How ready is your bank for AI governance?
Assess your institution's readiness against Singapore's complete AI regulatory framework.
Seven Assessment Domains
Model Governance & Validation
115 REQUIREMENTS
Full AI lifecycle from identification through decommissioning. Governance structure, capability, third-party AI, and generative AI controls.
Data Governance & Privacy
15 REQUIREMENTS
Personal data in AI systems: consent, data protection, privacy-by-design, anonymisation, bias assessment, and third-party data processing.
Client-Facing AI & Suitability
14 REQUIREMENTS
AI systems interacting with clients: algorithm governance, suitability of advice, fair dealing, customer transparency, and redress.
Explainability & Fairness
11 REQUIREMENTS
Responsible AI principles: fairness definitions, protected attributes, bias detection, explainability methods, and agentic AI governance.
Outsourcing & Third-Party AI
12 REQUIREMENTS
AI from external providers: governance framework, due diligence, outsourcing agreements, concentration risk, and lifecycle management.
Operational Resilience & Cybersecurity
12 REQUIREMENTS
Technology and security infrastructure: IT governance, access control, audit logging, incident management, and AI-specific security.
Governance Structure & Accountability
14 REQUIREMENTS
Institutional governance architecture: AI management system, risk appetite, AI risk culture, operating model, and skills/knowledge.
13 Source Instruments
| Instrument | Authority | Status | Tier | Reqs |
|---|---|---|---|---|
| P017 – Proposed Guidelines on AI Risk Management | MAS | Consultation (closed Jan 2026) | CONSULTATION | 57 |
| MindForge Ops Handbook & Implementation Examples | MAS/Industry | Published Jan 2026 | METHODOLOGY | 32 |
| ISO/IEC 42001:2023 | ISO/IEC | Published | ASSURANCE | 19 |
| FEAT Principles (2018) | MAS | Published | METHODOLOGY | 17 |
| MAS Information Paper on AI Model Risk Management | MAS | Published Dec 2024 | OBSERVED PRACTICE | 16 |
| TRM Guidelines 2021 | MAS | In force | SUPERVISORY | 13 |
| PDPA Advisory Guidelines (Mar 2024) | PDPC | Published Mar 2024 | METHODOLOGY | 11 |
| Outsourcing Guidelines (Banks, Dec 2023) | MAS | In force | SUPERVISORY | 8 |
| CMG-G02 Digital Advisory Guidelines | MAS | In force | SUPERVISORY | 7 |
| Veritas Assessment Methodology | MAS/Industry | Published | METHODOLOGY | 6 |
| Fair Dealing Guidelines (May 2024) | MAS | In force | SUPERVISORY | 3 |
| IMDA Model AI Governance Framework for Agentic AI | IMDA | Published | METHODOLOGY | 2 |
| P004 – Proposed Guidelines on Third-Party Risk Management | MAS | Consultation (open until Apr 2026) | CONSULTATION | 2 |
This assessment classifies every requirement into one of six regulatory source classes. The classification determines the compliance expectation: statutory requirements impose binding obligations; supervisory guidelines set expectations; consultation papers signal regulatory direction; and industry methodologies offer recommended practice. Each class carries a different weight in the assessment's gap analysis.
Read the full methodology →