AI Risk Management Handbook Empowers Financial Institutions

Singapore: MAS Consortium Releases Comprehensive AI Risk Management Handbook for Financial Institutions

The MindForge consortium has published the AI Risk Management: Executive Handbook, which provides guidance on AI governance and risk management for financial institutions (FIs). This Executive Handbook supports FIs at different levels of AI maturity in scaling AI with trust by adopting and operationalizing AI governance and risk management across the enterprise, enabling industry AI use that is rapid but responsible.

The Executive Handbook is intended to accompany and support the implementation of the proposed MAS Guidelines on Artificial Intelligence Risk Management.

Background

In 2018, MAS issued the 14 FEAT (Fairness, Ethics, Accountability, Transparency) Principles for responsible AI use in the financial services industry. Following the introduction of the FEAT principles, the Veritas Initiative was established by MAS and a consortium of financial institutions, consultancies, and technology companies to operationalize those principles, producing a Methodology and Toolkit between 2020 and 2023.

Phase 1 of Project MindForge concluded with the publication of a whitepaper on the emerging risks and opportunities of Generative AI for banks in May 2024. Phase 2 brings together banks, insurers, capital markets firms, industry associations, technology, and consulting partners to address the governance challenges of modern AI systems—including traditional AI, Generative AI, and Agentic AI.

The Executive Handbook translates years of industry collaboration into actionable guidance that FIs can implement regardless of their current AI maturity level.

Key Components

The Executive Handbook is part of a set of three handbooks designed to be used in conjunction:

• AI Risk Management Executive Handbook: Provides considerations and implementation practices for governing AI across each section in the Handbook’s scope and is intended as a resource for executives in the financial services industry.
• AI Risk Management Operationalisation Handbook (to be released): Offers detailed guidance on the operationalization of each implementation practice, including illustrations of good practices from primary members, appendices, and supporting materials.
• AI Risk Management Handbook Implementation Examples (to be released): Provides detailed case studies on individual financial institutions’ experiences implementing AI governance and risk management.

Critical Areas Across 17 Considerations

The Executive Handbook addresses critical areas across 17 Considerations:

1. Define responsibilities for AI oversight by establishing a clearly defined AI governance operating model with Board and senior management accountability.
2. Ensure effective AI-related policies, procedures, and standards that define key AI concepts, processes, and responsibilities.
3. Enhance organization-level risk management by integrating AI-specific risks into the enterprise risk framework and risk appetite.
4. Uplift practices for managing third-party AI risks through enhanced procurement, vendor assessment, and contracting practices.
5. Enhance use case-level AI risk management through risk materiality assessments, proportionate controls, and pre- and post-deployment reviews.
6. Ensure AI inventory capabilities to record and maintain core information on AI use cases.
7. Assess use case context and design to ensure compatibility with ethical, regulatory, and organizational standards.
8. Evaluate whether the intended use of data in the AI use case is compatible with ethical, regulatory, and organizational standards.
9. Adopt appropriate data management practices that address risks and limitations when processing data for AI use cases.
10. Evaluate incremental AI-specific risks as part of the onboarding of third-party AI products and services within an AI use case.
11. Ensure that the AI use case is built with appropriate guardrails and relevant metrics for effective performance and risk management.
12. Conduct thorough testing and review prior to deployment to assess AI-specific risks and ensure that appropriate guardrails, controls, and governance have been observed.
13. Develop monitoring and contingency plans for the use case prior to its deployment, and consider risk-informed deployment options.
14. Conduct ongoing monitoring of AI use cases to ensure they remain fit for purpose over time.
15. Capture changes to AI use cases through effective change management to maintain traceability and ensure appropriate review.
16. Support AI deployment to ensure it is fit for purpose.

The Executive Handbook emphasizes proportionality—governance measures should scale with AI risk based on the nature of the FI’s business, the scale of AI use, and risk appetite.

Next Steps

Financial institutions should assess their current AI governance maturity against the 17 Considerations and implement the recommended practices proportionately to their risk profile and business context.