While the debate about what we can achieve with AI remains wide open, its use is now embedded, to varying degrees, across all aspects of society. To address emerging risks arising from the rapid deployment and use of AI in the financial sector, the Monetary Authority of Singapore (the “Authority”) is proactively issuing new and updated guidelines to meet the moment. These reinforce the expectations that firms maintain robust risk management and governance structures for AI –not by creating siloed frameworks, but by integrating AI risk into the institution’s broader enterprise-wide risk management.

The Authority’s consultations on proposed guidelines on (i) Third-Party Risk Management (“TPRM”), (ii) Guidelines on AI Risk Management for Financial Institutions (“AIRG”) and (iii) the updated Operational Risk Management Guidelines (“ORM”), establish a clear standard: each financial institution (“FI”) remains accountable for the risks arising from any AI tool it uses, regardless of the provider.¹ In practice, this means AI procurement and deployment must be treated as a core risk management exercise, not a technology procurement process.

For practitioners navigating these requirements, the critical question is no longer whether to conduct AI tool diligence, but how to do it in a way that satisfies regulatory expectations. The following represents pragmatic approaches in a rapidly evolving regulatory landscape:

Classify: Before the contract, start with materiality

The framework’s proportionality principle requires institutions to calibrate diligence based on materiality before procurement. Materiality should be assessed across three dimensions:

1. impact on customers and operations;
2. model complexity and explainability; and
3. reliance on outputs, particularly for automated or scaled decisions.²

High-materiality tools — those used in credit decisioning, anti-money laundering transaction monitoring, insurance underwriting, or customer-facing advice — will draw increased scrutiny and therefore require a more demanding suite of controls: independent validation, stress testing, contractual audit rights, and enhanced human oversight. While lower-risk assistive tools require lighter treatment, no AI deployment is exempt from baseline governance. The materiality tier must be formally assigned before diligence begins, not after the contract is signed.³  It is therefore important to establish a standard definition of materiality to ensure consistent application across the firm when it comes to evaluating prospective AI tools.

Identify: Integrate AI Inventory and Identification Into the Procurement Process

When an FI conducts its baseline classification for each AI tool, by extension it facilitates the build-out of an inventory for all such third-party arrangements, including the mapping of dependencies, the interconnected tools within the technology stack which gives insight to the firm’s concentration risks.⁴

The proposed TPRM Guidelines mandate that FIs submit a list of material third party arrangements to the Authority.  Accordingly, FIs should maintain a complete and current inventory of all AI systems including third-party tools. Best practice is to integrate this obligation into the earliest stage of procurement: any proposed AI tool is logged as part of the materiality classification before a business case is approved. This eliminates shadow AI and ensures that procurement teams cannot onboard tools that have not passed through the risk identification process.⁵

Assess & Validate: Apply Internal AI Risk Standards To Vendor-Provided Models— And Supplement Them

The same model risk management standards that apply to internally developed AI must extend to third-party tools. This approach aligns with risk-tiering expectations under model risk frameworks such as those from the Basel Committee on Banking Supervision, which emphasize proportional controls based on model criticality. Under the Authority’s new governance for third party risk management, FIs cannot rely solely on vendor certifications or documentation. Independent pre-deployment validation is required using datasets representative of the FI’s operating environment.⁶ This underscores the need for pilot testing, cross-functional evaluation, and hands-on validation of both risk and suitability.

Specifically for generative AI tools, this should include:

1. Hallucination (i.e., generation of inaccurate or non-verifiable outputs) testing: implementing cross-verification to test outputs against trusted internal databases, linking of output to specific verifiable sources to provide an audit trail, validation against domain-specific validation criteria, maintenance of hallucination logs to retrain models
2. output reliability assessment under stress conditions: testing model behaviour with edge cases to see if the logic holds, system accuracy for information retrieval against trusted internal knowledge databases, testing consistency of outputs to the same complex financial queries over multiple sessions.
3. adversarial prompt testing⁷: identifying malicious attacks in a sandbox environment including if the tool can be manipulated into ignoring safety instructions or prohibited actions, coaxed into revealing or offering unauthorized information or advice or if can be nudged to facilitate synthetic identify fraud or to bypass safety filters

Where vendor access restrictions prevent direct model inspection, compensatory testing protocols (including black-box evaluation of outputs across defined scenarios) must be designed, executed, and documented. This similarly includes output validation for accuracy, consistency, bias/unfairness involving human reviewers and benchmarking against trusted datasets, red teaming, regression testing and statistical evaluation (monitoring for accuracy rates, robustness, bias or reliability under variation, toxicity/safety as it relates to prohibited actions).⁸

Contract & Control: Negotiate AI-Specific Contractual Protections

Standard vendor agreements are generally not fit for purpose. It must be acknowledged, however, that large foundation model providers often present non-negotiable standard terms, limiting an FI’s ability to secure these protections. In such cases, the regulatory expectation shifts to implementing robust compensatory controls, including rigorous independent validation, enhanced pre-deployment “black box” testing, and fortified human oversight, to mitigate the risks that cannot be addressed contractually. FIs must negotiate provisions to comply with the Authority’s expectations regarding proper oversight: audit rights over the AI model and its outputs; notification obligations when the vendor modifies the underlying model or introduces new AI components; measurable performance guarantees; data handling, residency, and sub-processor disclosure; and termination, data deletion, and exit procedures. For high-materiality systems, contractual audit rights are a specific regulatory expectation. In short, FIs that accept standard terms without these provisions cannot demonstrate adequate third-party oversight under examination.⁹

Deploy with oversight: Embed Fairness as a First-Class Diligence Obligation

FIs are accountable for the fairness outcomes of third-party AI — the obligation does not transfer to the vendor. Consequently, due diligence must include a review of the vendor’s bias testing methodology and results, a definition of the fairness metrics relevant to the institution’s use case, and independent verification that the tool meets those metrics. These controls should be aligned with the Authority’s FEAT principles—Fairness, Ethics, Accountability, and Transparency—which remain the foundation for AI governance in financial services. ¹⁰   Additionally, proper documentation and a commitment to periodic re-evaluation for accuracy and relevance (since AI systems may drift, adapt, or interact with data environments that are not present during original training) is critical to demonstrate regulatory compliance.

Monitor & Reassess: Build Monitoring and Human Oversight Into the Deployment Architecture

Due diligence does not end at deployment. Continuous monitoring should cover model accuracy, drift, fairness indicators and error rates among others. FIs must also monitor for supply chain events, including vendor changes, sub-processor substitutions, or incidents affecting upstream model providers, and re-perform risk assessments upon material change. Leveraging AI productivity tools can support these requirements and facilitate automated alerting, defined intervention thresholds, and periodic revalidation schedules.¹¹ Increasing regulatory scrutiny makes early implementation of these actions are not just advisable, but necessary.

For high-risk use cases, human-in-the-loop controls should be embedded in decision-making processes, consistent with international guidance such as the OECD AI Principles and European Commission AI governance frameworks. This includes documenting what reviewers assess, how frequently, what constitutes an anomalous output, and what the escalation and override procedure is. Where a cross-functional AI oversight committee is warranted by the institution’s risk exposure, it must be established with a defined mandate and documented escalation authority before the tool is in the production environment.

Summary: Proper Diligence and a Consistent Standard for the Lifecycle of AI Tools

The Authority’s framework reflects a single, consistent principle across all three guidelines: regulatory accountability for AI does not transfer to the vendor at any point in the lifecycle. FIs that treat third-party AI due diligence as a procurement exercise — rather than an extension of their own risk management framework — will find themselves at increased regulatory risk. The required standard is a structured lifecycle discipline: identify and classify, test independently, assess the supply chain, contract robustly, deploy with genuine oversight, monitor continuously, and ensure documentation to demonstrate compliance.

Navigating this complex intersection of technology, risk, and regulation demands both strategic foresight and practical implementation. As institutions work to operationalize these principles, translating them from guidance into a defensible, board-approved framework is the critical next step. HM supports firms in this journey by providing independent, board-level advice on designing and implementing proportionate governance frameworks for third-party and operational AI risk, ensuring readiness for the final standards promulgated by the Authority.

For further information, please contact:

Angel Bos
Partner
[email protected] 

Disclaimer: The material in this post represents general information only and should not be relied upon as legal advice. Holland & Marie Pte. Ltd. is not a law firm and may not act as an advocate or solicitor for purposes of the Singapore Legal Profession Act.

¹ Consultation Paper on Proposed Guidelines on Third-Party Risk Management Guidelines (CP TPRM/ P004-2026), March 2026, para. 3.10 (pdf pg. 7).

² Consultation Paper on Artificial Intelligence Risk Management Guidelines (CP AIRG / P017-2025), Nov 2025, Sec. 6, para 3.10 (a) – (c) (pdf pg. 18).

³ CP TPRM/ P004-2026, para 3.16 (pdf pg. 8)

4 CP TPRM/ P004-2026, para 3.6 (pdf pg. 6)

⁵ CP AIRG/P017-2025, Sec. 4 para 4.2–4.3 (pdf pgs. 7-8)

⁶ CP AIRG/P017-2025, Sec. para 4.18 (pdf pg. 27)

⁷ OWASP, GenAI Security Project: LLM01:2025 Prompt Injection

⁸ NIST AI 100-1: Artificial Intelligence Risk Management Framework (AI RMF 1.0)

⁹ CP AIRG/P017-2025, para 4.11(f) (pdf pg. 22)

¹⁰ MAS FEAT Principles, Sec. 5 para. 5.1-5.7 (pdf pgs. 7-8)

¹¹ CP AIRG/P017-2025, para 4.23-4.25 (pdf pg. 25-26)