This case study examines AI hallucination risk for Compliance teams at Corporate Banking firms operating in Singapore. Testing focused on MAS Notice 637, the principal risk-based capital adequacy framework applicable to banks, and surfaced four aggregated questions where AI tools produced materially incorrect or unverifiable answers. The errors span scope questions about which entities the Notice covers, technical drafting conventions within amendment documents, and the content of specific annexes and divisional provisions.
Across these four questions, at least one — and in one case two — AI tools gave responses that a Compliance team could not safely rely upon without independent verification against the primary source. Taken together, the findings indicate that AI-assisted regulatory research on MAS Notice 637 carries meaningful accuracy risk at precisely the points where Compliance teams most need precision: entity scope, operative dates, and rule-level detail.
Compliance teams at Corporate Banking firms in Singapore consult AI tools across a wide range of day-to-day workflows: drafting internal capital adequacy policies and procedures, preparing training materials for business lines, building regulatory mapping frameworks for new structured products, and answering technical questions from relationship managers or treasury desks operating under capital constraints. MAS Notice 637 sits at the centre of many of these workflows — it governs how banks calculate and report risk-based capital, and its scope, operative provisions, and annex-level detail have direct bearing on both internal compliance controls and the firm's regulatory reporting to MAS.
When a Compliance officer uses an AI tool to confirm which entities the Notice applies to, to understand how a recent amendment changes effective dates, or to locate the precise content of a capital-related annex, they are doing so in order to make or validate a consequential decision, not merely to satisfy curiosity.
The corporate use-cases built on top of these questions are significant. Scope questions about Financial Holding Companies affect how a banking group structures its compliance obligations across subsidiaries and which legal entities are captured by each notice. Amendment-drafting convention questions bear on whether Compliance correctly identifies which provisions are live and when they become operative — an error here can mean a firm applies outdated rules or fails to implement a new requirement on time.
Annex and divisional content questions feed directly into the credit risk, leverage, and capital reporting frameworks that the firm submits to MAS under its prudential obligations.
If the AI's answer is wrong, the firm — not the individual employee — absorbs the consequences. Acting on an incorrect scope determination could mean a regulated entity operates without the appropriate capital framework in place, exposing the group to supervisory action, undertakings, or financial penalties from MAS. Building internal capital policies or training materials on a misidentified provision compounds the error across multiple downstream work-products simultaneously. If incorrect AI output finds its way into regulatory submissions, board-level risk reports, or client-facing communications about the firm's capital adequacy, the reputational and regulatory costs escalate further.
MAS has broad supervisory powers to direct remediation and, where material breaches are established, to impose public censure or financial penalties on the institution.
All four findings in this case study relate to a single regulation — MAS Notice 637 on risk-based capital adequacy for banks — which means the errors are not distributed across a broad regulatory landscape but concentrated in one framework that Compliance teams at Corporate Banking firms engage with repeatedly and at depth.
The shape of the errors is consistent: AI tools either fabricated specific regulatory labels or notice designations that have no verified existence, offered generic or inferred explanations for precise drafting conventions that carry legal significance, or acknowledged uncertainty about the content of specific provisions while still presenting a characterisation as if it were retrieved fact. In each case, the AI's response had the surface appearance of an authoritative answer while resting on inference, analogy, or unverifiable construction.
The clustering on MAS Notice 637 is significant in itself. This is a technically dense, frequently amended notice with a layered structure of parts, divisions, and numbered annexes, and its amendment documents use formatting conventions — such as colour-coded highlighting to signal differential operative dates — that are not widely documented outside the MAS publication itself. These are precisely the conditions under which AI tools tend to fill gaps with plausible-sounding constructions rather than retrieved text.
Compliance teams that rely on AI assistance to navigate this Notice are therefore most likely to encounter errors at the structural and technical level: which entities are in scope, what specific amendments mean, and what individual annexes or divisions actually contain.
The systemic risk to a Corporate Banking firm compounds quickly. A single incorrect AI answer about entity scope could affect every group-level capital compliance procedure built on that assumption. An incorrect understanding of a drafting convention could cause a firm to misread the operative date of a new requirement, delaying implementation in a way that creates a live breach. An incorrect characterisation of an annex or division could feed into the firm's credit risk or leverage reporting framework and persist undetected across multiple reporting cycles.
Because Compliance teams typically produce work-products — policies, training decks, regulatory gap analyses — that are consumed by multiple business lines and reviewed by senior management and boards, a single upstream AI error can propagate across the organisation before it is caught. The cost of remediation at that point is orders of magnitude higher than the cost of verification at the point of initial research.
4 findings in this case study. Click any to see its full evidence card.
The default position for Compliance teams at Corporate Banking firms should be that AI tools are a starting point for regulatory research on MAS Notice 637 — not a primary source. The findings in this case study show that AI errors on this Notice cluster at exactly the points where precision matters most: entity scope, operative dates, annex content, and divisional structure.
These are not edge cases that a Compliance team is unlikely to encounter; they are the kinds of questions that arise routinely when the team is onboarding new business lines, mapping regulatory change, or responding to internal queries from capital-facing desks. Treating AI output as verified on these topics, without independent confirmation from the MAS text, introduces regulatory risk that the firm cannot easily contain after the fact.
Practical firm-level safeguards should include a regulatory verification policy that identifies AI as an unreliable primary source for rule-level detail in capital adequacy frameworks, and requires that any AI-generated answer on scope, operative provisions, or structural content be checked against the published MAS Notice before it is used in any work-product. Compliance teams should maintain an audit trail for any AI output that influences a firm document — internal policy, training material, regulatory gap analysis, or board report — with a record of who verified it and against what source.
Sign-off requirements before AI-drafted or AI-summarised regulatory content enters firm-wide use are a proportionate control given the downstream propagation risk described in this case study. Where AI output is used in regulatory-facing material, it should be clearly distinguished from independently verified text so that reviewers — including internal audit and external supervisors — can identify and challenge it.
There are areas of the Compliance workflow where AI tools carry lower risk and can be used more freely. Drafting non-regulatory copy such as internal communications, agenda documents, or project summaries does not require the same degree of rule-level accuracy. Summarising long MAS consultation papers or supervisory guidance documents — where the team retains the source document and can verify the summary against it — is a reasonable use of AI assistance.
Generating first-draft questions for a regulatory deep-dive, or producing a broad list of topic areas that the team then researches independently, can also save time without introducing material accuracy risk. The key distinction is whether the AI's output will be taken as authoritative on the text of a specific rule or provision: where it will, independent verification is not optional.
RegLeg's published hallucination research is available as a free resource that Compliance teams can use before relying on any AI-generated answer in the capital adequacy and prudential rule areas covered in this case study. The research maps, at a question-by-question level, where AI tools have produced fabricated designations, inferred characterisations, or self-contradicting responses on MAS Notice 637 and related instruments.
A Compliance team reviewing a piece of AI output on any of these topics can cross-reference against the published findings to understand whether the specific type of question they are asking falls within a known high-risk pattern — before that output is embedded in a firm work-product.
For firms that want a more structured view of their exposure, RegLeg offers bespoke regulator deep-dives that map which AI-assisted workflows at a Corporate Banking firm carry the highest hallucination risk across the full MAS prudential framework. This is not a generic review: it is scoped to the firm's specific use of AI tools within its Compliance function, taking account of the workflows where AI is already in use and the rule areas where the firm has the greatest supervisory exposure.
The output is a prioritised risk map that the Compliance team and its leadership can use to make informed decisions about where AI assistance is appropriate and where additional controls are needed.
RegLeg also offers confidential review of a firm's existing AI-use policy against its hallucination failure-mode catalogue, with prioritised remediation recommendations. Where a firm's policy does not yet address AI use in regulatory research — or addresses it at a level of generality that does not reflect the specific failure patterns documented in this case study — RegLeg can work with the Compliance team to close that gap. Alongside this, RegLeg produces training material and CPD-aligned content that Compliance teams can use internally to build AI literacy among staff who interact with these tools as part of their day-to-day regulatory work.
The goal is not to discourage AI use but to give teams the knowledge they need to use it safely and to recognise when an AI response requires independent verification before it can be trusted.