Executive Summary
Finance teams at US investment banks operating as, or supporting, FCMs face a focused but high-stakes failure pattern when using AI tools to interpret the CFTC's December 2025 digital asset collateral framework. Across the questions we put to AI assistants about this regulation, the AI produced a hallucinated rule — inventing guidance that either doesn't exist or misrepresents the operative standard the framework actually imposes. The specific failure zone is the multi-DCO haircut hierarchy: the rule governing how an FCM must calculate the applicable haircut when multiple registered clearing organizations each accept the same digital asset at different rates.
An AI answer that gets this wrong doesn't just create a compliance gap — it produces a miscalibrated margin model that a Finance team could embed in customer margin calculations, internal capital allocation tables, or product approval memos, with downstream exposure to CFTC enforcement and customer harm.
How AI gets this regulation wrong
The AI failure on this regulation follows a consistent pattern: AI assistants we tested answered a targeted question about a specific rule by substituting a different, simpler rule — presenting the floor case as though it were the operative standard, while omitting the actual governing hierarchy. The result is an invented rule that is plausible enough to survive a quick read but materially wrong where it counts.
| AI's Failure Mode | Count | Affected findings |
|---|---|---|
| Misstated Rule | 1 | Finding#1 |
What that means for your team
The primary risk exposure for Finance in an investment banking context is delivering a wrong work-product into an internal process — a miscalibrated margin model, an incorrect policy memo, or a product approval document built on a misread rule. In a margin calculation context, the firm doesn't discover the error from the AI output itself; it surfaces when positions are marked or when a CFTC examination pulls the methodology.
| Risk Impact | Count | Affected findings |
|---|---|---|
| Wrong deliverable | 1 | Finding#1 |
When this affects your department
Finance teams reach for AI tools on this regulation most often during three workflows: (1) building or reviewing the firm's digital asset margin methodology — specifically the haircut schedule applied to customer-posted collateral; (2) drafting or updating the internal policy document that maps the CFTC's December 2025 framework to the firm's existing margin and collateral operations; and (3) preparing product approval memos for new digital asset product structures where the FCM's collateral treatment needs to be confirmed against current regulatory standards.
This is a regulation that arrived in December 2025 and is still being operationalized, which means Finance teams are more likely to lean on AI to fill gaps quickly rather than waiting for formal legal sign-off on every question.
The stakes are sharpest in the margin methodology context. If a Finance analyst uses AI to confirm the haircut calculation for a digital asset accepted by multiple DCOs at different rates — and the AI returns the 20% floor as the governing rule rather than the highest-DCO-rate standard — the firm's margin model will systematically under-haircut customer collateral in precisely the scenario the regulation was designed to address. That means the firm is accepting more risk than its controls acknowledge, customers are posting less collateral than they should be, and the firm's capital coverage calculus is wrong on that exposure.
If this error travels into a product approval memo or a business line policy, the internal control framework becomes structurally misaligned with the regulation. Finance's sign-off on the product — or its representation to the second line about regulatory compliance — will be based on a rule the CFTC did not write. In an examination or enforcement context, CFTC staff can hold the FCM to the actual highest-haircut standard regardless of what the firm's internal documentation says, and a Finance team that relied on an AI output rather than primary source verification will have limited ground to stand on.
The findings at a glance
The table below summarises the one finding identified for this audience on this regulation, covering the question area, the AI's failure, and the risk category it triggers for Finance teams at US investment banks.
| # | Finding title | Type | Citation ID |
|---|---|---|---|
| 1 | Multi-DCO haircut hierarchy misread as 20% floor | Hallucination | RLB-F-US-CFTC-DIGITAL-ASSET-COLLATERAL-TOKENIZED-ASSETS-STAFF-GUIDANCE-2025-Q007 |
Aggregate impact
The error pattern on this regulation clusters on the intersection of two structural features: (1) the regulation contains two distinct "20 percent" requirements that apply to different scenarios, and (2) the operative rule for one of those scenarios — the multi-DCO case — is a hierarchy standard (apply the highest haircut), not the floor standard (apply 20%). AI assistants we tested conflated these, presenting the floor as universal while erasing the hierarchy. The failure is particularly difficult to catch because the AI's answer is partially correct: the 20% minimum does exist.
The problem is that it governs the wrong scenario, and the actual governing rule for the multi-DCO case is structurally different.
For a Finance team at a US investment bank, this creates a specific systemic risk: any internal process that relies on an AI-sourced summary of this framework will inherit an error that affects exactly the cases where the regulation matters most — digital assets accepted at multiple DCOs at different haircut rates, which is precisely where the CFTC is imposing the most conservative standard. The firm's margin model, customer disclosure documents, and FCM-level capital analysis could all converge on a rule the CFTC did not write.
The sources the AI cited in producing this answer were labelled Pretextual — secondary market commentary rather than primary CFTC text — which compounds the risk. A Finance analyst who followed the AI's citations would be directed to third-party news coverage that may itself have simplified the framework, not to the CFTC's own guidance. That's the failure mode that matters: the AI not only invented the wrong rule but pointed the reader away from the document that would have corrected it.
What your team should do
The default position for Finance on this regulation should be: AI is not a substitute for primary source review of CFTC-issued guidance on December 2025 digital asset collateral rules. This is a regulation that arrived after most AI training data was assembled, and it contains technical haircut hierarchy rules that are easy to collapse into simpler statements.
Any AI answer about the multi-DCO haircut standard should be treated as a starting point for a primary source check, not a final answer — and your team should be explicit with junior analysts about that distinction before they use AI-generated summaries in internal memos or models.
The practical safeguard is a two-step process: use AI to identify what questions to ask and where to look, then go to the CFTC's primary text to confirm the actual rule. For the specific question of haircut calculation when multiple DCOs accept the same digital asset, the answer is in the CFTC's published guidance, and the operative standard — apply the highest haircut — is one sentence.
That sentence is not hard to find if you're looking for it; the problem is that AI tools may answer the question before the analyst looks for it, and the AI answer short-circuits the primary source check. Build into your margin methodology review process an explicit requirement that the specific haircut rule for multi-DCO assets is verified against primary CFTC text, not AI output.
Where AI tools are genuinely useful for Finance on this regulation: drafting the structure of internal policy documents (not the substantive rules); generating a checklist of operational questions the firm needs to answer to implement the framework; summarising the high-level scope of the guidance before analysts dig into the technical detail. These are scoping and structuring tasks where a wrong AI answer doesn't embed itself into a margin model. The risk zone is the technical rule interpretation — specifically any question that involves a hierarchy, a prioritisation standard, or a "when X applies vs. when Y applies" distinction.
Those are exactly the questions where AI tools are most likely to collapse the rule into a simpler form.
How RLB Can Help
RegLeg's published Hallucination Research gives Finance teams a concrete pre-flight check before relying on AI output for regulatory questions. If your team is using AI tools to interpret SEC reporting requirements, navigate FINRA capital rules, or parse CFTC margin and derivatives obligations, the research surfaces the specific failure modes — wrong figures, misattributed obligations, inverted effective dates — that appear most frequently in those areas. That's not a theoretical risk catalogue; it's documented instances where AI tools confidently produced wrong regulatory conclusions on the exact regulatory texts your function works with.
Running those findings against your current AI-assisted workflows takes an hour and changes how you scope human review.
For Finance functions where the exposure is higher — treasury reporting under Reg W, intercompany funding disclosures, DFAST/CCAR capital adequacy narratives, or cross-border tax treatment under FATCA and the OECD Pillar Two rules — we do bespoke regulator deep-dives that map your team's actual AI-use touchpoints to the hallucination patterns we've catalogued for those specific rulesets. The output is a ranked exposure register: which workflow steps carry the highest failure risk, what the plausible error looks like, and where a human checkpoint materially reduces it.
It's structured to feed directly into your operational risk framework rather than sitting in a separate AI-risk silo.
We also do confidential reviews of existing AI-use policies against our failure-mode catalogue. Most Finance AI policies written in 2023–2024 were drafted before the regulatory hallucination pattern was well understood; they address data privacy and model governance but leave the substantive accuracy risk largely unmitigated. We identify the gaps, prioritise remediation by business impact, and — where the team needs to build internal competence — develop CPD-aligned training material that Finance professionals can use directly: grounded in real failure instances from the published research, mapped to the regulatory domains your team actually covers.