Singapore's MAS publishes an AI risk toolkit for finance — before its guidelines bind
On 20 March 2026 Singapore's MAS concluded phase two of Project MindForge with an AI Risk Management Toolkit for the financial sector, co-created with a 35-member industry consortium. Its Operationalisation Handbook precedes binding guidelines and spans generative and agentic AI.
On 20 March 2026 the Monetary Authority of Singapore (MAS) announced the successful conclusion of phase two of Project MindForge, publishing an AI Risk Management Toolkit for the financial services sector. Project MindForge, launched by MAS in mid-2023, exists to strengthen AI risk management for financial institutions that deploy AI in their services and operations. The toolkit is built to cover the full spread of the technology — traditional AI, generative AI, and emerging agentic AI — rather than treating generative systems as a special case bolted onto an older model-risk regime.
What the toolkit is
At the centre of the toolkit is an AI Risk Management Operationalisation Handbook that gives detailed, practical guidance on putting an AI risk-management framework into operation. It is accompanied by a supplement of AI case studies drawn from financial institutions — the experiences, challenges and risk-management practices of using AI in different organisational contexts. The Handbook is organised into four sections:
- Scope and oversight — establishing an AI governance framework and clear
roles and responsibilities for AI oversight.
- AI risk management — identifying where AI is used, assessing risk
materiality, and inventorising AI through organisational systems, policies and procedures.
- AI lifecycle management — implementing controls across the entire lifecycle
of an AI use.
- Enablers — building the organisational capabilities, infrastructure and
resources for ongoing responsible AI use.
The Handbook is explicitly a living document: MAS will update it periodically as industry practice matures and to reflect its supervisory expectations.
Guidance arriving before the rule
The sequencing is the analytically interesting part. MAS is still reviewing responses to an earlier public consultation on a set of Guidelines on AI Risk Management, and the Handbook's four sections are deliberately aligned with those proposed Guidelines. In other words, the operational "how" is being shipped to the industry while the supervisory "what" is not yet final. That inverts the usual order — rule first, implementation guidance later — and lets firms begin building before the binding text lands. It also means the Handbook will track the Guidelines as they are finalised, so today's practical guidance is a forward indicator of tomorrow's supervisory expectation.
Governing by convening
MAS did not write the toolkit alone. It was co-created by a consortium of 24 leading banks, insurers and capital-market firms plus technology partners and trade associations — 35 entities in all, including global institutions such as BlackRock, Citi, DBS, HSBC, Standard Chartered, UBS and UOB, the cloud and chip providers AWS, Google Cloud, Microsoft and Nvidia, and Singapore's main banking and insurance associations. This is regulation by convening rather than by decree: the same model the knowledge base records in Singapore's cross-sector approach to agentic AI, where the regulator sets the table and the industry co-writes the practice.
Looking ahead, MAS will set up an AI risk management workgroup under its new BuildFin.ai initiative — consortium members plus other practitioners — to develop implementation resources and build frameworks for newer AI technologies such as agentic AI. As MAS's Chief FinTech Officer Kenneth Gay put it, the Handbook "marks a major step forward in our journey to ensure the responsible adoption of AI in finance," with BuildFin.ai a "foundation for our next phase of collaboration."
Where it sits internationally
Read against the rest of this knowledge base, the MAS toolkit is another tile in a fast-thickening mosaic of voluntary, soft-law AI governance for finance. In the same month-range it sits alongside the FSB's 12 sound practices — a global menu for the financial sector — and the US Treasury's adaptation of the NIST AI Risk Management Framework. None of these creates new legal obligations; all three work by becoming the shared vocabulary that supervisors and firms converge on. For a globally active bank or insurer, the value is the ability to describe one AI governance system in terms that travel across Singapore, the G20 and the United States at once.
The contrast with the European Union remains the sharpest line on the map. Where the EU governs financial-sector AI through binding law — the AI Act's high-risk designations for creditworthiness and insurance pricing, layered over DORA's ICT and third-party regime — Singapore governs through proportionate, co-created guidance with a supervisory backstop. The broader picture of international AI governance explains why a financial centre might rationally choose the second route: in a sector where the largest players are global, a practical handbook that the industry helped write can move faster, and bind more willingly, than a statute.
Sources
- https://www.sgpc.gov.sg/api/file/getfile/Media%20release_MAS%20Partners%20Industry%20to%20Develop%20AI%20Risk%20Management%20Toolkit%20for%20the%20Financial%20Sector.pdf?path=%2Fsgpcmedia%2Fmedia_releases%2Fmas%2Fpress_release%2FP-20260320-2%2Fattachment%2FMedia+release_MAS+Partners+Industry+to+Develop+AI+Risk+Management+Toolkit+for+the+Financial+Sector.pdf
Official MAS media release (Singapore Govt Press Centre), 20 Mar 2026: toolkit, four-section Handbook, 35-member consortium (Annex A). - https://www.mas.gov.sg/news/media-releases/2026/mas-partners-industry-to-develop-ai-risk-management-toolkit-for-the-financial-sector
Canonical MAS media release for the same announcement on the regulator's own site.
Read next
How the ECB supervises AI in eurozone banks: technology-neutral, existing frameworks, a generative-AI focus
For the 2026-2028 cycle the ECB places AI under its operational-resilience priority, and in February 2026 two Supervisory Board members set out the stance: with 85%+ of supervised banks using AI, govern it within existing frameworks rather than new rules, with a sharper focus on generative AI.
The UNESCO Recommendation on the Ethics of AI: the world's broadest AI standard, and why it is not a law
UNESCO's 2021 Recommendation on the Ethics of AI is the nearest thing to a universal AI standard — adopted by 193 states. It is non-binding but broad, resting on 11 policy areas and a Readiness Assessment used by 70+ countries. Its 4th Global Forum convenes in Riyadh on 14–17 September 2026.
Singapore: the Model AI Governance Framework and AI Verify
Singapore regulates AI not with a binding law but with voluntary instruments: the Model AI Governance Framework (with a separate version for generative AI) and the AI Verify testing toolkit. The aim is trust through testable practice rather than legal obligations up front.