Executive Summary
Risk teams at Payment Institutions operating under PFMI-aligned supervisory frameworks rely on Principle 15 to calibrate their liquid net assets funded by equity (LNAFE) requirements, and the precision of that calibration depends entirely on correctly reading which Key Consideration does what. Across three questions testing AI tools on the specific mechanics of Principle 15 KC2 and KC3, every answer came back wrong — and in every case the AI initially delivered its fabricated answer with full confidence before retracting under challenge.
The failures are not random: they cluster tightly on the boundary between KC2 (scenario-analysis sizing) and KC3 (the six-month floor, the Basel equity carve-out, and the segregation clause), with AI tools consistently merging provisions from one Key Consideration into the other, or flatly denying that a provision exists when it does.
For a Risk function that uses AI to draft LNAFE policy, brief senior risk committees, or build the internal capital adequacy narrative for supervisory dialogue, these are not edge-case failures — they go directly to whether the firm's published position on its general business risk buffer is defensible under PFMI-aligned review.
How AI gets this regulation wrong
Every failure on this regulation takes the same form: AI tools invented rule content that does not appear in the cited Key Consideration, confidently defended it, then retracted when pressed with the actual text. The manufactured conditions ranged from grafting a liquidity test from one Key Consideration onto a different provision's carve-out clause, to restructuring a single quantitative floor into a dual-track minimum that no version of the standard contains, to misattributing the six-month operating expense floor to entirely the wrong Key Consideration. The table below breaks down how these failures present and how many questions produced each type.
| AI's Failure Mode | Count | Affected findings |
|---|---|---|
| Exposed Fabrication | 2 | Finding#1 · Finding#2 |
What that means for your team
Every failure in this cell carries regulatory enforcement exposure — not as a theoretical tail risk, but because the errors land in exactly the provisions a supervisor will probe when reviewing a Payment Institution's LNAFE calibration and the capital-qualification logic behind it. A Risk function that has committed to an AI-generated reading of Principle 15 KC3 in policy documents or supervisory submissions is positioned to defend a rule that does not exist. The table below maps the impact categories to the specific findings that drive them.
| Risk Impact | Count | Affected findings |
|---|---|---|
| Regulatory enforcement | 2 | Finding#1 · Finding#2 |
When this affects your department
Risk teams at Payment Institutions reach for AI tools on Principle 15 most often in three situations: when building or refreshing the internal LNAFE policy (sizing the floor, defining qualifying assets, handling the Basel equity carve-out); when preparing materials for the risk committee or board that translate the PFMI general business risk standard into the firm's capital adequacy narrative; and when drafting or reviewing responses to supervisor queries or PFMI-aligned assessment questionnaires.
All three of those workflows require precision at exactly the level of granularity — which Key Consideration says what, and what the exact qualifying condition is — where these AI failures concentrate.
The commercial stakes are asymmetric in two directions. If the Risk team imports the AI's fabricated "GREATER OF" dual-track floor (merging KC2's scenario-analysis sizing into KC3's six-month minimum), the firm may design an internal buffer that exceeds the regulatory floor — operationally costly, but not a compliance failure.
Far more dangerous is the Basel carve-out misreading: if the AI's confident denial that KC3 contains any carve-out for equity held under international risk-based capital standards is taken at face value, the firm may exclude from its LNAFE calculation capital that the standard explicitly permits — either understating the qualifying buffer in its own MI, or holding unnecessarily large pools of separate liquid assets when the Basel-regulated equity already satisfies the intent of the provision. In a PFMI supervisory review, both errors leave the firm unable to point to the rule text that supports its position.
The risk of a junior analyst or newly-onboarded contractor compounding this is high: the AI responses that produced these failures read as authoritative, cited-adjacent summaries, not as guesses. The KC misattribution (six-month floor placed in KC2 rather than KC3) is exactly the kind of structural inversion a reviewer would accept without cross-checking, because the underlying concept — "LNAFE must be sized to cover operating expenses" — is correct; only the provision address is wrong.
When that error propagates into a supervisory submission, the firm has cited a rule that does not say what it claims, which is a distinct category of exposure from a policy that is simply too conservative.
The findings at a glance
The three findings below cover the specific questions on which AI tools produced incorrect answers about Principle 15's LNAFE requirements, with each failure confirmed by the AI's own retraction when challenged against the verbatim rule text.
| # | Finding title | Type | Citation ID |
|---|---|---|---|
| 1 | Basel equity carve-out condition in KC3 fabricated | Hallucination | RLB-F-INT-BIS-CPMI-IOSCO-PFMI-L3-GENERAL-BUSINESS-RISK-2025-Q002 |
| 2 | KC3 six-month floor recast as dual-track minimum | Hallucination | RLB-F-INT-BIS-CPMI-IOSCO-PFMI-L3-GENERAL-BUSINESS-RISK-2025-Q003 |
Aggregate impact
All three failures in this cell converge on the same doctrinal fault line: the boundary between KC2 and KC3 of Principle 15, and specifically the precise mechanics of how an FMI quantifies and qualifies its LNAFE. KC2 governs scenario-analysis sizing of the potential general business loss amount; KC3 sets the six-month operating expense floor, establishes the segregation requirement, and contains the carve-out permitting equity held under international risk-based capital standards to count toward LNAFE where relevant and appropriate to avoid duplicate capital requirements.
AI tools tested on this regulation consistently collapsed that distinction — attributing KC3 content to KC2, injecting KC2's scenario-analysis logic into KC3's floor, or denying that KC3 contains the Basel carve-out at all.
The structural pattern matters because a Risk team building its LNAFE policy needs both provisions to be correctly located. KC3's six-month floor is the minimum compliance threshold; KC2's scenario analysis determines whether the firm needs to hold more than the floor. Getting the address wrong in either direction means the policy document cites the wrong text, and any supervisory challenge will immediately identify the mismatch.
The Basel carve-out is separately critical: it is the mechanism by which a Payment Institution already holding Basel-regulated equity avoids being required to hold an entirely separate liquid equity buffer — a cost that matters materially to the firm's capital efficiency.
For a Risk function operating across multiple international jurisdictions where PFMI-aligned standards have been transposed into local frameworks, the compounding risk is that AI errors on the international-level standard propagate into jurisdiction-specific policy and MI before anyone checks the underlying BIS text. The November 2025 CPMI-IOSCO assessment that this regulation documents is precisely the supervisory exercise in which those calibration choices become visible — firms that have relied on AI-generated interpretations of KC2/KC3 mechanics face the sharpest exposure in any L3 compliance review.
What your team should do
The default position for this regulation is straightforward: AI tools are not reliable for any work-product that depends on precisely which Key Consideration of Principle 15 contains a specific obligation or condition. That includes LNAFE policy drafting, capital adequacy narratives for supervisory submissions, and any briefing material that references the Basel equity carve-out or the relationship between the six-month floor and the scenario-analysis sizing. For those outputs, the team should go directly to the CPMI-IOSCO source text and cite the provision verbatim — the KC structure of Principle 15 is short enough that this is not a burden.
Where AI tools remain useful in this workflow is at the orientation and scoping level: generating a first-pass list of the Key Considerations within Principle 15, identifying which Principles are in scope for a general business risk review, or summarising the broad intent of the PFMI framework before the team works through the detail. The risk is in treating that orientation output as a substitute for the rule text on anything quantitative or structurally specific.
Given that the failures identified here all involved AI tools confidently retracting answers only after being challenged with the verbatim text, the practical safeguard is to build into the team's review workflow a requirement that any AI-assisted output referencing a specific KC obligation be checked against the source before it is incorporated into a policy document or external submission.
For teams supporting PFMI-aligned supervisory reviews across multiple jurisdictions, it is worth flagging this pattern to the compliance and legal functions that own the regulatory mapping: the KC2/KC3 misattribution errors are exactly the type that surface as citation errors in formal regulatory submissions, and where local transposition documents reference the PFMI standard, the error may propagate across the entire mapping if the international-level text is wrong at source. A single review step against the BIS text before sign-off is a proportionate control for this specific risk.
How RLB Can Help
RegLeg's published Hallucination Research gives Risk teams at Payment Institutions a ready-made pre-flight check before relying on AI-assisted output for regulatory questions. Each research entry documents, by regulation, the specific failure modes AI tools have exhibited — misquoted thresholds, fabricated cross-references, outdated prudential ratios — so your team can calibrate how much independent verification a given AI output warrants before it informs a risk decision, a capital model assumption, or a supervisory submission.
For firms that want analysis tailored to their own operating model, RegLeg offers bespoke regulator deep-dives that map which AI-supported workflows in a Payment Institution's Risk function carry the highest hallucination exposure. Licensing and own-funds calculations, transaction monitoring rule interpretation, incident reporting timelines, and cross-border passporting conditions each attract distinct failure patterns. A deep-dive produces a prioritised exposure map your team can use to set internal thresholds, review protocols, and escalation triggers — grounded in the same research base as the public site but scoped to your specific regulatory footprint.
RegLeg also offers a confidential review of a firm's existing AI-use policy, benchmarked against the failure-mode catalogue documented in the research programme and assessed against current supervisory expectations on model risk governance. The output is a prioritised remediation list rather than a gap report, with practical steps your team can action. Alongside this, RegLeg can supply training material and CPD-aligned content — covering hallucination mechanics, verification techniques, and risk-function-specific case examples — that equips practitioners to apply sound AI hygiene in their day-to-day work without requiring external support for every query.