Singapore's MAS proposes AI risk guardrails for the financial sector, covering generative AI and agents

Singapore MAS proposes AI risk rules for finance leaders (20 November 2025)

Singapore's central bank, the Monetary Authority of Singapore (MAS), has proposed new guidelines that make AI risk management a board-level priority. The rules cover all forms of AI, including generative AI and AI agents, and would apply across financial institutions based on scale, use of AI, and risk profile.

The consultation runs until 31 January 2026, followed by a 12-month transition once finalised. If you lead a business unit, risk, technology, or operations in finance, this sets clear expectations for governance, testing, accountability, and vendor risk.

What's changing

• New MAS Guidelines on Artificial Intelligence Risk Management set expectations for safe, fair, and reliable AI use in financial services.
• Scope is proportionate: obligations scale with your institution's size, AI footprint, and risk exposure.
• Boards and senior management must approve the AI governance approach and, where AI risk is material, stand up a cross-functional oversight committee.

Core requirements you should plan for

• Maintain an accurate, living inventory of AI use cases across the firm, including generative AI and AI agents.
• Run risk materiality assessments that score each use case by impact, complexity, and degree of reliance.
• Test third-party AI products in the context of your actual use cases; do not rely on vendor claims or generic benchmarks.
• Stay accountable for fairness outcomes to customers, even when using external models or platforms.
• Assess concentration risk from over-reliance on a small number of AI providers and plan mitigations.

Accountability at the top

Boards and senior leaders will be expected to approve the overall governance approach, set risk appetite for AI, and oversee resourcing. Where AI poses material risk, establish a cross-functional committee spanning risk, technology, data, legal, compliance, and business lines with clear decision rights.

Third-party and concentration risk

Outsourcing does not outsource accountability. You will need to test external AI services against your data, policies, and customer scenarios, and document fairness outcomes and operational resilience.

Map concentration to key AI providers and foundational models. Set triggers for diversification, exit options, and contingency plans if a provider changes terms, degrades service, or introduces new risk.

Timeline and what's next

• Consultation closes: 31 January 2026.
• Transition period: 12 months after final guidelines are issued.
• An industry consortium will publish an AI Risk Management Handbook to support implementation, expected by January 2026.

MAS notes this proposal builds on its 2018 principles for responsible AI use in finance and follows recent papers on generative AI cyber risks (July 2024), AI model risk in banks (December 2024), and deepfake risks (September 2025).

Action checklist for management

• Appoint an executive owner for AI risk and form (or upgrade) an AI oversight committee if your exposure is material.
• Stand up a firm-wide AI use-case register; classify by impact, complexity, and reliance. Prioritise critical customer-facing and high-loss scenarios.
• Embed AI checks into procurement: model provenance, testing in your environment, fairness outcomes, data handling, security, and support SLAs.
• Define fairness testing for customer decisions and document outcomes and remediations.
• Quantify concentration to core AI providers; set diversification tactics and playbooks for service disruption or policy shifts.
• Plan budget, headcount, and milestones to meet the 12-month transition once finalised.
• Upskill risk, compliance, product, and engineering teams on AI assurance and controls. Consider role-based training paths that cover governance and vendor risk here.

Useful references

• Monetary Authority of Singapore (MAS) site for policy updates: mas.gov.sg

Bottom line: treat AI like any other material model or technology dependency. Get the inventory in order, test what matters, keep customers front and center on fairness, and don't let vendor lock-in become tomorrow's operational headache.