Executive Summary
The CFTC's December 2025 final rule on swap dealer business conduct and documentation includes the structural elimination of the pre-trade mid-market mark (PTMMM) requirement under §23.431(a)(3) — a change that rewrites how price and compensation disclosures are sequenced for covered swaps. Risk teams at US investment banking swap dealers are now updating compliance matrices, pre-trade disclosure controls, and internal policy frameworks to reflect the new paragraph architecture.
Across the question set we tested on this rulemaking, AI tools produced a hallucination on the precise product-scope boundary of the PTMMM elimination — confidently asserting the change reached cleared CDS, which it could not have, since cleared swaps were never inside §23.431(a)(3) to begin with. The failure is not a minor technical slip: it inverts a fundamental scope boundary in the regulatory text, and the AI only walked it back when directly challenged.
For a Risk function relying on AI to accelerate post-rule policy updates or brief business lines, that pattern — confident, plausible, and wrong — is exactly the failure mode that bypasses review.
How AI gets this regulation wrong
The dominant failure pattern on this rulemaking is confident mischaracterisation of scope — AI tools stated as settled fact a product-coverage boundary that the actual regulatory text does not support, then retracted only under challenge. The error is not a gap in knowledge but an over-extension: AI took a phrase from the final rule and applied it more broadly than the provision's pre-existing scope permitted, producing a clean, authoritative-sounding answer that a reader with no independent reference point would have no reason to doubt.
| AI's Failure Mode | Count | Affected findings |
|---|---|---|
| Exposed Fabrication | 1 | Finding#1 |
What that means for your team
The risk impact for a US swap dealer's Risk function concentrates on regulatory enforcement exposure — specifically the risk of building a post-rule compliance posture on a misread scope boundary that the CFTC can test on examination. When a Risk team inherits an AI-generated characterisation of what the final rule actually changed, and that characterisation overstates the exemption's reach, the downstream artefacts — revised policies, updated disclosure schedules, sign-off memos to the desk — can collectively document a firm acting on a rule that does not exist as described.
| Risk Impact | Count | Affected findings |
|---|---|---|
| Regulatory enforcement | 1 | Finding#1 |
When this affects your department
The most immediate workflow touchpoint is the post-rule policy update cycle. When the CFTC finalises a business conduct rule that restructures §23.431 disclosures, Risk is typically tasked with updating the firm's pre-trade disclosure framework, refreshing the PTMMM control narrative for internal audit, and signing off on any revised desk-level procedures before the effective date. AI tools are attractive here precisely because the rule is dense — 200+ pages of preamble and regulatory text — and the team needs a rapid read on what actually changed versus what the CFTC discussed but did not codify.
The problem is that "rapid read" is exactly where scope mischaracterisations travel fastest.
A second touchpoint is product-line expansion and new product review. If a desk wants to launch or scale activity in cleared credit default swaps and asks Risk to confirm the pre-trade disclosure regime post-rule, a Risk team using AI to frame the answer may inherit an assertion that cleared CDS are now explicitly exempt from PTMMM — an assertion that is simultaneously wrong (cleared CDS were always out of scope), unfalsifiable without direct regulatory text review, and potentially useful to a desk trying to streamline its disclosure workflow.
The commercial pressure to accept a favourable legal characterisation makes this failure mode especially hard to self-correct.
The third touchpoint is regulatory examination preparation. CFTC examiners reviewing a swap dealer's §23.431 compliance programme will test whether the firm correctly understood the scope of each obligation before and after the December 2025 amendments. A Risk function that documented its compliance position based on an AI-generated scope reading — one that treats the PTMMM elimination as product-agnostic when it was not — faces the prospect of explaining to examiners why its internal records assert an exemption that does not appear in the regulatory text.
The remediation cost is not just a corrected policy; it is an explanation of process that may itself attract scrutiny.
The findings at a glance
The table below summarises the finding from our testing of AI tools against this rulemaking, including the question area, the AI's failure mode, and the Risk × Investment Banking impact classification.
| # | Finding title | Type | Citation ID |
|---|---|---|---|
| 1 | PTMMM scope boundary — cleared CDS always excluded | Hallucination | RLB-F-US-CFTC-SWAP-DEALER-BUSINESS-CONDUCT-DOCUMENTATION-2025-Q004 |
Aggregate impact
The finding on this rulemaking clusters on a single but high-consequence interpretive boundary: what "eliminated in its entirety" means in the context of §23.431(a)(3). The CFTC's language is procedurally precise — the provision was deleted and its substantive disclosure requirements were redistributed into §23.431(a)(2) and (3). AI tools read "eliminated in its entirety" as a product-scope statement, extending it to assert the PTMMM obligation now no longer applies across the full covered swap book, including cleared CDS instruments that were never inside the provision's original scope.
This is not a reading error confined to an obscure edge case; it goes to the fundamental question of which products were ever subject to PTMMM in the first place.
The systemic risk for a US swap dealer's Risk function is that this mischaracterisation is structurally self-reinforcing. The AI's answer sounds exactly like what a junior analyst would expect to hear after a rule that eliminated a disclosure requirement: the obligation is gone, and it's gone product-agnostically. There is no internal signal that something is wrong — the answer is coherent, it cites the right provision, and it maps onto a plausible reading of the Commission's stated intent to reduce compliance burden.
The error only surfaces if someone independently verifies the pre-existing scope of §23.431(a)(3), which is precisely the step that AI tools are supposed to accelerate.
The regulatory enforcement risk follows directly. A firm that documents its compliance posture based on an AI-generated scope characterisation — and does so across multiple artefacts (policy, control narrative, audit memo, desk procedure) — has built a paper trail that asserts a regulatory position inconsistent with the text. The CFTC's examination team reviewing §23.431 compliance post-amendment will test scope understanding; a firm that cannot explain the pre-amendment product boundary of PTMMM, and whose records suggest it misread that boundary, faces a harder conversation than one that simply had a gap.
What your team should do
The default position for any AI-assisted work on this rulemaking should be: treat AI output as a first-pass orientation to the preamble, not as a reliable source for scope boundaries. AI tools handle "what changed" reasonably well when the answer is structural — the Commission eliminated these paragraphs, moved these requirements. Where they fail is on "what was the pre-existing scope before the change" — precisely the comparative question that a Risk team needs answered to assess whether a rule change actually affects the firm's specific product mix.
The practical safeguard is to build the scope verification step into the workflow rather than leaving it to individual reviewer judgment. For any AI-generated characterisation of this rule that touches product coverage — which instruments are in or out of PTMMM — require a direct citation to the pre-amendment regulatory text of §23.431(a)(3) alongside the final rule text. If the AI cannot produce both, or if the two texts don't support the scope claim being made, treat the answer as unreliable.
This is a one-step check that takes minutes against the regulatory text and eliminates the specific failure mode we observed.
AI tools are safe on this rulemaking for tasks that do not depend on scope precision: drafting the structural narrative of the amendment (provision deleted, requirements relocated), identifying which paragraphs of §23.431 changed and which were untouched, or pulling together the Commission's stated rationale from the preamble for an internal briefing.
For anything that drives a compliance decision — which products require which disclosures under the amended rule, whether the firm's cleared CDS desk faces a changed obligation, how to update the control framework — the answer needs to come from counsel or a direct read of the regulatory text, with AI relegated to a summarisation tool operating on verified source material.
How RLB Can Help
RegLeg's published Hallucination Research gives your team a concrete pre-flight check before placing weight on AI-generated output in regulatory analysis. For a Risk function at a US investment bank, that means stress-testing the AI tools your analysts, quant risk, and compliance-adjacent teams are already using against a documented catalogue of failure modes — not hypothetical edge cases, but patterns observed across real regulatory texts including capital, margin, derivatives, and conduct frameworks that your desk is operating under.
Before a model-generated interpretation of a Fed or SEC rule lands in a stress test assumption, a credit risk framework, or a counterparty exposure memo, you can verify whether that regulatory scope is one where AI assistants have already been shown to hallucinate in material ways.
Beyond the published research, RLB can run a bespoke regulator deep-dive scoped to your specific AI-supported workflows — mapping which regulatory questions your Risk team is actually asking AI tools to answer, and where in that workflow the hallucination exposure is highest. For an investment bank, that typically surfaces around capital adequacy interpretation, cross-border margin rules, large-exposure thresholds, and model-risk overlays where the regulatory text is dense, frequently amended, and carries significant asymmetry between a correct and an incorrect read.
The output is a prioritised exposure map, not a generic AI risk framework — calibrated to your firm's jurisdictional footprint and the actual regulatory questions your function depends on getting right.
RLB also works directly with Risk teams on two further workstreams: a confidential review of your firm's existing AI-use policy against the failure-mode catalogue, identifying where current controls are under-specified for the hallucination patterns we've documented, with a prioritised remediation roadmap; and the development of training and CPD-aligned material your team can use internally — content written at the right technical register for senior risk professionals, grounding AI governance obligations in specific, documented failure patterns rather than abstract model-safety concepts. Both workstreams are built collaboratively with your team, with findings staying inside the firm.