MAS AI guidelines — from guidance to supervisory expectation

The Monetary Authority of Singapore published its Consultation Paper on AI Risk Management Guidelines for Financial Institutions on 13 November 2025, with the consultation period closing 31 January 2026. Once finalised (expected mid-2026), these guidelines will be treated as supervisory expectations — meaning MAS will evaluate compliance during inspections and supervisory reviews. Non-compliance could result in supervisory action.

For Singapore financial institutions, the window for treating AI governance as a voluntary best practice has effectively closed.

Who must comply

All MAS-regulated financial institutions: banks (full banks, wholesale banks, merchant banks); insurers (general and life); capital markets intermediaries (securities, futures, fund management); payment service providers; fintech firms holding MAS licences. If MAS regulates you, these guidelines apply to your AI activities.

What to implement

Governance structures. Board-level accountability for AI risk. Defined roles and responsibilities for AI oversight. AI risk appetite integrated into enterprise risk management. Regular AI risk reporting to board and senior management. Named accountability — not diffused across committees.

Risk assessment and management. Risk-based classification of AI systems by materiality. Proportionate governance — material AI systems receive intensive governance; low-risk systems receive lighter-touch oversight. Documentation of risk assessment methodology and classification rationale. Risk assessment updated when AI systems change materially.

Data management. Data quality assessment for AI training and input data. Bias assessment in training data — demographic representation, historical bias, proxy variables. Data lineage documentation. Data governance integrated with existing data management frameworks.

Model management. Model validation before deployment — appropriate to risk classification. Ongoing performance monitoring — not just point-in-time validation. Drift detection and response. Model change management — notification and revalidation for material changes. Explainability appropriate to the use case and audience.

Vendor AI governance. Structured due diligence for AI vendors. Contractual protections: no-training commitments, model documentation, performance SLAs, incident notification. Ongoing vendor performance monitoring. Contingency and exit planning for material vendor AI dependencies. As the share of AI capability sourced externally grows, vendor governance increasingly defines the quality of overall AI governance.

Customer outcomes. Monitoring AI-driven decisions for fairness across customer segments. Testing for bias in credit, pricing, claims, and customer service AI. Customer complaint analysis for AI-related issues. Transparency about AI use in customer-facing decisions where appropriate.

Integration with existing frameworks

The MAS AI guidelines sit within a broader ecosystem: PDPA requires data protection compliance for all AI processing personal data; MAS Technology Risk Management Guidelines (TRM) apply to AI as technology infrastructure; FEAT Principles (Fairness, Ethics, Accountability, Transparency) provide the ethical foundation; the AIDA Grant under FSTI (valid until March 2026) co-funds AI adoption subject to governance criteria. Build AI governance that satisfies all simultaneously rather than treating each as a separate compliance exercise.

Primary sources: MAS · PDPC · AI Verify Foundation

Related reading

Singapore PDPA Business Guide · Singapore AI by Industry Sector · AI Insurance Singapore