SINGAPORE – New Proposed Guidelines for AI Risk Management by Financial Institutions

On 13 November 2025, the Monetary Authority of Singapore (“MAS”) issued a consultation paper proposing guidelines on the responsible use of AI in the financial sector (“Guidelines”). The consultation period for the Guidelines will end on 31 January 2026.

The Guidelines will form part of Singapore’s overarching framework for responsible AI use. They build on the principles on Fairness, Ethics, Accountability and Transparency and are intended to enhance management of AI risks in the financial sector.

The Guidelines focus on the following key areas:

Oversight of AI risk management;
Key AI risk management systems, policies, procedures;
AI life cycle controls; and
Capabilities and capacity for the use of AI.

Applicability of the Guidelines

The Guidelines will apply to all financial institutions (“FIs”) and are intended to be applied in a proportionate manner across FIs of different sizes and risk profiles in Singapore.

FIs in Singapore that are branches or subsidiaries of overseas entities can still use the AI risk management frameworks of their overseas parent entities. However, they must take steps to ensure that these frameworks align with the Guidelines.

The Guidelines will be technology-agnostic in that they will apply to all types of different AI applications and technologies. MAS will update and augment the Guidelines as and when necessary to take into account new technologies.

Overview of MAS’ Expectations

MAS’ expectations in the four key areas are highlighted below:

Key area	MAS’ Expectations
Oversight of AI Risk Management	The Guidelines specify the critical governance and oversight roles of the board of directors (“Board”) and senior management of FIs. The Board and senior management should establish and implement: frameworks, structures, policies and processes concerning AI risk management; and foster an appropriate risk culture for the use of AI. Where the overall AI risk exposure of an FI is material, the FI should establish a dedicated cross-functional committee. The Board and senior management should oversee the committee to ensure consistency and coordination.
Key AI Risk Management Systems, Policies and Procedures	AI risk management frameworks should encompass systems, policies and procedures for AI identification; inventorisation; and risk materiality assessment. Key responsibilities of FIs under this area include: setting up clear identification processes for AI usage across the business and functional processes; maintaining accurate and up-to-date inventories of AI use cases; and conducting risk materiality assessments involving the risk dimensions of impact, complexity and reliance.
AI Life Cycle Controls	FIs should plan for and implement controls covering the entire life cycle of an AI use case, system or model. The controls should cover the areas of: data management; fairness; transparency and explainability; human oversight; management of third-party AI risks; selection of AI; evaluation and testing; technology and cybersecurity; reproducibility and auditability; reviews; monitoring; and change management. Clear roles and responsibilities for controls should be assigned. FIs may implement controls proportionately with the assessed risk materiality of AI. If the risk materiality is assessed as high, contingency plans should be developed and implemented.
Capabilities and Capacities for the use of AI	FIs are expected to ensure the: necessary competence and proper conduct of personnel involved in the use of AI; capability of personnel to conduct effective AI risk management, through regular reviews; and adequacy of technology infrastructure.

What’s Next?

Upon issuance of the finalised Guidelines, a 12-month transition period is expected to apply. A copy of the Guidelines may be accessed here.

Given the prevalence of AI use by businesses, FIs should expect increased scrutiny from the MAS on the incorporation of AI into their organisations and should carefully assess their AI risk management systems against these expectations of MAS.

If you would like to understand more on what this means to your organisation, please contact us for further information.

"Eversheds Sutherland" toma todas las precauciones razonables para asegurar que los materiales, la información y los documentos, incluyendo pero no limitado a los artículos, boletines de noticias, informes y blogs (""Materiales"") en el sitio web de Eversheds Sutherland son exactos y completos. Sin embargo, los materiales se proporcionan sólo con fines de información general, no con el propósito de proporcionar asesoramiento jurídico, y no reflejan necesariamente la ley o los reglamentos actuales. Los materiales no deben ser interpretados como asesoramiento legal sobre ningún asunto.

Los Materiales pueden no reflejar los desarrollos legales más actuales. El contenido y la interpretación de los materiales, así como la legislación que se aborda en ellos, están sujetos a revisión. No se ofrece ninguna representación o garantía, expresa o implícita, en cuanto a la exactitud o integridad de los Materiales y, por lo tanto, no se debe confiar en ellos. Eversheds Sutherland declina toda responsabilidad con respecto a las acciones tomadas o no tomadas sobre la base de alguno o todos los contenidos de los Materiales en la medida en que lo permita la ley. Los Materiales no pretenden ser exhaustivos ni incluir asesoramiento en el que usted pueda confiar. Siempre debe consultar a un abogado debidamente cualificado sobre cualquier asunto legal específico.

Cualquier punto de vista expresado a través de los Materiales es el punto de vista del autor individual y puede no reflejar los puntos de vista de Eversheds Sutherland o de cualquier otro Abogado/Abogado individual."