SINGAPORE – New Proposed Guidelines for AI Risk Management by Financial Institutions

On 13 November 2025, the Monetary Authority of Singapore (“MAS”) issued a consultation paper proposing guidelines on the responsible use of AI in the financial sector (“Guidelines”). The consultation period for the Guidelines will end on 31 January 2026.

The Guidelines will form part of Singapore’s overarching framework for responsible AI use. They build on the principles on Fairness, Ethics, Accountability and Transparency and are intended to enhance management of AI risks in the financial sector.

The Guidelines focus on the following key areas:

Oversight of AI risk management;
Key AI risk management systems, policies, procedures;
AI life cycle controls; and
Capabilities and capacity for the use of AI.

Applicability of the Guidelines

The Guidelines will apply to all financial institutions (“FIs”) and are intended to be applied in a proportionate manner across FIs of different sizes and risk profiles in Singapore.

FIs in Singapore that are branches or subsidiaries of overseas entities can still use the AI risk management frameworks of their overseas parent entities. However, they must take steps to ensure that these frameworks align with the Guidelines.

The Guidelines will be technology-agnostic in that they will apply to all types of different AI applications and technologies. MAS will update and augment the Guidelines as and when necessary to take into account new technologies.

Overview of MAS’ Expectations

MAS’ expectations in the four key areas are highlighted below:

Key area	MAS’ Expectations
Oversight of AI Risk Management	The Guidelines specify the critical governance and oversight roles of the board of directors (“Board”) and senior management of FIs. The Board and senior management should establish and implement: frameworks, structures, policies and processes concerning AI risk management; and foster an appropriate risk culture for the use of AI. Where the overall AI risk exposure of an FI is material, the FI should establish a dedicated cross-functional committee. The Board and senior management should oversee the committee to ensure consistency and coordination.
Key AI Risk Management Systems, Policies and Procedures	AI risk management frameworks should encompass systems, policies and procedures for AI identification; inventorisation; and risk materiality assessment. Key responsibilities of FIs under this area include: setting up clear identification processes for AI usage across the business and functional processes; maintaining accurate and up-to-date inventories of AI use cases; and conducting risk materiality assessments involving the risk dimensions of impact, complexity and reliance.
AI Life Cycle Controls	FIs should plan for and implement controls covering the entire life cycle of an AI use case, system or model. The controls should cover the areas of: data management; fairness; transparency and explainability; human oversight; management of third-party AI risks; selection of AI; evaluation and testing; technology and cybersecurity; reproducibility and auditability; reviews; monitoring; and change management. Clear roles and responsibilities for controls should be assigned. FIs may implement controls proportionately with the assessed risk materiality of AI. If the risk materiality is assessed as high, contingency plans should be developed and implemented.
Capabilities and Capacities for the use of AI	FIs are expected to ensure the: necessary competence and proper conduct of personnel involved in the use of AI; capability of personnel to conduct effective AI risk management, through regular reviews; and adequacy of technology infrastructure.

What’s Next?

Upon issuance of the finalised Guidelines, a 12-month transition period is expected to apply. A copy of the Guidelines may be accessed here.

Given the prevalence of AI use by businesses, FIs should expect increased scrutiny from the MAS on the incorporation of AI into their organisations and should carefully assess their AI risk management systems against these expectations of MAS.

If you would like to understand more on what this means to your organisation, please contact us for further information.

Eversheds Sutherland dokłada wszelkich starań, aby materiały, informacje i dokumenty, w tym między innymi artykuły, biuletyny, raporty i blogi („Materiały”) publikowane na stronie Eversheds Sutherland były dokładne i kompletne. Należy jednak pamiętać, że Materiały są udostępniane wyłącznie w celach informacyjnych, a nie w celu udzielenia porady prawnej i niekoniecznie odzwierciedlają obowiązujące aktualnie przepisy prawa. Materiały nie powinny być interpretowane jako porada prawna w jakiejkolwiek sprawie.

Materiały mogą nie odzwierciedlać najnowszych zmian prawnych. Treść i interpretacja Materiałów oraz przepisy prawa wspomniane w Materiałach podlegają zmianom.

Eversheds Sutherland nie składa żadnych oświadczeń ani gwarancji, wyraźnych ani dorozumianych, co do dokładności lub kompletności Materiałów, a zatem nie należy na nich polegać. Eversheds Sutherland zrzeka się wszelkiej odpowiedzialności za działania podjęte lub niepodjęte w oparciu o część lub całość Materiałów w najszerszym zakresie dozwolonym przez prawo. Materiały nie muszą być wyczerpujące ani zawierać porad, na których można polegać. W każdej konkretnej sprawie prawnej należy zawsze skonsultować się indywidualnie z odpowiednio wykwalifikowanym prawnikiem.

Wszelkie poglądy wyrażone za pośrednictwem Materiałów są poglądami indywidualnego autora i mogą nie odzwierciedlać poglądów Eversheds Sutherland lub jakiegokolwiek innego indywidualnego prawnika.