SINGAPORE – New Proposed Guidelines for AI Risk Management by Financial Institutions

On 13 November 2025, the Monetary Authority of Singapore (“MAS”) issued a consultation paper proposing guidelines on the responsible use of AI in the financial sector (“Guidelines”). The consultation period for the Guidelines will end on 31 January 2026.

The Guidelines will form part of Singapore’s overarching framework for responsible AI use. They build on the principles on Fairness, Ethics, Accountability and Transparency and are intended to enhance management of AI risks in the financial sector.

The Guidelines focus on the following key areas:

Oversight of AI risk management;
Key AI risk management systems, policies, procedures;
AI life cycle controls; and
Capabilities and capacity for the use of AI.

Applicability of the Guidelines

The Guidelines will apply to all financial institutions (“FIs”) and are intended to be applied in a proportionate manner across FIs of different sizes and risk profiles in Singapore.

FIs in Singapore that are branches or subsidiaries of overseas entities can still use the AI risk management frameworks of their overseas parent entities. However, they must take steps to ensure that these frameworks align with the Guidelines.

The Guidelines will be technology-agnostic in that they will apply to all types of different AI applications and technologies. MAS will update and augment the Guidelines as and when necessary to take into account new technologies.

Overview of MAS’ Expectations

MAS’ expectations in the four key areas are highlighted below:

Key area	MAS’ Expectations
Oversight of AI Risk Management	The Guidelines specify the critical governance and oversight roles of the board of directors (“Board”) and senior management of FIs. The Board and senior management should establish and implement: frameworks, structures, policies and processes concerning AI risk management; and foster an appropriate risk culture for the use of AI. Where the overall AI risk exposure of an FI is material, the FI should establish a dedicated cross-functional committee. The Board and senior management should oversee the committee to ensure consistency and coordination.
Key AI Risk Management Systems, Policies and Procedures	AI risk management frameworks should encompass systems, policies and procedures for AI identification; inventorisation; and risk materiality assessment. Key responsibilities of FIs under this area include: setting up clear identification processes for AI usage across the business and functional processes; maintaining accurate and up-to-date inventories of AI use cases; and conducting risk materiality assessments involving the risk dimensions of impact, complexity and reliance.
AI Life Cycle Controls	FIs should plan for and implement controls covering the entire life cycle of an AI use case, system or model. The controls should cover the areas of: data management; fairness; transparency and explainability; human oversight; management of third-party AI risks; selection of AI; evaluation and testing; technology and cybersecurity; reproducibility and auditability; reviews; monitoring; and change management. Clear roles and responsibilities for controls should be assigned. FIs may implement controls proportionately with the assessed risk materiality of AI. If the risk materiality is assessed as high, contingency plans should be developed and implemented.
Capabilities and Capacities for the use of AI	FIs are expected to ensure the: necessary competence and proper conduct of personnel involved in the use of AI; capability of personnel to conduct effective AI risk management, through regular reviews; and adequacy of technology infrastructure.

What’s Next?

Upon issuance of the finalised Guidelines, a 12-month transition period is expected to apply. A copy of the Guidelines may be accessed here.

Given the prevalence of AI use by businesses, FIs should expect increased scrutiny from the MAS on the incorporation of AI into their organisations and should carefully assess their AI risk management systems against these expectations of MAS.

If you would like to understand more on what this means to your organisation, please contact us for further information.

Eversheds Sutherland prend toutes les précautions raisonnables et nécessaires pour s'assurer que les informations et les documents, y compris, mais sans s'y limiter, les articles, les bulletins d'information, les rapports, les enquêtes et les blogs ("matériel") sur le site Web d'Eversheds Sutherland sont exacts et complets. Toutefois, ces documents sont fournis à titre d'information générale uniquement, et non dans le but de fournir des conseils juridiques, et ne reflètent pas nécessairement la législation ou la réglementation en vigueur. Ces documents ne doivent pas être interprétés comme des conseils juridiques sur quelque sujet que ce soit.

Les documents peuvent ne pas refléter les développements juridiques les plus récents. Le contenu et l'interprétation des documents, ainsi que la législation qui y est abordée, peuvent faire l'objet de révisions.

Aucune déclaration ou garantie, expresse ou implicite, n'est faite quant à l'exactitude ou à l'exhaustivité de la documentation et il convient donc de ne pas s'y fier. Eversheds Sutherland décline toute responsabilité en ce qui concerne les mesures prises ou non prises sur la base de tout ou partie du contenu des documents, dans toute la mesure permise par la loi. Les documents n'ont pas vocation à être exhaustifs ou à inclure des conseils sur lesquels vous pouvez vous appuyer. Vous devez toujours consulter un juriste/avocat dûment qualifié pour toute question juridique spécifique.

Les opinions exprimées dans les documents sont celles de leur auteur et ne reflètent pas nécessairement celles d'Eversheds Sutherland ou de tout autre avocat.