLB-F-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q008},
  url       = {https://reglegbrief.com/regulators/j1/int/bis-cpmi/cpmi-api-harmonisation-cross-border-2024/sectors/software_saas/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-API-HARMONISATION-CROSS-BORDER-2024-v1-008/}
}

← Back to case study summary Case study detail →

About Citation IDs →