This is the consolidated view of findings. Click the Citation IDs or 'see details →' on any item for the full details for each finding.
When a Compliance team at a Payment Institutions firm asks AI tools about the relationship between PFMI Annex F and the CPMI assessment methodology for critical service providers, the AI we tested misidentified the methodology document — substituting a publication on a different subject and presenting the error with apparent confidence. If the team uses this response to map the firm's obligations regarding critical third-party dependencies, internal policy documentation will reference the wrong publication, and any gap analysis or board report constructed on that basis will be factually incorrect.
If the error is presented to an oversight authority as part of a supervisory submission or self-assessment, the firm risks a finding of inadequate understanding of its regulatory framework — with attendant remediation requirements and potential enforcement exposure under the CPMI-IOSCO oversight expectations applicable to payment institutions.
When a Compliance team asks AI tools about the specific governance requirements PFMI Principle 2 imposes on FMI boards — and in particular whether a risk committee is mandatory — the AI we tested presented a specific key consideration number and a verbatim passage it had not verified and could not have verified from training data. The fabricated citation language and the conditional framing ('should consider') were both presented as direct quotations from the Principles.
If the Compliance function uses this response to draft board governance documentation or advise the firm's own governance arrangements on PFMI-aligned expectations, the resulting documentation will assert a regulatory position based on text that does not exist. A regulator conducting an assessment of the firm's governance framework against the PFMI would identify the discrepancy, and the firm would face both reputational consequences and the cost of corrective remediation across any governance documentation that incorporated the fabricated standard.
When a Compliance team asks AI tools for specific thresholds, cross-references, or verbatim content from the August 2016 CPMI-IOSCO consultative report on CCP resilience and recovery, the AI tools we tested correctly declined to fabricate content they could not verify — but were unable to provide the answer the Compliance function needed. If the team requires the actual thresholds or assessment criteria from this document to support a regulatory mapping, vendor due-diligence framework, or board briefing on CCP-related exposures, they will need to go directly to the source publication.
The practical risk is that a team under time pressure may accept the AI's general-level summary as sufficient and not retrieve the primary document — leaving the work product incomplete and potentially inconsistent with the actual regulatory standard.
When a Compliance team asks AI tools about the specific findings in the November 2025 CPMI-IOSCO Level 3 assessment on general business risks — particularly regarding FMI compliance with the six-month liquid net assets standard — the AI tools we tested were unable to access the document's content and declined to fabricate verbatim text. This is the correct response, but it means the AI cannot assist with any task that requires knowledge of this assessment's findings.
For a Payment Institutions firm operating in jurisdictions where regulators reference CPMI-IOSCO Level 3 assessments in their own supervisory guidance, the inability of AI tools to summarise or cite this report accurately means that compliance monitoring and internal reporting on the firm's general business risk framework must be built from the primary BIS publication — not from AI-generated summaries, which will be incomplete or absent.
When a Compliance team asks AI tools for verbatim text from the BIS press release announcing the July 2022 CPMI-IOSCO stablecoin guidance, AI tools we tested were unable to retrieve the specific content of the press release and declined to quote it. If the team needs to reference the official announcement — for example when advising the business on the regulatory status of stablecoin arrangements under PFMI-aligned frameworks, or preparing a regulatory update briefing — the AI cannot provide accurate verbatim material.
Relying on an AI-generated paraphrase of the announcement risks omitting or misrepresenting the scope or caveats of the guidance, which could result in an internal briefing that misstates the regulatory position on stablecoin-related payment obligations.
When a Compliance team asks AI tools for specific verbatim text, thresholds, or cross-references from the IOSCO co-published version of the PFMI, the AI tools we tested correctly declined to fabricate paragraph-level content from the binary PDF — but were unable to provide the precise text. For a Compliance function that needs to cite the IOSCO version specifically (as distinct from the BIS version) in a regulatory submission, cross-border mapping document, or correspondence with an IOSCO-member regulator, AI tools cannot substitute for direct access to the publication.
Any internal document that cites 'the IOSCO PFMI' without checking the actual text risks misrepresenting the co-published standard in contexts where the distinction between the BIS and IOSCO versions is material to the regulator.
When a Compliance team asks AI tools for verbatim content from the IOSCO version of the PFMI disclosure framework and assessment methodology, the AI tools we tested were unable to access the PDF and declined to fabricate paragraph-level content. The disclosure framework and assessment methodology is a core reference for Compliance functions conducting self-assessments or preparing for external assessments under the PFMI — it contains the specific assessment criteria against which each Principle is evaluated.
AI tools that cannot retrieve this document's content cannot assist with any task that requires quoting or applying the specific assessment criteria, meaning the team must source this material directly from the BIS or IOSCO publication. A self-assessment built on AI-generated summaries of the assessment methodology criteria risks omitting or mischaracterising the specific benchmarks regulators use to evaluate compliance.