Singapore pushes banks on AI risks

Singapore’s regulators are pressing banks to close cyber gaps as concern spreads that new artificial intelligence systems could make attacks faster and harder to stop. (bloomberg.com) The Monetary Authority of Singapore published an information paper on Dec. 5, 2024 after a mid-2024 review of banks’ artificial intelligence and generative artificial intelligence controls. It told financial institutions to use the paper’s practices on governance, risk systems, and model development when deploying AI. (mas.gov.sg) Those practices include cross-functional oversight, clearer roles for AI risk, fuller inventories of where models are used, and controls over third-party tools and deployment. Bloomberg’s January 2025 regulatory brief said Singapore’s guidance was aimed at banks first but encouraged all financial institutions in the city-state to follow it. (bloomberg.com) Singapore has been building that framework while also pushing adoption. The central bank-backed Project MindForge released an AI Risk Management Toolkit on March 20, 2026, built with 24 banks, insurers, capital-markets firms and other industry partners including DBS, OCBC, UOB, Standard Chartered and BlackRock. (businesstimes.com.sg) The toolkit expanded beyond generative AI to cover agentic AI, software that can take multi-step actions with less human prompting. It includes a 26-page executive handbook, a 173-page operational handbook and a 23-page case-study volume. (businesstimes.com.sg) The urgency rose this month after Anthropic restricted release of Claude Mythos Preview, saying the model might help users identify and exploit software vulnerabilities before defenses are ready. Bloomberg reported on April 7 that Anthropic limited access to a small group of major technology firms so they could test defenses first. (bloomberg.com) Anthropic’s own safety write-up, published April 7, said Claude Mythos Preview showed materially stronger cybersecurity capability than earlier models. The company framed the release as a restricted preview rather than a broad launch. (anthropic.com) Other regulators are reacting in similar terms. Bank of England Governor Andrew Bailey said on April 14 that global regulators need to evaluate the threat from Mythos quickly, and Bloomberg reported U.S. officials had already encouraged major banks to test the model against their systems. (bloomberg.com 1) (bloomberg.com 2) Singapore has also been widening its cyber lens beyond AI models alone. A Monetary Authority of Singapore expert panel said in April 2025 that financial firms should map third-party dependencies, inventory internal technology components and prepare for supply-chain and post-quantum risks. (businesstimes.com.sg) Taken together, the message from Singapore is less about banning new models than forcing banks to know where they are used, who supplied them and what could fail if they go wrong. That is the same logic regulators use for capital, liquidity and outsourcing risk, now applied to AI. (mas.gov.sg)