MAS AIRG: what the proposed guidelines require, control by control
MAS's proposed Guidelines on Artificial Intelligence Risk Management set supervisory expectations for every financial institution in Singapore. This guide maps each expectation to the technical question that determines whether your implementation would hold up under examination. It is updated at each milestone on the path to issuance.
The AIRG can be satisfied two ways: with documentation that describes controls, or with controls that are technically real. Both pass the gap analysis. Only one holds in an incident, and the supervisory trend is toward examining which one you have.
Where the AIRG stands
November 2025
MAS publishes Consultation Paper P017-2025: proposed Guidelines on Artificial Intelligence Risk Management (AIRG)
31 January 2026
Public consultation closes
Expected 2026
Final Guidelines issued, with MAS response to consultation feedback
Issuance + 12 months
Proposed transition period ends; supervisory expectations apply in full
The 12-month transition window is the planning anchor. Institutions that build their inventory, materiality methodology, and control architecture before issuance spend the window refining. Institutions that wait spend it retrofitting.
Who it applies to
All financial institutions regulated by MAS: banks, insurers, capital markets intermediaries, and payment institutions. The Guidelines define AI broadly, covering models, systems, and use cases, while excluding purely rule-based tools.
Application is proportionate. An institution using assistive AI for internal productivity faces lighter expectations than one whose credit decisions, claims handling, or trading depend on AI. The annex to the consultation paper distinguishes assistive use from AI integrated into core business processes, and the depth of expected controls follows that distinction.
What boards are expected to own
The AIRG assigns explicit AI risk responsibilities to boards and senior management: setting AI risk appetite, approving the risk management framework, ensuring the organisation has the capabilities to operate it, and maintaining sufficient AI literacy to challenge what they are told. Where overall AI risk exposure is material, MAS expects a dedicated cross-functional AI risk committee.
The supervisory consequence: board reporting on AI risk needs to produce evidence a regulator would find credible, including who can halt a system, under what conditions, and what happened when thresholds were breached. Reporting that summarises model counts will not meet that bar.
The three core systems
Before lifecycle controls apply, the AIRG expects three foundation systems. Everything else in the Guidelines depends on these being accurate.
01
AI identification
A consistent process for identifying AI usage across the organisation, including AI embedded in vendor products and tools adopted by business teams without central oversight. Shadow AI sits squarely inside this expectation.
02
AI inventory
An accurate, current inventory of AI systems in production and development. The inventory is the reference object for everything else: materiality ratings, control assignments, and board reporting all key off it.
03
Risk materiality assessment
A structured assessment of each system across impact, complexity, and reliance, covering inherent and residual risk. The materiality result determines how deep the lifecycle controls must go for that system.
The fourteen lifecycle control areas, and the enforcement question each one implies
The most detailed section of the AIRG sets expectations across fourteen control areas spanning the AI lifecycle. For each area, the consultation paper describes what should be in place. The column most gap analyses skip is the one that matters under examination: whether the control operates technically, independent of human diligence.
Use the enforcement question for each area as the test. A "no" answer means the expectation is currently met at the policy layer only.
Data management
AIRG expectation
Data used to build and run AI is fit for purpose, with quality, bias, and lineage managed across the lifecycle.
The enforcement question
Can your pipeline reject or quarantine training and inference data that fails quality or provenance checks, before a human notices?
Fairness
AIRG expectation
AI-driven decisions do not systematically disadvantage individuals or groups. Fairness objectives are defined, tested, and reviewed.
The enforcement question
Where is the fairness threshold encoded in the system, and what happens at runtime when an output breaches it?
Transparency and explainability
AIRG expectation
The institution can explain AI-driven decisions at a level appropriate to the materiality of the use case and the audience.
The enforcement question
Can you reproduce the explanation for a specific past decision, with the exact model version and inputs that produced it?
Human oversight
AIRG expectation
Human oversight is meaningful and proportionate to risk materiality. Humans can intervene in AI-driven decisions.
The enforcement question
If the designated reviewer were unavailable right now, would the system halt and wait for ratification, or proceed without it?
Suspended Handoff State →Third-party AI
AIRG expectation
Externally sourced AI carries the same risk management expectations as internally built AI: due diligence, contractual safeguards, and ongoing monitoring.
The enforcement question
Which controls on vendor AI do you operate yourself, and which exist only inside the vendor’s assurances?
Model and feature selection
AIRG expectation
Model choice is justified against the risk profile of the use case, and the features used are assessed and documented.
The enforcement question
What technically prevents an unapproved model version from serving production traffic?
Evaluation and testing
AIRG expectation
AI is evaluated against defined criteria before deployment, including adversarial and GenAI-specific testing where relevant.
The enforcement question
Does a failed evaluation technically block promotion to production, or does it produce a report someone may read?
Technology and cybersecurity
AIRG expectation
AI systems sit within the institution’s technology risk and cyber frameworks, consistent with MAS TRM expectations.
The enforcement question
Do your AI service accounts hold IAM permissions wider than the actions your governance policy permits?
Reproducibility and auditability
AIRG expectation
AI-driven decisions are traceable. Records are retained so decisions can be reconstructed and examined.
The enforcement question
Is your audit trail append-only and tamper-evident, or a log that a privileged user could edit after the fact?
Pre-deployment review
AIRG expectation
A gate exists before launch: material AI passes a structured review before it reaches production.
The enforcement question
Is sign-off a deployment precondition enforced in the pipeline, or a meeting minute filed alongside it?
Human Ratification Gate →Post-deployment monitoring
AIRG expectation
Performance and behaviour are monitored after deployment, with defined thresholds that trigger review.
The enforcement question
Do threshold breaches halt or escalate execution automatically, or surface on a dashboard reviewed weekly?
Incident management
AIRG expectation
An AI incident response process exists, is tested, and connects to the institution’s wider incident frameworks.
The enforcement question
Can you halt a misbehaving AI system mid-execution, and is a named person required to do so under defined conditions?
Override Architecture →Change management
AIRG expectation
Changes to models, prompts, and configurations are governed with the same discipline as code changes.
The enforcement question
Could a prompt or configuration change reach production today without leaving an approval record?
Decommissioning
AIRG expectation
AI systems are retired safely, with dependencies identified and data obligations resolved.
The enforcement question
When a model is retired, what technically prevents downstream systems from continuing to call it?
Where GenAI and AI agents raise the bar
The AIRG addresses Generative AI and AI agents directly: hallucination risk, autonomy risk, adversarial attacks including prompt injection, and concentration risk from reliance on a small set of foundation model providers. For agents, the consultation paper's expectations intersect with IMDA's Model AI Governance Framework for Agentic AI, which states that human approval should be enforced through system-level controls rather than prompt-layer guardrails.
The practical consequence for any FI deploying agents: a prompt instructing the agent to seek approval satisfies neither framework, because content the agent processes can override it. The control that satisfies both is architectural, a halt the agent cannot route around. That distinction, between application-layer intent and architecture-layer enforcement, is where most agentic deployments will fail their first AIRG-era examination.
What to do before issuance
Now
Build the foundations
Stand up the AI inventory and the materiality methodology. These take the longest to make accurate, every other expectation depends on them, and they are valuable regardless of how the final Guidelines change.
Next
Test controls against the enforcement questions
Run the fourteen questions above against your material AI systems. Each "no" is a finding. Rank them by the materiality of the system they sit on, and close the gaps that a regulator, a board, or an incident would surface first.
Before the window opens
Make oversight reportable
Design the board reporting and override authority structure the AIRG expects: who holds the kill switch per system, the conditions that require its use, and the evidence trail each intervention leaves.
Common questions
Is the MAS AIRG in force?
Not yet. MAS published the proposed Guidelines as Consultation Paper P017-2025 in November 2025, and the public consultation closed on 31 January 2026. The final Guidelines are pending issuance, and MAS has proposed a 12-month transition period from the issuance date before expectations apply in full.
Who does the AIRG apply to?
All financial institutions regulated by MAS, including banks, insurers, capital markets intermediaries, and payment institutions. Application is proportionate: the depth of controls expected depends on how materially AI is embedded in the institution’s business processes.
What is a risk materiality assessment under the AIRG?
A structured assessment of each AI system across three minimum dimensions: impact (the consequence of the AI being wrong), complexity (how difficult the AI is to understand and validate), and reliance (how dependent the process is on the AI output). Both inherent and residual risk are considered, and the result drives how much control the system requires.
How does the AIRG relate to FEAT and the 2024 MAS information paper?
The FEAT principles (2018) set out ethical principles for AI in financial services, and the December 2024 information paper on AI model risk management described observed good practice. The AIRG moves further: it converts those positions into supervisory expectations that boards, risk functions, and business teams can be examined against.
Does the AIRG cover Generative AI and AI agents?
Yes, explicitly. The proposed Guidelines address hallucination risk, autonomy risk from AI agents, adversarial attacks including prompt injection, and concentration risk from reliance on a small number of foundation model providers.
What should financial institutions do before the final Guidelines are issued?
Build the AI inventory, define the risk materiality methodology, assess current controls against the fourteen lifecycle control areas, and establish board reporting on AI risk. Institutions that build these capabilities before the transition clock starts avoid retrofitting governance onto systems already in production.
Update log
12 June 2026: Guide published, tracking Consultation Paper P017-2025 (November 2025) and the close of consultation on 31 January 2026. Next update on issuance of the final Guidelines.
This guide summarises Aivance's reading of the proposed Guidelines for planning purposes and reflects the consultation paper, which may change on issuance. It does not constitute legal advice. For obligations specific to your institution, consult the consultation paper directly at mas.gov.sg and your legal counsel.
Fourteen enforcement questions. The diagnosis finds the one that costs you first.
The free 30-Minute Enforcement Gap Diagnosis maps your AI deployments against the AIRG expectations above and names the missing control most likely to cost your institution in the next 12 months, in a one-page diagnosis on Aivance letterhead.
Book Your Enforcement Gap Diagnosis