This is the consolidated view of findings. Click the Citation IDs or 'see details →' on any item for the full details for each finding.
When a Compliance team at a Statutory Boards & Agencies firm asks AI tools whether the CPMI-IOSCO 2016 Cyber Guidance's definition of 'cyber resilience' is consistent with the FSB Cyber Lexicon, the AI asserted the two are 'aligned and broadly consistent' — dropping the explicit qualification in the source that the FSB definitions 'may not match' how the 2016 guidance used those terms. If this response feeds into a regulatory gap analysis, a framework alignment report, or a cross-standard compliance mapping, the firm embeds a false premise about definitional equivalence that it has not actually verified.
For a Statutory Boards & Agencies firm supervised against international FMI standards, a compliance mapping that overstates definitional alignment between frameworks creates exposure if a regulator's examination reveals the firm's controls were designed on an unverified assumption.
When a Compliance team asks AI tools whether the CPMI-IOSCO 2016 Cyber Resilience Guidance is still the operative international standard, the AI stated it 'has not been formally revised or superseded' — missing the CPMI-IOSCO consultative document on updated guidance published in May 2026. A Compliance function that acts on this answer may continue committing resources to programmes calibrated to the 2016 version without flagging to senior management or the board that a revision is in progress.
For a Statutory Boards & Agencies firm, failing to track the active revision of a foundational international standard is itself a supervisory concern: regulators expect Compliance teams to monitor the status of the frameworks they implement, and an examination finding that the firm was unaware of a public consultation would be difficult to defend.