Executive Summary
Three questions put to AI tools about the CFTC's December 2025 digital asset collateral framework — Staff Letter 25-40, its February 2026 reissuance as Staff Letter 26-05, and the accompanying tokenized asset staff guidance — produced three hallucinations across every tested configuration, with zero correct responses. The failures were not peripheral: they struck the specific legal cross-references, obligation lifecycles, and haircut-calculation mechanics that determine whether an FCM's collateral programme is actually compliant.
For US lawyers advising FCMs, prime brokers, or digital asset issuers on this framework, AI-assisted research produced work product that misstated operative rules in each case — errors that would not be caught without independent source verification against the original staff letters.
How AI gets this regulation wrong
The dominant pattern across this framework is AI confidently assembling partial or structurally inverted answers — describing the rule it expects to find rather than the rule the staff letter actually states. In one class of failure, AI reproduces the headline fact correctly (e.g., the amendment to the payment stablecoin definition) but drops the specific legal cross-reference that grounds the eligibility analysis, producing advice that reaches a defensible conclusion by the wrong route.
In the most operationally dangerous failure, AI inverts the literal direction of a conditional obligation — asserting an ongoing reporting requirement ceases when it explicitly does not — and, when challenged, retracts by admitting it conflated enumerated conditions rather than reading the text.
| AI's Failure Mode | Count | Affected findings |
|---|---|---|
| Misstated Rule | 2 | Finding#1 · Finding#3 |
| Exposed Fabrication | 1 | Finding#2 |
What that means for your practice
Every finding in this cell maps to professional indemnity and client-liability exposure — the failure mode most directly damaging to a practitioner who relies on AI research without independent source verification. The risk is concentrated in work product that reaches the client as a deliverable: the compliance memo that misstates when a reporting obligation lifts, the opinion letter grounding eligibility on an incomplete legal chain, the client briefing that omits the operative multi-DCO haircut tiebreaker.
| Risk Impact | Count | Affected findings |
|---|---|---|
| Liability / PI exposure | 3 | Finding#1 · Finding#2 · Finding#3 |
When this affects Lawyers
The CFTC's December 2025 digital asset collateral package — Staff Letter 25-40 and its successor Staff Letter 26-05 — is exactly the kind of fast-moving, lightly-indexed staff guidance that lawyers reach for AI to synthesise quickly. Clients are FCMs building out digital asset margin programmes, stablecoin issuers assessing whether their product qualifies as acceptable collateral, and prime brokers structuring custody and rehypothecation arrangements under the new framework.
The questions are operationally urgent, the staff letters are recent and not yet consolidated into CFTC rules, and the research task looks superficially tractable to AI: a bounded set of documents, named obligations, defined phases.
That tractability is precisely the trap. The failures documented here all involve the AI correctly orienting to the right part of the framework and then getting the specific operative detail wrong in a way that isn't obviously wrong. A lawyer reviewing an AI-generated memo on payment stablecoin eligibility would likely accept a description of the national trust bank amendment without noticing that the OCC Interpretive Letter 1183 cross-reference — the actual eligibility anchor — is missing. The conclusion reads correctly; the legal foundation is incomplete.
In a formal opinion or a client briefing that becomes the basis for a filing decision, that omission matters.
The stakes are sharpest on the obligation-lifecycle question. An FCM launching a digital asset collateral programme will have counsel advising when reporting obligations commence, pause, or cease. If that advice is based on AI output that inverts which conditions sunset at the end of the initial three-month onboarding phase, the FCM is exposed to a reporting violation from the moment it stops filing weekly digital asset holdings reports that the staff letter requires to continue indefinitely.
The error would likely survive internal review — the AI's framing ("the weekly cadence was conditioned on the initial period") is grammatically plausible and operationally intuitive, which is what makes it dangerous.
The findings at a glance
The table below lists each finding from this framework, the question posed, and how AI tools responded — every entry a hallucination, each one capable of reaching a client as completed work product.
Aggregate impact
The three findings in this cell are not random errors across unrelated provisions. They cluster around two operational decision points that lawyers advising FCMs and digital asset participants will encounter in sequence: first, determining which assets qualify as acceptable collateral and on what legal basis; second, understanding what ongoing obligations attach once the programme is live. AI tools failed at both steps, and the failures share a structural pattern — the AI produces an answer that is directionally coherent but substantively incomplete or inverted at precisely the detail that controls the legal outcome.
On the qualification side, two findings involve AI omitting or misapplying the specific rules that govern the haircut calculation and the eligibility chain for payment stablecoins. These are not fringe scenarios: the multi-DCO haircut tiebreaker (apply the highest accepted haircut, not the 20% floor) and the OCC Interpretive Letter 1183 anchor for national trust bank issuers are both load-bearing legal references that an FCM's compliance programme and outside counsel's opinion will need to get right.
In each case, the AI's response was superficially reasonable — it identified the right framework, used the right vocabulary, and reached a plausible conclusion — while omitting the operative rule that changes the answer.
The lifecycle-inversion finding is the highest-risk item in the set. AI tools confidently stated that weekly digital asset holdings reporting ceases at the end of the initial three-month phase; the staff letter states explicitly that it does not. When the same tools were challenged on this point, they admitted they had conflated enumerated conditions rather than reading the text. That admission is cold comfort if the work product has already been delivered, and a reporting failure that flows from reliance on that advice would be difficult to defend.
Across all three findings, the systemic implication for US lawyers is the same: AI research on this framework produces output that requires line-by-line verification against the original staff letters before it is fit for client delivery.
What your team should do
The default position on this framework is straightforward: do not deliver client work product — opinions, compliance memos, or advisory notes — that rests on AI-generated analysis of Staff Letter 25-40 or 26-05 without independent verification against the source documents. Both letters are short, publicly available on CFTC.gov, and purpose-drafted for operational clarity; the marginal time cost of reading them against AI output is low relative to the liability exposure of skipping that step.
The pattern here — AI reproducing the right framework with the wrong operative detail — is precisely the failure that survives a quick plausibility review and only surfaces when someone reads the actual text.
For qualification work (payment stablecoin eligibility, acceptable collateral determinations), the specific safeguard is to verify the legal chain, not just the conclusion. AI tools correctly identified the national trust bank amendment but dropped the OCC Interpretive Letter 1183 cross-reference that makes the eligibility analysis complete. A junior who builds a client memo from AI output will produce advice that reaches the right answer on the current state of the definition but cannot withstand a follow-on question about the statutory or interpretive basis for national trust bank eligibility. Build a verification step that checks cited authority, not just stated outcomes.
For obligation-lifecycle work — advising on when conditions commence, continue, or sunset — treat AI output as a first-pass categorisation only. The inversion finding here is particularly instructive: the AI's framing ("weekly reporting was conditioned on the initial phase") tracks the structure of the staff letter closely enough that it would survive a fast read. The safeguard is to map each AI-described obligation explicitly to the enumerated conditions in the staff letter, noting which conditions appear in the "no longer apply" paragraph and which are described separately as ongoing.
That is a 15-minute task against a short document; it is not optional for any advice that informs an FCM's compliance calendar.
How RLB Can Help
RegLeg's published Hallucination Research is available without a paywall — use it as a pre-flight check before relying on AI output on any regulatory question we've covered. If you're using AI tools to draft advice, check positions, or summarise requirements, the findings catalogue tells you specifically where those tools have been shown to hallucinate: wrong numerical thresholds, inverted obligations, misattributed scope, fabricated effective dates. That's the kind of error that lands in a client memo or a regulatory submission.
Knowing the documented failure pattern for a given rule before you run your AI query is a material risk-management step, not a nice-to-have.
For firms with multiple lawyers working the same regulatory portfolio, we run bespoke deep-dives scoped to your actual workload — the specific rules your practice group relies on, tested against the failure modes that matter for your drafting and advisory workflow. The output is a working reference your team can use at the matter level: here are the questions you should not delegate to AI tools on this regulation without independent verification, and here is what the tool got wrong when we tested it. That's a more defensible position than a generic AI-use caveat in your engagement terms.
We also produce training material and CPD-aligned content built around the failure-mode catalogue — designed for teams that need to get lawyers up to speed on where AI tools break down in regulatory practice, without sitting through vendor demonstrations of features. Separately, if your firm has an existing AI-use policy, we can run a confidential review against our failure-mode catalogue to identify gaps: obligations your policy doesn't address, failure categories your review workflow doesn't catch, and places where the policy's permitted-use boundaries are looser than the evidence warrants.