This case study examines how AI tools perform when consulted on capital adequacy rules applicable to banks in Singapore, drawing on findings from testing against MAS Notice 637 (Notices to Banks — Capital Adequacy). The review covers 2 questions where AI assistants produced incorrect, incomplete, or misleading responses, each representing a distinct area where the regulatory text and the AI's output diverged. The analysis is focused on the Risk function at Corporate Banking firms operating under the Monetary Authority of Singapore's prudential framework.
Across both findings, AI tools mischaracterised the scope and content of specific annexes within the consolidated Notice 637, with at least one AI tool acknowledging its own uncertainty mid-response — a pattern that should concern any team treating AI output as a research shortcut rather than a starting point requiring verification.
Risk teams at Corporate Banking firms in Singapore routinely engage with MAS Notice 637 when scoping capital treatment for new product structures, mapping credit risk weights for corporate lending portfolios, preparing for regulatory capital reporting, and advising business lines on the prudential implications of off-balance sheet exposures or fair-valued instruments. In each of these workflows, the specific content of a Notice 637 annex can determine how a transaction is classified, how much capital must be held against it, and what disclosures are required.
When a Risk analyst asks an AI tool to summarise what a particular annex covers — as a shortcut to navigating a long and technically dense Notice — the answer shapes the entire downstream work-product.
The corporate use-cases that sit on top of these topics are high-stakes. Capital adequacy calculations feed directly into regulatory returns, ICAAP submissions, and credit approval frameworks. If an AI tool misidentifies the scope of an annex dealing with credit risk weights or prudent valuation requirements, a Risk team building an internal policy or training module on that basis will propagate the error across every process that references it. The same incorrect framing can appear in briefings to the CFO or CRO, in responses to MAS queries, and in documentation submitted as part of a supervisory review.
The firm bears the cost of these errors, not the individual using the AI tool. MAS has broad supervisory and enforcement powers under the Banking Act and associated Notices, including the ability to impose capital add-ons, require remediation programmes, or take public enforcement action where regulatory requirements have not been properly observed. A Risk function that cannot demonstrate it has applied the correct framework — because its internal policies were built on an AI summary that misread the Notice — faces significant exposure, regardless of the intent behind the original error.
Both findings in this review share the same structural failure: AI tools offered confident-sounding characterisations of specific Notice 637 annexes without access to the underlying document, reasoning instead from general Basel III framework logic and structural inference about how annexes are typically numbered and organised. In one case the AI contradicted itself mid-response, flagging uncertainty about its own framing while still leading with an incorrect primary answer. In the other, the AI constructed a plausible-sounding description of a prudent valuation framework from Basel conventions rather than from the actual MAS Notice text.
Both errors fall into the same category — the AI fills in gaps in its knowledge with structurally coherent but unverified regulatory content.
The errors cluster entirely within MAS Notice 637 and, more specifically, within its annex structure. This matters because annexes in a capital adequacy Notice are not peripheral detail — they carry the operative rules for specific calculations, eligibility criteria, and methodology requirements. A Risk team that uses AI to navigate the annex structure of Notice 637 without independent verification is, in effect, building its regulatory analysis on inference rather than the text that MAS will hold the firm to.
The systemic risk compounds quickly. If the same AI-sourced description of an annex enters a firm's internal policy, capital model documentation, and training materials, three separate work-products now carry the same error. When MAS examines these materials in a thematic review or a supervisory visit, the firm faces the prospect of explaining not just one mistake but a consistent pattern of relying on an unverified source — with all the reputational and supervisory consequences that entails.
The cost of remediation across multiple documents and approval chains will substantially exceed the cost of a simple source-verification step at the point the AI was first consulted.
2 findings in this case study. Click any to see its full evidence card.
The default position for any Risk team at a Corporate Banking firm in Singapore should be that AI tools are a starting point, not a primary source, for questions about MAS Notice 637 and its annexes. This is especially true for detailed structural questions — the content and scope of a specific annex, the precise list of items excluded from a calculation, or the conditions attached to a methodology requirement.
These are questions where the regulatory text is the only authoritative answer, and where AI tools have demonstrated a consistent tendency to fill gaps with plausible-sounding Basel III framework logic that may not match what MAS has actually published.
At the firm level, practical safeguards should include a documented AI verification policy that names capital adequacy rules as a category requiring mandatory primary-source checks before AI output enters any work-product. Where AI has contributed to an internal policy, model documentation, training module, or regulatory response, the audit trail should record what source was used to verify the AI's output. Sign-off requirements before AI-drafted regulatory content is circulated firm-wide should sit with a senior member of the Risk function who has direct familiarity with the Notice in question — not with the analyst who ran the original query.
Materials submitted to MAS or used in regulatory capital reporting should never carry AI-sourced characterisations of annex content without independent verification against the published text.
AI tools remain useful in the Risk workflow for tasks that do not require the AI to be the source of regulatory truth. Drafting narrative sections of internal policy documents, generating a list of questions for a team to research further, summarising a long document that the team can then verify paragraph by paragraph, and producing first-draft training materials that a subject-matter expert will review are all areas where AI assistance adds genuine value without introducing the verification risk demonstrated in these findings.
RegLeg's published hallucination research gives Risk teams at Corporate Banking firms a free, on-demand reference for the regulatory topics where AI tools have already been found to produce incorrect or unreliable responses. Before relying on an AI answer in a capital adequacy workflow, the team can check whether the specific question area has been flagged in our research — and if it has, they have documented evidence of the failure mode to bring to their own AI governance discussions or to share with colleagues who may be less familiar with the risk.
For firms that want to understand their specific exposure in more depth, RegLeg offers bespoke regulator deep-dives that map the AI-supported workflows inside a Corporate Banking Risk function against the hallucination patterns we have identified. This kind of mapping allows the head of Risk, or the firm's AI governance function, to prioritise verification requirements — focusing additional controls on the workflows where AI errors have the highest potential to affect regulatory capital calculations, MAS submissions, or credit approval processes — rather than applying a blanket prohibition that limits the operational benefits of AI assistance.
RegLeg also provides a confidential review of a firm's existing AI-use policy against our failure-mode catalogue, with a prioritised remediation plan. For Risk teams that are building or refreshing internal AI guidelines, this offers a practical starting point grounded in observed AI behaviour on the specific regulations they work with every day. We can also support the team with CPD-aligned training content that gives analysts and senior Risk staff a working framework for identifying and escalating AI responses that show the patterns documented in this research.