In Singapore, the person who signs off on your AI credit system is not your company. It is a person — a named individual with a professional registration, a license, and a career. Under MAS's Individual Accountability and Conduct regime, that person is personally at risk if their AI governance framework cannot be substantiated.
When MAS arrives for an inspection, the examination is not directed at your corporate entity in the abstract. It is directed at the senior manager who attested that your firm's AI governance framework meets MAS requirements. Under the Individual Accountability and Conduct (IAC) regime, that person is personally accountable for what the framework produces, and personally at risk if it cannot be substantiated.
This is not a legal technicality. It is the explicit design of the regime. MAS published the IAC Guidelines in 2021, with full implementation expected across all financial institutions licensed under the Banking Act, Insurance Act, and Securities and Futures Act. The core principle is direct: designated senior managers who are responsible for the conduct of business must ensure their areas of oversight comply with regulatory requirements, and they are accountable if those areas fall short.
For AI-driven credit decisions, this means the individual who holds the Senior Manager accountability for credit risk or model risk has their professional standing tied to a question that most firms cannot answer: can you prove what your model did, when it did it, and that no one has altered the record since?
Before IAC, regulatory accountability for AI failures was diffuse. A firm received a finding. The firm responded. Individuals were rarely named unless there was evidence of deliberate misconduct.
IAC changes that structure fundamentally.
MAS requires that each Material Risk Function, which includes credit decisioning for licensed lenders, has a designated Senior Manager who accepts direct accountability for that function. The accountability cannot be delegated away. If the function fails a regulatory examination, the designated individual has a documented responsibility for the failure.
The November 2025 AI Risk Management Guidelines sharpened this further. They explicitly address AI governance frameworks, model risk management, and the requirement to maintain auditable records of AI-driven decisions. These are not aspirational standards. They are examination criteria. When an MAS examiner reviews your AI credit system, they are evaluating whether your governance framework meets those criteria. The person named as accountable for that framework is the person who has to explain the gaps.
In practice, this is the Chief Risk Officer or the Chief Compliance Officer at most Singapore-licensed lenders. In some structures, it is the Head of Credit. The specific title matters less than the accountability mapping. Someone signed the attestation. That person's professional future is tied to whether the records exist.
Most Singapore fintechs running AI credit models understand the conceptual requirement. They have governance documentation. They have model risk frameworks. They have policies describing how their AI systems operate.
What they do not have, in most cases, is decision-level proof.
There is a critical difference between a policy that says "we retain credit decision records for five years" and a record system that can actually produce a specific decision from 14 months ago, with the exact model version that was running on that date, the complete input features as they existed at inference time, the reasoning output the model generated, and a cryptographic proof that none of this has been modified since the moment of decision.
The policy satisfies a document review. The record satisfies an MAS examiner.
MAS examination of AI systems is not primarily a document review. Examiners request specific decision records. They ask for replay of particular credit outcomes. They want to verify that the record matches what the system claims it did. They are increasingly asking for cryptographic evidence, not just server logs.
A lender whose records consist of application database entries, LLM provider logs that expire after 30 days, and model version history that was not systematically tracked cannot satisfy an examiner's specific record request. The gap between "we have a governance framework" and "we can prove this specific decision" is the IAC liability gap.
Consider what a realistic IAC liability event looks like for a Singapore fintech lender.
A licensed personal loan lender processes 2,000 credit applications per month using an LLM-based scoring model. The model runs on OpenAI's API. Decisions are logged to a database. The compliance framework was documented and approved by the CRO in 2024.
In late 2026, MAS initiates a thematic review of AI governance across consumer lenders. The lender receives a request for documentation of AI decision-making processes for a sample of 50 credit decisions from the prior 18 months.
The compliance team begins gathering records. They find:
The lender's DevOps team begins reconstructing from deployment logs. They can establish approximate version timelines but cannot produce the exact model checkpoint for each requested decision date with certainty.
After three weeks of engineering effort, the compliance team submits a response that is partially reconstructed and explicitly notes gaps in the historical record.
MAS issues a supervisory finding. The finding notes inadequate record-keeping for AI-driven credit decisions, inconsistent with the firm's stated governance framework, and not meeting the requirements of the November 2025 AI Risk Management Guidelines.
The CRO, as the designated Senior Manager for credit risk, is named in the finding. The accountability mapping that the firm submitted to MAS under the IAC implementation shows this individual as accountable for AI credit governance. The finding becomes part of their MAS supervisory record.
This is not a hypothetical. This is the structure of accountability that IAC creates, applied to the record-keeping reality that most Singapore fintechs currently have.
When a Senior Manager can demonstrate that their AI governance framework actually works, an MAS examination looks completely different.
The examiner requests 50 specific credit decisions from the past 18 months. The compliance team runs a single API call to the audit infrastructure. Within minutes, they have a package for each decision that includes:
The examiner can verify the hash chain independently. They can verify the Bitcoin timestamp independently. They do not need to trust the lender's internal claims about what the records contain. The cryptographic proof eliminates the trust requirement.
For the Senior Manager named as accountable, this package is the substantiation of their attestation. The governance framework they signed off on is not a policy document. It is a verifiable system that produces proof on demand.
Most AI compliance tooling is built around model performance monitoring, bias detection, and explainability at the aggregate level. These are valuable capabilities. They do not address the IAC liability problem.
The IAC liability problem is specifically about individual-decision accountability. Not "our model is fair on average." Not "our SHAP values show the model considers income." The question is: for this specific application, on this specific date, can you prove exactly what the model saw, what it decided, and that the record has not been touched since?
The answer has to be yes. For every decision. For five years. Accessible on demand.
Veritrail is built specifically around this requirement. It is not a model monitoring tool. It is not a bias detection platform. It is a tamper-evident, replayable audit trail that captures every AI credit decision at the moment it is made, generates a cryptographic proof chain that makes modification detectable, and produces a one-click Inspection Package that answers the IAC accountability question directly.
For a Senior Manager at a Singapore-licensed lender who has accepted accountability for AI credit governance under the IAC regime, the question is not whether you need this capability. The question is whether you have it now, before MAS asks.
There is a timing reality that makes this more urgent than it might appear.
The IAC regime has been in progressive implementation since 2021. MAS's enforcement posture on AI governance specifically has sharpened significantly with the November 2025 AI Risk Management Guidelines. Thematic reviews of AI-related governance are an established part of MAS's examination program.
Lenders who are building their audit infrastructure today are building it before examination, not in response to a finding. That position is fundamentally different from building it after a supervisory note has attached to a named individual's record.
The decisions your AI model is making today are in the accountability window. They will be within the five-year examination scope for the entirety of the period your Senior Manager remains in that role. The gap in your records is not a future problem. It exists in the records that are accumulating right now.
If you are a CRO, CCO, or Head of Credit at a Singapore-licensed lender running AI for credit decisions, the IAC accountability mapping that your firm submitted to MAS includes your name against functions that include AI model governance.
The question worth asking is not whether your firm has an AI governance policy. Most firms do. The question is whether you could demonstrate, for any specific credit decision made in the past 14 months, the exact model version, the exact inputs, the exact output, and a cryptographic proof that the record was not modified after the fact.
If the answer is uncertain, the risk is not hypothetical. It is personal.
Book a demo and we'll show you a live AI decision being logged, hash-chained, and packaged into an Inspection Package — against your actual use case.
Book a demo →Three lines of code in your existing LLM credit pipeline. Every decision captured, hash-chained, and Bitcoin-anchored from day one.