Singapore’s AI Model Risk Management Paper: Key Insights for Financial Institutions

Governance remains the cornerstone of effective AI risk management. Key recommendations include: 

• Updating existing policies to ensure that AI usage is fair, ethical, accountable and transparent (“FEAT”) (aligning with MAS’ FEAT Principles set out in 2018). 
• Establishing cross-functional oversight forums to coordinate AI governance and oversee AI use across institutions.
• Building internal expertise through training programs and establishment of AI Centres of Excellence to drive innovation, promote best practices and build AI capabilities. 

Robust systems can identify, inventory and assess AI risks. 
The paper emphasises: 

• Maintaining comprehensive AI inventories to provide a clear view of usage across the organisation.
• Conducting risk materiality assessments to evaluate AI models based on their impact, complexity and reliance on automation.

Effective AI lifecycle management includes: 

• Development by focusing on data quality, explainability, fairness and bias mitigation during AI model creation. 
• Validation through conducting independent or peer validation for AI systems, particularly high-risk applications. 
• Monitoring by establishing continuous monitoring mechanisms to detect data drifts, biases or performance issues. 

Gen AI presents unique risks including unpredictability and data security concerns. To mitigate these risks, FIs should: 

• Secure sensitive information through private cloud or on-premise deployments. 
• Implement technical safeguards, such as input/output filters and secure data environments. 

Additional risks may arise from the usage of third-party AI. To mitigate these risks, FIs should carry out: 

• Updating of legal agreements and updating of clauses in contracts with third-party AI providers (e.g. clauses pertaining to performance guarantees, data protection, the right to audit and notification when AI is introduced in existing third-party providers’ solutions). 
• Compensatory testing, where the conducting of rigorous testing of third-party AI models can detect potential biases.
• Contingency planning, where robust contingency plans can help to address potential failures and unexpected behaviour of third-party AI (e.g. like backup systems or manual processes in place). 
• Awareness efforts, where training of staff on AI literacy and risk awareness can help to mitigate risks.