This case study examines how AI tools respond to questions about capital adequacy regulation facing Compliance teams at Retail Banking firms in Singapore. Testing covered MAS Notice 637 (Risk Based Capital Adequacy Requirements for Banks), a central pillar of the Monetary Authority of Singapore's prudential framework for locally incorporated and foreign bank branches. Across five aggregated questions drawn from that regulation, AI assistants produced incorrect or unverifiable answers in every instance. The errors ranged from fabricated notice designations to confident but unsupported characterisations of specific annexes and divisional structures within the Notice.
Compliance teams relying on these AI responses without independent verification would carry materially incorrect regulatory understanding into internal policies, training materials, and business-line guidance.
Compliance teams at Retail Banking firms in Singapore routinely engage with MAS Notice 637 across a range of internal workflows. When drafting or updating the firm's Internal Capital Adequacy Assessment Process (ICAAP) documentation, when mapping capital treatment for new product lines, or when preparing regulatory responses and board-level capital reports, staff frequently turn to AI tools to accelerate initial research, check scope, or clarify structural questions about the Notice.
The same need arises when onboarding new Compliance officers — AI assistants are increasingly used to produce training summaries or answer orientation questions about which parts of a notice govern which activities. Questions about scope of application (which entities the notice covers), amendment mechanics (what highlighted passages mean in a consultation or amendment PDF), and annex content (what specific annexes govern) sit squarely in this everyday workflow.
The corporate use-cases that rest on accurate answers to these questions are significant. Capital adequacy compliance is not a background administrative function — it directly governs the firm's regulatory capital ratios, its ability to distribute dividends, and its standing with MAS. Internal capital planning teams, treasury, risk, and finance functions all depend on Compliance to translate the Notice's requirements accurately. When Compliance drafts a capital instrument policy, maps a new structured product to a risk-weight framework, or advises treasury on eligible capital instruments, it is translating regulatory text into firm-level process.
AI tools that mischaracterise annexes, fabricate notice designations, or misread amendment conventions introduce errors at the translation stage — errors that then propagate into downstream policies and decisions.
The firm, not the individual analyst, absorbs the consequences when these errors surface. MAS has broad supervisory powers under the Banking Act and the Financial Holding Companies Act, including the ability to require remediation, impose conditions on approvals, and issue public reprimands. A Retail Banking firm that has built internal capital policies on an incorrect reading of MAS Notice 637 — including one introduced by an AI tool — faces the same regulatory exposure as a firm that misread the Notice directly. Reputational damage, audit findings, and the operational cost of unwinding and correcting downstream processes compound the initial error.
The individual employee who used the AI tool is unlikely to bear personal liability, but their department head, the Chief Compliance Officer, and ultimately the Board bear the supervisory consequences.
All five findings in this case study originate from a single regulation: MAS Notice 637 on risk-based capital adequacy for banks. That concentration is itself significant. It means the hallucination risk for Compliance teams at Singapore Retail Banking firms is not spread thinly across a broad regulatory landscape — it is dense and specific to one of the most consequential prudential instruments they work with. The pattern of errors across the five findings shares a common characteristic: AI tools produce answers that are structurally plausible but factually unanchored.
They construct notice designations by analogy (inferring a label from a numbering pattern rather than retrieving it), assign meanings to document conventions that do not match the actual drafting practice, and characterise the content of specific annexes and divisions from general Basel III knowledge rather than from the Notice text itself. In several instances, the AI tool's own hedging language acknowledged uncertainty — yet still delivered a confident-sounding primary answer that a reader without independent access to the Notice would likely accept.
The systemic risk for a Compliance function is that these errors are hard to detect without source verification. A fabricated notice designation ("Notice FHC-N637") sounds like a real regulatory instrument. A wrong explanation of yellow highlighting in an amendment PDF sounds like a reasonable interpretation of a drafting convention. An incorrect characterisation of an annex's scope sounds like a knowledgeable reading of a complex document. None of these errors would trigger an obvious alarm in a Compliance officer's reading of the AI's output — and that is precisely what makes them dangerous.
They are the class of error that passes through internal review, enters a policy document, and is only discovered when an external auditor or MAS supervisor tests the firm's regulatory understanding directly.
When several of these errors occur in the same workflow — for example, when a Compliance team uses AI tools to map the entity scope of MAS Notice 637, understand the amendment structure, and interpret the content of specific annexes, all in the course of a single policy drafting exercise — the costs compound. Each incorrect AI answer is a load-bearing assumption for the next step. A firm that has incorrectly understood which entities are covered, misread what an amendment means, and mischaracterised an annex's scope may build a capital policy that is wrong in multiple dimensions simultaneously.
Remediation in that scenario is not a targeted correction — it requires a wholesale review of the affected policy and all downstream processes that relied on it.
5 findings in this case study. Click any to see its full evidence card.
The default position for Compliance teams at Retail Banking firms in Singapore should be that AI tools are a starting point for orientation, not a reliable source for regulatory specifics under MAS Notice 637 or related prudential instruments. This is particularly true for questions about entity scope, amendment mechanics, annex content, and divisional structure — the exact categories where these findings show AI tools consistently producing plausible but unverifiable or incorrect answers. Any AI output touching these topics should be treated as a hypothesis requiring source verification against the current MAS-published text before it influences any firm work-product.
At the firm level, practical safeguards should be embedded in the Compliance function's AI-use policy. This means establishing a regulatory-verification requirement for any AI output that is used in capital adequacy-related work, with a clear rule that MAS Notice 637 references must be traced to the MAS portal before entering a policy document, board paper, or regulatory submission. Audit trails for AI-assisted research should be maintained so that, if an error is later identified, the firm can demonstrate that it applied verification controls.
Any content generated by AI tools that is intended for use in regulatory-facing material — responses to MAS, ICAAP documentation, capital instrument assessments — should require sign-off from a Compliance officer who has independently verified the regulatory basis. Internally, it is worth distinguishing between documents where the AI drafted text that the team then verified, and documents where the AI's answer was accepted at face value: the latter category carries the firm's regulatory exposure.
There are areas where AI tools remain genuinely useful in the Compliance workflow without carrying significant hallucination risk. Drafting non-regulatory narrative copy — internal communications, training module introductions, process guides that do not depend on precise regulatory characterisation — is lower risk. Summarising long documents as a reading aid, where the team can check the summary against the source, is also appropriate. Generating first-draft questions for a regulatory research exercise — a checklist of things to verify, not a checklist of verified answers — is another safe use.
The discipline is in separating these lower-risk uses from the higher-risk ones, and building that distinction into the team's documented AI-use practice.
RegLeg's published hallucination research gives Compliance teams at Retail Banking firms in Singapore a practical reference they can use before relying on any AI answer in MAS capital adequacy work. The research catalogues, by regulation and question type, the specific areas where AI tools have been observed producing incorrect or unverifiable responses — so teams do not have to discover these failure points through their own experience.
For MAS Notice 637 specifically, the findings documented here can be used as a standing pre-check: if a team member's AI-assisted research touches entity scope, amendment conventions, annex content, or divisional structure, the published findings flag immediately that this is a verified hallucination-risk area requiring independent verification. This resource is available at no cost and is updated as new findings are aggregated.
For firms that want to go further, RegLeg offers bespoke regulatory deep-dives mapping which AI-supported workflows in a Singapore Retail Banking compliance function carry the highest hallucination exposure. These engagements look at the firm's actual AI-use patterns — the tools in use, the questions typically asked, the work-products that AI output feeds into — and produce a prioritised risk map showing where incorrect AI responses are most likely to cause material regulatory harm.
This gives the Compliance leadership team a structured basis for updating their AI-use policy and allocating verification effort where it matters most, rather than applying blanket scepticism across all AI use.
RegLeg also offers a confidential review of a firm's existing AI-use policy against our failure-mode catalogue, with prioritised recommendations for remediation. Where a firm's policy does not yet address the specific failure modes documented in our research — fabricated regulatory references, unanchored annex characterisations, misread amendment conventions — we can identify the gaps and suggest targeted controls.
For teams building or refreshing internal training on AI use in regulatory work, we can supply CPD-aligned content grounded in documented research findings, giving Compliance officers a defensible, evidence-based foundation for their understanding of where AI tools can and cannot be trusted in this regulatory environment.