How does the CPMI-IOSCO 2016 Cyber Guidance define 'cyber resilience', and how does this compare to the definition in the 2018 FSB Cyber Lexicon?
The model framed its comparison as if the two documents were designed to be read together, producing a nuanced and superficially reasonable alignment analysis. It did not flag that the FSB Lexicon postdates the 2016 guidance by two years and therefore could not have been an input to it. By treating the temporal gap as irrelevant, the model produced a comparison that implies a coordinated definitional relationship that may not exist. - Regulator portal (if any cited link is dud): https://www.bis.org
This finding points to a gap in how the model handles comparative questions spanning documents with a known temporal gap. The model's training data likely contains substantial commentary treating the 2016 guidance and 2018 FSB Cyber Lexicon as a coherent regulatory pair, which may have caused the model to elide the two-year gap. Post-training reward signals for regulatory comparison tasks should penalise responses that imply contemporaneous co-development between documents with materially different publication dates.
How does the CPMI-IOSCO 2016 Cyber Guidance define 'cyber resilience', and is that definition aligned with the 2018 FSB Cyber Lexicon?
The model not only compared the two definitions but asserted a specific causal relationship — that the FSB Lexicon explicitly drew on the CPMI-IOSCO definition — for which no basis was found. This converts a plausible inference (that a 2018 lexicon would be informed by a prominent 2016 document from the same regulatory community) into a stated fact. The model also presented the 2016 definition in confident detail without flagging that the Lexicon postdates it and the relationship between the two definitions remains unconfirmed. - Regulator portal (if any cited link is dud): https://www.bis.org
This finding reveals that the model not only collapsed a temporal gap but asserted a specific causal relationship (that the FSB Lexicon drew on the CPMI-IOSCO definition) for which no evidential basis was found. This is a more advanced failure than simple conflation: the model constructed a plausible-sounding provenance claim that goes beyond what the documents support. This class of error — inferred causation stated as documented fact — is particularly hazardous in legal and compliance contexts and is likely to evade generic hallucination red-teaming that focuses on factual accuracy rather than provenance accuracy.
A Lawyer advising on definitional alignment between the CPMI-IOSCO guidance and the FSB Cyber Lexicon needs to know that the relationship between the two documents' definitions is uncertain — the Lexicon postdates the guidance by two years and may not match how the 2016 text used key terms. The AI presented the two as 'aligned and broadly consistent', removing the genuine uncertainty that a Lawyer must convey to a client. An opinion that asserts definitional consistency without flagging this caveat misstates the state of the regulatory landscape.
Each finding has a stable Citation ID (RLB-F-… for aggregated case-study findings, RLB-H-… for raw per-model hallucinations) — like a DOI, the ID always resolves to the canonical finding even if URLs change.
RegLeg Specialist Panel, Finding#4 — Fabricated FSB Lexicon alignment [RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020], RegLegBrief AI Hallucination Research (May 29, 2026), https://reglegbrief.com/regulators/j1/int/bis-cpmi/cpmi-iosco-cyber-resilience-fmi-2016/practitioners/lawyers/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020/.
RegLeg Specialist Panel (2026). "Finding#4 — Fabricated FSB Lexicon alignment — Practitioners — Lawyers." Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020. RegLegBrief AI Hallucination Research, published 2026-05-29. https://reglegbrief.com/regulators/j1/int/bis-cpmi/cpmi-iosco-cyber-resilience-fmi-2016/practitioners/lawyers/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020/
RegLeg Specialist Panel. (2026). Finding#4 — Fabricated FSB Lexicon alignment [Hallucination finding RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020]. RegLegBrief AI Hallucination Research. https://reglegbrief.com/regulators/j1/int/bis-cpmi/cpmi-iosco-cyber-resilience-fmi-2016/practitioners/lawyers/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020/
@misc{reglegbrief_RLB_F_INT_BIS_CPMI_IOSCO_CYBER_RESILIENCE_FMI_2016_Q020,
author = {RegLeg Specialist Panel},
title = {Finding#4 — Fabricated FSB Lexicon alignment},
year = {2026},
publisher = {RegLegBrief AI Hallucination Research},
note = {Hallucination finding Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020},
url = {https://reglegbrief.com/regulators/j1/int/bis-cpmi/cpmi-iosco-cyber-resilience-fmi-2016/practitioners/lawyers/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020/}
}