Executive Summary
The Principles for Financial Market Infrastructures (PFMI) is the international standard governing the design and operation of systemically critical financial market infrastructures — covering central counterparties, central securities depositories, payment systems, and trade repositories. For international lawyers advising FMIs, their supervisors, or participants across multiple jurisdictions, the PFMI and its companion assessment methodology documents are foundational texts. Across seven questions put to AI tools about this regulatory framework, the AI produced wrong or incomplete answers on every one.
Two of those failures were hallucinations — the AI supplied specific but incorrect citations and regulatory text it could not actually verify — while five were blind spots, where the AI was honest enough to say it could not retrieve verbatim content from PFMI-family PDFs but left lawyers with no usable answer. Every single failure in this cell carries professional liability exposure: advice, opinions, or transaction structuring based on fabricated or unverified PFMI citations can mislead clients, regulators, and counterparties in ways that are difficult and costly to correct.
How AI gets this regulation wrong
AI tools make two distinct kinds of mistakes on the PFMI: in some cases they construct plausible-sounding but unverifiable citation references and quote regulatory text they have not actually read, presenting invented detail with apparent confidence; in others, they correctly acknowledge they cannot retrieve verbatim content from the underlying PDFs, but that honesty still leaves the practitioner without a reliable answer. The table below maps each finding to the specific failure pattern — which is important context for understanding where the risk sits, because the two failure types call for different responses from a legal team.
| AI's Failure Mode | Count | Affected findings |
|---|---|---|
| Blind Spot | 5 | Finding#3 · Finding#4 · Finding#5 · Finding#6 · Finding#7 |
| Exposed Fabrication | 2 | Finding#1 · Finding#2 |
What that means for your practice
For lawyers working with the PFMI framework, every failure in this cell feeds into the same risk category: professional liability and PI exposure arising from advice or documents that misstate the regulatory position. The table below shows how that risk distributes across the individual findings — whether the underlying fault was a fabricated citation on governance obligations or a gap in the AI's access to a key assessment methodology document, the exposure for the advising lawyer is materially the same.
| Risk Impact | Count | Affected findings |
|---|---|---|
| Liability / PI exposure | 7 | Finding#1 · Finding#2 · Finding#3 · Finding#4 · Finding#5 · Finding#6 · Finding#7 |
When this affects Lawyers
International lawyers encounter the PFMI across a wide range of engagements: advising central counterparties or central securities depositories on compliance with specific Principles; providing legal opinions on whether an FMI's rules and procedures satisfy the applicable key considerations; supporting supervisory assessments or self-assessments against the assessment methodology; and advising participants or service providers on their obligations under FMI rules that are themselves shaped by PFMI requirements.
In each of these contexts, lawyers frequently turn to AI tools to get rapid orientation on specific Principles, key considerations, or companion documents before reviewing the source texts directly — and the PFMI's large published ecosystem (the core document plus assessment methodologies, Level 3 assessments, cyber guidance, CCP resilience guidance, stablecoin guidance, and co-published IOSCO versions) makes cross-referencing attractive territory for AI-assisted research.
The specific findings in this cell show that AI tools are unreliable precisely in the places lawyers most need precision. Asked about the relationship between the core PFMI and a companion assessment methodology document — the kind of structural question that frames how a lawyer scopes an engagement — an AI tool supplied an incorrect document identification. Asked about the specific governance requirements in Principle 2, including whether a risk committee is mandatory or discretionary, the AI fabricated a key consideration number and quoted committee language it had not verified.
These are not edge cases: the governance structure of an FMI board and the oversight expectations applicable to critical service providers are live issues in regulatory examinations and enforcement proceedings across every major PFMI-implementing jurisdiction.
On the blind-spot side, the failure pattern is different but equally consequential. Lawyers working on CCP resilience or recovery matters, stablecoin guidance, or the November 2025 Level 3 assessment on general business risks cannot rely on AI tools to retrieve verbatim text from those documents — the AI consistently acknowledged it lacked paragraph-level access to the relevant PDFs.
For an international lawyer conducting a multi-jurisdictional comparison against PFMI standards, the inability of AI tools to surface the actual regulatory text means any AI-assisted research workflow needs to treat the AI's output as hypothesis generation only, verified against the source documents before any professional use.
The findings at a glance
The table below lists each finding from the PFMI tested in this cell, showing the question area, what the AI got wrong, and the failure type — use it to identify which findings are most relevant to your current work on this framework.
Aggregate impact
The seven findings in this cell divide cleanly between two clusters. The first — the two hallucinations — concerns the PFMI's structural architecture: the relationship between the core document and its companion assessment methodology (including the oversight expectations applicable to critical service providers), and the specific content of Principle 2's governance requirements for FMI boards. In both cases the AI produced responses with the surface features of authoritative regulatory analysis — document numbers, key consideration references, quoted committee language — while the underlying citations were either misidentified or unverified.
For lawyers, this cluster is the higher-stakes failure because the errors are hardest to detect: a response that cites a specific key consideration number and quotes governance language reads as research, not invention.
The second cluster — five blind spots — covers the PFMI's companion publication ecosystem: the August 2016 CCP resilience and recovery consultative report, the November 2025 Level 3 assessment on general business risks, the July 2022 press release on stablecoin guidance, the IOSCO co-published version of the core PFMI, and the IOSCO co-published version of the disclosure framework and assessment methodology. In each case the AI acknowledged it could not retrieve verbatim content from the relevant PDF or webpage.
That honesty is preferable to fabrication, but it produces a systematic gap: a lawyer using AI to orient themselves across the PFMI publication landscape will find the AI capable of summarising the high-level structure of the framework while being unable to supply the actual text of any of the key companion documents.
Taken together, the findings reveal a pattern specific to the PFMI's document architecture. The core PFMI and its immediate assessment methodology form the spine of a large, cross-referencing publication family. AI tools can navigate the skeleton — recounting which documents exist and roughly what they cover — but cannot reliably supply the content of the documents themselves, and in at least two cases will supply invented content when asked for specifics.
For lawyers advising across multiple jurisdictions where the PFMI is the common standard, this means AI-assisted research can inform the framing of questions but cannot be the source of the answers.
What your team should do
The default position for legal teams working on PFMI matters should be that AI tools are not a source of regulatory text. This applies equally to the core PFMI Principles and key considerations, to the companion assessment methodologies, and to the Level 3 assessments, guidance papers, and co-published IOSCO versions that make up the wider publication family. Every specific citation — document numbers, key consideration references, quoted regulatory language — needs to be verified against the published source before it appears in any advice, opinion, or regulatory submission.
The findings in this cell show that AI tools will sometimes supply plausible-sounding citations that are wrong, and will sometimes correctly decline to supply text they cannot verify; neither outcome produces reliable material for legal work without independent verification.
For practical safeguards: when an AI tool provides a document number or key consideration reference in the context of PFMI advice work, treat it as a suggested search term, not a verified citation. The BIS publications page and the IOSCO publications library are the authoritative sources; the CPMI-IOSCO Level 3 assessments and sector-specific guidance documents should be downloaded and read directly. Where an AI correctly flags that it cannot access a particular PDF, that acknowledgement is useful — it tells the lawyer which source needs to be obtained manually — but the workflow still requires obtaining and reading the source.
Teams that have built AI-assisted research into their PFMI practice should build in a mandatory citation-verification step before any output leaves the firm.
AI tools are most safely used, in this context, for structuring research rather than populating it. Asking an AI to list the Principles most relevant to a given FMI function, identify which companion documents address a specific topic area, or explain the relationship between national implementation and the international standard is a reasonable use of the technology — the AI's high-level structural knowledge of the PFMI framework is generally sound.
The risk sits entirely in the next step: asking the AI to supply the actual regulatory text, key consideration wording, specific thresholds, or document cross-references that would need to appear in a legal work product. At that point, the source document is the only reliable input.
How RLB Can Help
RegLeg's published Hallucination Research is available as a free pre-flight check for lawyers working across international regulatory portfolios. Before relying on AI-assisted output for regulatory interpretation, compliance advice, or transaction risk assessment, lawyers can consult the research to identify where AI tools have demonstrably mis-stated the rules — wrong thresholds, invented obligations, outdated text presented as current — and calibrate their review accordingly. The research covers specific regulations by jurisdiction and surfaces the precise questions where AI tools have failed, making it a practical reference rather than a general caution.
For firms where multiple lawyers are working the same regulatory portfolio, RegLeg offers bespoke deep-dives into individual regulations. These engagements go beyond the published findings to examine the full pattern of AI failure modes relevant to a particular instrument — the question types, the failure mechanisms, and the risk implications for legal advice, transaction structuring, or regulatory engagement. The output is designed to be shared across a practice group and used as a durable reference, reducing duplicated due-diligence effort and creating a consistent internal standard for AI-assisted regulatory work.
RegLeg also develops training and CPD-aligned content for legal teams. This material translates the failure-mode catalogue into practical guidance on the classes of error lawyers should watch for — confabulated cross-references, version confusion between superseded and current instruments, jurisdiction bleed between superficially similar regimes, and inference-driven elaboration that overstates what a regulation actually requires. Separately, RegLeg offers a confidential review of a firm's existing AI-use policy against the failure-mode catalogue, identifying gaps between the policy's assumptions and the documented evidence of how AI tools perform on regulatory questions in practice.