Executive Summary
The CFTC's December 2025 digital asset collateral package — comprising Staff Letter 25-40 (subsequently reissued as Staff Letter 26-05) and the accompanying tokenized asset staff guidance — sets out a narrow, conditions-heavy framework under which futures commission merchants may accept certain digital assets, including qualifying payment stablecoins, as customer margin collateral.
For Legal teams at U.S. investment banking firms with FCM affiliates or swap dealer desks, getting the eligibility conditions and issuer-classification rules right is not a theoretical exercise: it determines whether a margin arrangement is compliant on day one and how internal policies need to be written to stay in step as the framework evolves.
In our structured testing of AI tools on this regulation, one aggregated question set — covering the precise legal hook that grounds national trust bank issuer eligibility — produced a hallucination: AI assistants described the substantive change in Staff Letter 26-05 correctly but systematically omitted the cross-reference to OCC Interpretive Letter 1183 that the CFTC identified as the operative eligibility anchor. The failure is invisible at first read and surfaces only when the underlying legal analysis is stress-tested — exactly the moment when the error causes the most damage.
How AI gets this regulation wrong
The dominant failure pattern AI assistants exhibit on this regulation is one of plausible incompleteness: they state what the rule changed but drop the cross-regulatory legal anchor that makes the change operative. That gap is not cosmetic — it is the difference between a correct characterisation of the eligibility framework and one that would not survive outside counsel review or a regulator query.
| AI's Failure Mode | Count | Affected findings |
|---|---|---|
| Misstated Rule | 1 | Finding#1 |
What that means for your team
The practical risk is concentrated in a single category: the wrong deliverable. Work product built on an AI summary that omits a critical cross-reference will misstate the legal basis for an eligibility determination, and that error propagates downstream into policy language, deal approvals, and any written advice to a business line relying on the FCM's or swap dealer's collateral acceptance authority.
| Risk Impact | Count | Affected findings |
|---|---|---|
| Wrong deliverable | 1 | Finding#1 |
When this affects your department
Legal teams at U.S. investment banking firms touch this regulation in a tight cluster of high-stakes contexts. The first is new-product approval: when a digital asset desk or prime brokerage group wants to accept a stablecoin as margin from a counterparty, Legal must confirm whether the instrument qualifies and under what conditions the FCM or swap dealer can hold it as customer collateral. The second is counterparty or issuer due diligence — evaluating whether a specific stablecoin issuer (including payment processors, bank-affiliated entities, or trust companies) falls within the framework's permitted-issuer categories.
Both workflows frequently begin with an AI-assisted research sweep to orient the attorney before primary-source review, and the risk is that the AI's account becomes a de facto first draft that anchors the analysis.
The specific failure documented here — AI correctly narrating the Staff Letter 25-40 → 26-05 reissuance and the national trust bank definitional expansion, but silently dropping OCC Interpretive Letter 1183 as the legal hook — is particularly dangerous in the new-product context. An eligibility memo that says "OCC-chartered national trust banks are now permitted issuers" without grounding that conclusion in the OCC interpretive letter is an incomplete legal opinion. If a senior attorney reviews AI-generated draft language quickly (reasonable in a fast-moving deal context), the omission may not be caught.
The delivered memo then becomes the internal authority on which the business relies.
Third, and increasingly common at investment banking firms building out tokenisation capabilities of their own, is the regulatory mapping exercise: Legal is asked to produce a framework document showing which digital asset structures qualify as acceptable collateral and why. A framework document that misstates the issuer-eligibility legal basis creates durable institutional misinformation — the kind that surfaces when an internal audit, a CFTC exam, or a counterparty's lawyers push on the analytical underpinning.
The findings at a glance
The table below summarises the specific question where AI assistants produced a verifiable error on this regulation, the nature of that error, and the risk category it maps to for a Legal function at a U.S. investment banking firm.
| # | Finding title | Type | Citation ID |
|---|---|---|---|
| 1 | Missing OCC cross-reference in stablecoin issuer eligibility | Hallucination | RLB-F-US-CFTC-DIGITAL-ASSET-COLLATERAL-TOKENIZED-ASSETS-STAFF-GUIDANCE-2025-Q005 |
Aggregate impact
The single finding from this regulation has a structural feature worth understanding: it is a cross-reference omission, not a factual fabrication in the conventional sense. The AI assistants tested did not invent a letter that doesn't exist or state the wrong date; they accurately described the definitional change in Staff Letter 26-05. What they failed to do is identify OCC Interpretive Letter 1183 as the legal basis for national trust bank eligibility — the hook the CFTC staff itself explicitly named.
The error category matters for how Legal should interpret AI outputs on this regulation: the AI passes a quick face-validity check but fails a completeness check.
For investment banking Legal teams, the cross-reference problem clusters predictably around the intersection of multi-agency regulatory frameworks. The CFTC's digital asset collateral framework does not exist in isolation — it routes through OCC licensing categories and relies on OCC-issued interpretive authority. AI assistants that lack reliable access to the full text of the December 2025 package and subsequent updates, or that do not surface the OCC interpretive anchor, will consistently produce summaries that look right but are legally incomplete.
The fact that two separate AI tools exhibited the same omission independently is a signal of a systematic gap, not an isolated incident.
The systemic risk for the firm is that Legal's internal guidance library on digital asset collateral eligibility may be built on a foundation that misrepresents the legal basis. That affects not only current transactions but the firm's ability to defend its eligibility determinations in an exam or enforcement context — where the CFTC would expect the firm's lawyers to know and articulate the full legal chain.
What your team should do
The default position for Legal should be that AI tools are not safe as the sole research layer on the eligibility legal basis under this framework. The failure documented here involves a cross-reference that is identified in the primary CFTC source material itself, yet was omitted by multiple AI tools. That means an attorney relying solely on an AI summary to answer a payment stablecoin eligibility question will produce work product that cannot be validated against the actual regulatory text — and may not know it.
The floor should be: any AI-generated summary on issuer eligibility or the permitted collateral categories must be reviewed against the primary CFTC staff letters and the OCC interpretive letter before it is used to ground a legal conclusion.
Where AI tools are genuinely useful in this context is on the structural and procedural framing — mapping the overall architecture of the December 2025 package, flagging the conditions that apply to FCM acceptance of digital asset collateral (haircuts, custodial requirements, concentration limits), and surfacing the relevant CFTC staff letter sequence for further review. These are orientation tasks, not legal conclusions, and AI is adequate for them provided the attorney treats the output as a starting checklist rather than a legal summary.
The practical safeguard for teams that use AI for initial research on this regulation is a standing cross-reference check: wherever AI output cites a CFTC staff letter that was reissued or amended, Legal should verify whether the AI has identified all named cross-references in that letter. OCC Interpretive Letter 1183 is the specific gap here — but the pattern (AI correctly describes a definitional change, omits the external legal hook it depends on) is a systematic risk across any multi-agency framework. Building that check into the review workflow, rather than treating it as ad hoc QC, is the durable control.
How RLB Can Help
RegLeg's published Hallucination Research is available now, free of charge, as a pre-flight check before your team relies on AI output on any regulatory question we've tested. If your attorneys are using AI tools to answer questions on FINRA rulebooks, SEC disclosure requirements, Dodd-Frank swap-dealer obligations, or cross-border capital treatment, the published findings tell you concretely where those tools fabricate citations, invert positions, or confuse jurisdictional scope — before that output reaches a brief, an opinion, or a client memo. That is not a theoretical risk catalogue; it is a documented failure log against the actual regulatory text.
For firms that want to go further, we run bespoke regulator deep-dives scoped to the specific AI-supported workflows your Legal function is running today. That means mapping your actual use cases — regulatory change monitoring, red-line drafting, internal compliance Q&A, deal-specific regulatory opinion research — against the hallucination failure modes we have characterised for the relevant US and cross-border instruments, and returning a ranked exposure assessment your team can act on. The output is workflow-specific, not a generic AI-risk framework rehash; it reflects the regulations your deal teams and compliance counsel are actually touching.
We also conduct confidential reviews of existing AI-use policies against our failure-mode catalogue. If your firm has already drafted or deployed an AI governance policy for the Legal function, we will tell you where it underspecifies the risk relative to what we have observed in practice and return a prioritised remediation list — sequenced by the workflows carrying the highest exposure, not by document structure.
Where your team needs internal training or CPD-aligned content on AI reliability in regulatory practice, we can develop that material directly from our findings, so attorneys understand not just that AI tools can hallucinate regulatory content, but the specific failure patterns most likely to surface in the work they do daily.