Executive Summary
AI assistants tested against the CPMI-IOSCO 2026 consultation on initial margin disclosure consistently mischaracterised the normative weight of its disclosure obligations — converting the consultative document's "should" language into a mandatory "must" standard — while fabricating specific disclosure elements that have no basis in the source text. For Legal teams at international law firms advising CCP clients, sell-side counterparties, or buy-side asset managers on their public disclosure posture, this is not a harmless paraphrase: it is a substantive misstatement of the regulatory position that can corrupt client advisories, comment-letter submissions, and internal compliance gap analyses at the point of drafting.
Across the finding reviewed, the AI also cited secondary commentary rather than the primary BIS document, meaning the error persisted even in sourced outputs that appeared credible. One aggregated finding was identified in this review; it carries direct liability and professional indemnity exposure for the firm.
How AI gets this regulation wrong
The dominant failure pattern on this regulation is confident fabrication — AI tools produced specific, authoritative-sounding answers that upgraded normative language and introduced disclosure criteria not present in the consultation document, then, under challenge, conceded they lacked reliable knowledge. The table below maps where that pattern surfaced and what it produced.
| AI's Failure Mode | Count | Affected findings |
|---|---|---|
| Exposed Fabrication | 1 | Finding#1 |
What that means for your team
For a law firm's Legal function, the risks from this regulation's AI failures concentrate in a single category: professional indemnity and client-facing liability, specifically the exposure created when an incorrect statement of the regulatory standard flows through into a client deliverable. The table below maps the risk impact across the finding reviewed.
| Risk Impact | Count | Affected findings |
|---|---|---|
| Liability / PI exposure | 1 | Finding#1 |
When this affects your department
Law firm Legal teams engage with this consultation in several contexts where precision about the difference between a recommendation and a mandatory obligation is the entire point of the advice. Drafting client alerts and regulatory horizon-scan memoranda for CCP clients, prime brokers, or clearing members during the consultation window requires accurately characterising what CPMI-IOSCO is proposing versus what will be enforceable once finalised.
A memo that converts "should publicly disclose" into "must publicly disclose" is not stylistically imprecise — it tells the client that their board has a hard legal obligation when the regulator has, at this stage, expressed an expectation. That distinction directly affects the client's compliance timeline, their disclosure programme governance, and how they respond to supervisory enquiries about their current override-framework transparency.
The consultation period is also when clients engage law firms to draft or review their comment-letter submissions to CPMI-IOSCO, which is a context where the firm's Legal team is often the primary author or the internal sign-off layer. An AI-assisted draft that cites fabricated disclosure elements — specific categories of information that the consultation did not actually propose — risks the firm submitting a response that misrepresents the regulatory text, undermining the client's credibility with the standard-setter at the moment when that relationship is most commercially significant.
Downstream, once the consultation is finalised, law firms advising on initial margin documentation under ISDA frameworks, or reviewing CCP rule-book changes for institutional clients, will pull from the same body of regulatory interpretation. If the foundational "should vs. must" error was embedded in internal precedent materials or know-how notes during the consultation phase — because a junior relied on an AI output without primary-source verification — it propagates into transactional advice and compliance gap analyses where the stakes are considerably higher.
The findings at a glance
The finding below summarises the specific question put to AI tools, the nature of the failure produced, and the risk exposure it creates for Legal teams working on this consultation.
| # | Finding title | Type | Citation ID |
|---|---|---|---|
| 1 | CCP override framework — 'should' vs 'must' disclosure obligation | Hallucination | RLB-F-INT-BIS-CPMI-IOSCO-INITIAL-MARGIN-DISCLOSURE-CONSULT-2026-Q005 |
Aggregate impact
The single finding reviewed on this regulation reveals a structurally important failure point: AI tools conflate "should" with "must" when interpreting CPMI-IOSCO's consultative language, and compound that error by inventing supporting disclosure criteria that do not appear in the source. Both errors travel in the same direction — they make the emerging standard look more prescriptive and detailed than it actually is.
For a law firm, this creates an asymmetric risk profile: the AI output looks well-informed (it cites a specific source and lists specific disclosure elements), which makes it more likely to be used, and more likely to pass undetected through a junior-to-partner review chain in a time-pressured environment.
The citation pattern reinforces this risk. The AI pointed to secondary financial-regulatory commentary rather than the primary BIS document, meaning a Legal team that checked the cited URL would find a source that sounds authoritative but does not contain the original regulatory text. That is the structural profile of a Pretextual citation: superficially credible, not traceable to the verbatim regulatory language. For a team drafting a client advisory or comment letter, failing to check back to the primary BIS source is the exact condition under which this error survives into a published work product.
For international law firms in particular, where matters routinely cross multiple regulatory perimeters, the "should vs. must" error is especially consequential: different jurisdictions implementing CPMI-IOSCO guidance will translate it differently, and a firm's legal work product that establishes a mandatory baseline at the consultation stage risks misaligning clients' compliance programmes relative to what individual national regulators ultimately impose. The aggregate impact here is not primarily about the volume of errors — there is one finding — but about the category of error and its proximity to the firm's most reputationally exposed output: written client advice.
What your team should do
The default position for any Legal work product that turns on normative weight — whether a regulator has said "must," "should," "expect," or "encourage" — is that AI tools cannot be trusted for that determination on a 2026 consultation document. The BIS primary text is short; checking the actual modal language against what the AI produced takes less time than correcting a published advisory. On this consultation, treat the BIS website as the only authoritative source for the override-framework disclosure language, and require that any junior output citing an AI-assisted research note includes the verbatim BIS sentence alongside the paraphrase.
For comment-letter drafting, the practical safeguard is to separate the research function from the drafting function. AI tools can legitimately assist in structuring comment-letter arguments, identifying analogous prior consultations, or drafting ancillary boilerplate sections. They should not be the research source for what the consultation actually proposes, because — as this finding demonstrates — they will add specificity (named disclosure categories, listed decision-maker types) that the text does not contain, and that fabricated specificity can appear as substantive engagement with the document rather than a drafting error.
Where AI assistance is lower-risk on this regulation: procedural questions (consultation response deadlines, submission format requirements, identity of the contact office), background context on the initial margin regulatory timeline, and comparative synthesis of CPMI-IOSCO's prior guidance where the team already holds verified source materials. The firm's know-how library and Practice Support Lawyers are the appropriate QA layer for any output that characterises the normative standard before it goes to a supervising partner or into a client-facing document.
How RLB Can Help
RegLeg's published Hallucination Research gives Legal teams at law firms a ready pre-flight check before placing weight on AI-assisted output in regulatory matters. Each research entry documents a confirmed failure mode against a specific instrument — the type of provision involved, how the AI went wrong, and the risk consequence — so lawyers can run a quick cross-reference against the regulation they are working with before finalising advice, drafting submissions, or briefing clients. The research is freely available and requires no engagement to access.
For firms that want to go further, RLB offers bespoke regulator deep-dives scoped to the specific bodies and instruments your Legal function works with most. These engagements map which AI-supported workflows — regulatory research, precedent checking, cross-border compliance comparison, client advice drafting — carry the highest hallucination exposure in your practice context, and produce a ranked risk register the team can act on immediately. The output is confidential and is tailored to the jurisdictions and regulatory perimeters your firm operates across.
RLB also conducts confidential reviews of existing AI-use policies against its failure-mode catalogue, identifying gaps between the controls a firm has documented and the classes of error its AI tools are most likely to produce on regulatory questions. Each review closes with a prioritised remediation plan. Alongside policy work, RLB can supply training materials and CPD-aligned content — structured around real failure cases — that Legal teams can deploy internally to build consistent, defensible AI literacy across practice groups and seniority levels.