Monetary Authority of Singapore
·

MAS Proposes Guidelines on AI Risk Management: A Closer Look at Key Aspects

ByHisham

In November 2025, the Monetary Authority of Singapore (MAS) released a consultation paper proposing Guidelines on Artificial Intelligence Risk Management (AIRG). These guidelines aim to guide financial institutions (FIs) in responsibly adopting AI, including technologies like Generative AI and AI agents, while managing associated risks. Building on existing principles such as Fairness, Ethics, Accountability, and Transparency (FEAT), the AIRG focuses on high-level expectations for oversight, systems, policies, procedures, life cycle controls, and building capabilities. The guidelines apply to all FIs in a proportionate manner, based on their size, AI usage, and risk profiles, with a proposed 12-month transition period post-issuance. Feedback is invited until January 31, 2026.

This blog explores three core areas of the proposal: Oversight of AI Risk Management; Key AI Risk Management Systems, Policies and Procedures; and AI Life Cycle Controls, Capabilities and Capacities.

Oversight of AI Risk Management

The AIRG emphasizes strong governance from the Board and senior management to oversee AI risks effectively. The Board and senior management are responsible for establishing frameworks, structures, policies, and processes to identify AI use cases, systems, or models; assess their risk materiality; maintain inventories; manage AI throughout its life cycle; and build necessary capabilities.

They must foster an appropriate risk culture, ensure AI use aligns with supervisory expectations, and update existing risk management practices to address AI-specific risks across areas like financial, operational, conduct, and reputational risks. This includes identifying AI risks, updating policies, instituting mitigation strategies, defining risk appetites, monitoring indicators, and performing regular reviews to account for AI advancements.

For FIs with material overall AI risk exposure, such as those deploying high-risk AI in critical areas, a dedicated cross-functional committee is recommended to enhance oversight and address potential gaps. The Board approves the governance approach, sets risk appetites, and ensures regular reviews; senior management implements policies, reviews effectiveness, establishes coordination mechanisms, and allocates resources for AI risk management, including training.

This oversight ensures consistent standards, accountability, and compliance, even as AI evolves.

Key AI Risk Management Systems, Policies and Procedures

The guidelines require FIs to integrate key systems, policies, and procedures into their AI risk management framework for identification, inventorisation, and risk materiality assessment of AI, applied consistently and proportionately.

For AI identification, FIs should establish systems, policies, and procedures to consistently detect AI usage across business and functional areas. This involves clear definitions, criteria, processes, and robust systems; assigning roles to a control function for oversight, attestation, and documentation; and regular reviews to incorporate new AI technologies.

Proportionate Application of the Guidelines on AI Risk Management

On AI inventory, FIs must maintain an accurate, up-to-date inventory of AI use cases, systems, or models to support governance and risk management. Policies should cover maintenance, updates for new or decommissioned AI, and linkages to other inventories. The inventory should capture attributes like purpose, scope, model type, data used, dependencies, life cycle status, risk rating, validation status, roles, and documentation. A control function oversees this, with regular design reviews for third-party AI or emerging technologies.

For risk materiality assessment, FIs need a methodology to evaluate AI risks based on their business nature, covering inherent and residual risks. Assessments ensure controls match risks, with regular reviews. Key dimensions include impact (e.g., consequences on FI or stakeholders, data sensitivity), complexity (e.g., AI technology novelty), and reliance (e.g., autonomy level, human oversight). A control function ensures consistent application, documentation, and acts as the final arbiter.

These elements help prevent unapproved high-risk AI use and align risk management with FI’s risk appetite.

AI Life Cycle Controls, Capabilities and Capacities

The AIRG outlines robust controls across the AI life cycle, from inception to decommissioning, applied proportionately based on relevance and risk materiality. FIs should define use cases, assign roles, conduct assessments, and review controls for new technologies. For high-risk AI, contingency plans with fallbacks or “kill switches” are essential.

Key control areas include the following:

  • Data Management: ensuring data is fit-for-purpose, representative, high-quality, classified, secure, private, and auditable
  • Transparency and Explainability: calibrated disclosures and explanations to build trust
  • Fairness: defining fair outcomes, assessing biases, and mitigating discrimination
  • Human Oversight: roles, capabilities, design, and reviews to counter automation bias
  • Third-Party AI Management: onboarding, testing, and update handling
  • AI Selection: evaluating suitability, risks, and alternatives
  • Evaluation and Testing: pre- and post-deployment tests for performance, robustness, and biases
  • Technology and Cybersecurity: safeguards against threats like prompt injection
  • Reproducibility and Auditability: versioning and logging for traceability
  • Reviews: independent validations
  • Monitoring: ongoing performance checks
  • Change Management: controls for updates or decommissioning

On capabilities and capacities, FIs must ensure personnel have competence for AI development, deployment, and maintenance, through recruitment, training, and resource allocation proportionate to risks. Regular reviews update programs for new AI risks. Technology infrastructure should support AI needs, addressing availability, resilience, safety, and cybersecurity, aligned with MAS guidelines and industry frameworks.

These controls and capabilities promote safe, reliable AI use, minimizing risks like hallucinations or biases.

In summary, the MAS proposal provides a flexible yet robust framework to harness AI benefits while safeguarding the financial sector. By focusing on oversight, core systems, and life cycle management, it prepares FIs for AI’s rapid evolution. Interested parties should review the full paper and submit comments to shape its final form.

Similar Posts

One Comment

  1. Pingback: The quiet builders of the AI age: why Singapore is betting big on standards – sahafiun reactions & reviews

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.