The Monetary Authority of Singapore has raised the bar on AI governance significantly. If your fintech uses AI for any material decision — credit scoring, fraud detection, insurance underwriting, customer segmentation — you are expected to document, explain, and audit it. Here is what that means in practice, and what most fintechs are getting wrong.
FEAT stands for Fairness, Ethics, Accountability, and Transparency. MAS published the FEAT Principles in 2019 as guidance for financial institutions using AI and data analytics in customer-facing or risk-management decisions. They have since evolved from aspirational guidelines into active examination criteria.
FEAT is not a checkbox compliance exercise. It is a framework for demonstrating that your institution can answer for every material AI decision — to customers, to regulators, and in the event of a dispute or complaint.
AI decisions must not produce discriminatory outcomes for protected groups, including by gender, race, age, or nationality.
AI must be used in accordance with human values and social norms. Human oversight must be maintained for consequential decisions.
A named individual or team must be responsible for each AI system. Ownership, version control, and decision audit trails must exist.
Customers must be able to receive an explanation of any AI decision that materially affects them. Models must be interpretable by operators.
FEAT applies to all MAS-licensed financial institutions operating in Singapore that use AI or machine learning in material decisions. This includes:
Critically, FEAT applies not just to models you build in-house but to any AI system you deploy, including third-party models accessed via API. If you use OpenAI's models for a credit decision, you are responsible for the FEAT compliance of that decision — not OpenAI.
MAS expects evidence that you have tested your AI systems for differential impact across protected characteristics. This does not mean your model cannot produce different outcomes for different demographic groups — it means you have measured, documented, and taken reasonable steps to ensure those differences are not driven by illegitimate proxies.
What MAS examiners look for:
For consequential decisions — loan approvals above a threshold, adverse actions (declines, credit limit reductions), fraud flags that trigger account restrictions — MAS expects human oversight to be demonstrably in place. Pure straight-through AI processing for high-stakes decisions, with no human review mechanism, is a FEAT risk.
This does not mean every decision needs human approval. It means your processes must show:
This is where most fintechs have their most significant gaps. Accountability requires:
| Requirement | What MAS Expects to See | Common Gap |
|---|---|---|
| Named model owner | Individual accountable for each AI system | "The data team owns it" — no named individual |
| Model versioning | Complete history of model versions, changes, performance | Model updated without version log; prior versions inaccessible |
| Decision audit trail | Retrievable record of each AI decision — inputs, outputs, model version | Only final output stored; inputs not captured; vendor logs relied upon |
| Incident response | Process for detecting and responding to model misbehaviour | No monitoring; issues discovered via customer complaints |
| Retention period | 5 years for material systems (aligned with TRM Guidelines) | Logs rotated after 90 days or deleted when model is retired |
Transparency has two audiences: the customer and the regulator.
For customers: Anyone materially affected by an AI decision — a loan decline, a credit limit reduction, a fraud flag — must be able to receive a meaningful explanation of why the decision was made. "Our model assessed your risk profile" is not an explanation. The explanation must reference the factors that drove the outcome.
For examiners: MAS expects that for any specific past decision, your team can produce — within a reasonable timeframe during an examination — the decision record with input features and the model's reasoning or scoring output. If you cannot reconstruct a decision from 18 months ago because the records do not exist, that is a material finding.
Based on the pattern of MAS examinations and FEAT assessment reports, these five gaps appear repeatedly across Singapore fintechs at the Series A–C stage.
If you use OpenAI, Google Gemini, Anthropic, or any LLM API, you are responsible for retaining the complete decision record — not the vendor. OpenAI retains API logs for 30 days. MAS expects 5 years. This is not a theoretical gap. It is a live compliance exposure for every fintech using LLM APIs in a credit or risk workflow today.
See our full analysis of the OpenAI log retention gap →
LLM providers update models frequently, often without explicit versioning at the alias level
(e.g., gpt-4o is not a pinned snapshot). If a customer disputes a credit decision
made six months ago, you need to know which exact model was in use — not just the alias you called.
Most fintechs do not capture model version metadata per decision.
Many fintechs build SHAP or LIME explainability into their model validation workbooks, but the explanation is generated at training time for sample predictions — not for each live production decision. When a customer requests an explanation of their specific loan decline, the team cannot produce the SHAP values for that exact prediction.
Running a fairness assessment before launch satisfies the minimum bar. It does not satisfy the ongoing monitoring expectation. Data distributions shift. Customer demographics change. A model that was fair at deployment may show differential outcomes six months later. MAS expects periodic reassessment — at minimum annually, and after any significant model change.
Your compliance documentation says human reviewers approve all adverse decisions above SGD 10,000. Your operational reality is that reviewers approve 99% of AI recommendations within 30 seconds, with no documented basis for disagreement. This is not human oversight — it is a rubber stamp. MAS examiners can distinguish between the two.
FEAT and the MAS Technology Risk Management (TRM) Guidelines operate in the same space but address different dimensions. The intersection is where most examination risk sits.
| Dimension | FEAT Principle | TRM Guideline | Practical Requirement |
|---|---|---|---|
| Audit trails | Accountability | §7.3 Activity Logs | 5-year retention of decision records, tamper-evident |
| Change management | Accountability | §9.1 Change Management | Formal approval and documentation for every model change |
| Third-party AI | All four | §6.1 Third-Party Risk | Vendor assessment, SLA for data and logs, own your audit record |
| Incident management | Ethics, Accountability | §11 Incident Management | Detect, log, escalate, and review AI model incidents |
| Customer explanations | Transparency | §7.3, Customer communications | On-demand decision explanation for any materially affected customer |
Use this checklist to identify your most critical gaps before a MAS thematic inspection or routine examination.
Veritrail captures every AI decision your fintech makes — complete inputs, outputs, model version, tamper-evident hash chain, 5-year retention. Compliant with MAS TRM Guidelines and FEAT Accountability + Transparency principles.
Book a 20-minute demo →We'll show you exactly how Veritrail closes the gaps in your current audit trail.