Background 

In November 2025, MAS issued a consultation paper proposing the introduction of the Guidelines on Artificial Intelligence Risk Management (“Guidelines”), aimed at strengthening governance, oversight, and operational controls for AI use within the financial sector. These guidelines build on the Fairness, Ethics, Accountability, and Transparency (FEAT) principles and reflect the growing use of AI systems such as Generative AI across financial institutions. 

Key Highlights 

1. AI Oversight 

Boards and senior management are expected to: 

• take ownership of AI risk, cultivate a company culture where AI is used responsibly and ethically, and ensure AI adoption does not compromise existing regulatory expectations. 

• Be responsible for integrating AI risk management into the organization’s established control frameworks. 

• Create a unified, well-coordinated, and accountable framework for managing AI risks throughout the financial institution. 

 

2. Key AI Risk Management Systems, Policies and Procedures 

 

a. AI Identification  

• Establish a structured governance framework to consistently identify and monitor AI usage across all business and support functions. 

• Clearly define and assign ownership for identifying AI use, appointing a specific control function to oversee the related systems and procedures. 

 

b. AI Inventory  

• Create and manage a current, comprehensive inventory of all its AI applications to enable effective governance and risk management across the AI entire lifecycle. 

• Document key details in the AI inventory to make governance, oversight, and risk control possible. 

• Periodically update the AI inventory’s design to reflect the attributes of emerging AI technologies. 

• Delegate clear roles and responsibilities for the inventorisation of AI 

 

c. AI Risk Materiality Assessment  

• Establish assessment methodology and its materiality to the business  

• Evaluate multiple risk factors pertinent to the specific operations and environment of the FI 

• Assign clear roles and responsibilities 

 

3. AI Life Cycle Controls 

FIs should design and enforce comprehensive controls spanning the full lifecycle of its AI applications, with clearly assigned ownership for each control measure. For any AI application deemed high-risk, FIs should create and execute predefined backup plans. 

Other areas where FIs should take note of are data management controls, transparency of AI use, systematic advantages to specific groups, human oversight, third-party management, evaluation and testing, cybersecurity risks, and reviews.  

4. Capability & Infrastructure 

FIs should consider:  

• AI Risk Management Capabilities – competence and conduct of personnel, and regular reviews
• Technology Infrastructure – IT systems can support the AI use case, system, or model 

 

5. Consultation submission deadline: 31 January 2026. 

What’s Next 

Stakeholders should begin assessing their current AI landscape to understand readiness gaps, particularly in governance structure, inventory tracking, fairness controls, model validation and monitoring processes. Early preparation will help firms transition smoothly when the Guidelines are confirmed and implemented. 

How Can We Help? 

We support institutions in meeting emerging expectations through: 

• AI governance framework development 

• AI inventory and risk scoring setup 

• Lifecycle controls (testing, explainability, fairness, drift monitoring) 

• Readiness review and implementation roadmap planning 
  
  

Contact us today to strengthen your AI risk controls and implementation of readiness under the AI Risk Management framework. Find out more here.