MAS FEAT Compliance
NRIC, FIN, UEN, Phone, and Postal Code detection is now available in AxonFlow Community Edition. No license required for core Singapore PII protection.
The MAS FEAT Principles (Fairness, Ethics, Accountability, Transparency) and AI Risk Management Guidelines establish requirements for AI systems in Singapore financial services. AxonFlow provides compliance infrastructure for organizations subject to MAS regulations.
What is MAS FEAT?
MAS FEAT is a governance framework for responsible AI use in financial services, covering:
| Pillar | Requirements |
|---|---|
| Fairness | Avoid unfair discrimination, test for bias, monitor demographic parity |
| Ethics | Human oversight, appeal processes, responsible data use |
| Accountability | Clear ownership, documented decisions, audit trails |
| Transparency | Explainable decisions, AI disclosure, customer communication |
MAS AI Risk Management Guidelines (2025)
The guidelines mandate:
- AI System Registry - Inventory of all AI systems with risk classification
- 3-Dimensional Risk Rating - Customer Impact × Model Complexity × Human Reliance
- Materiality Classification - High/Medium/Low based on combined risk score
- FEAT Assessments - Periodic evaluation against all four pillars
- Kill Switch - Emergency disable capability for AI systems
- 7-Year Audit Retention - Complete decision logs and assessment history
Industry Applicability
MAS FEAT applies to AI systems in Singapore financial services:
| Industry | Risk Level | Common Use Cases |
|---|---|---|
| Banking | High | Credit scoring, fraud detection, AML |
| Insurance | High | Underwriting, claims processing |
| Capital Markets | High | Trading algorithms, robo-advisory |
| Payments | Medium-High | Fraud detection, transaction monitoring |
Community vs Enterprise Features
| Feature | Community | Enterprise |
|---|---|---|
| Audit logging | ✅ | ✅ |
| Policy enforcement | ✅ | ✅ |
| Standard PII detection (SSN, credit cards) | ✅ | ✅ |
| Singapore NRIC detection | ✅ | ✅ |
| Singapore FIN detection | ✅ | ✅ |
| Singapore UEN detection | ✅ | ✅ |
| Singapore phone detection | ✅ | ✅ |
| Singapore postal code detection | ✅ | ✅ |
| NRIC/FIN checksum validation | ✅ | |
| AI System Registry | ✅ | |
| FEAT Assessments | ✅ | |
| Kill Switch | ✅ | |
| 7-Year Retention | ✅ | |
| MAS Export | ✅ | |
| Compliance Dashboard | ✅ |
Singapore PII Detection (Community)
Community edition includes detection for all Singapore PII types:
NRIC Detection
National Registration Identity Card - 9-character alphanumeric identifier:
Format: S1234567D
^ ^
| +-- Check letter (A-Z)
+---------- Prefix letter
S = Citizen born before 2000
T = Citizen born 2000+
M = Foreigner from 2022+
Detected patterns:
S1234567D- Citizen (pre-2000)T9876543J- Citizen (2000+)M1234567K- Foreigner (2022+)
FIN Detection
Foreign Identification Number - same format as NRIC but for foreigners:
Format: F1234567N
^ ^
| +-- Check letter (A-Z)
+---------- Prefix letter
F = Foreigner pre-2000
G = Foreigner 2000-2021
UEN Detection
Unique Entity Number - business registration identifier:
Formats:
- 53276128A (8-digit: old business registration)
- 200312345A (9-digit: company registration YYYYNNNNNC)
Phone Detection
Singapore phone numbers with +65 country code:
Formats:
+65 9123 4567 (Mobile - starts with 8 or 9)
+65 6234 5678 (Landline - starts with 6)
Postal Code Detection
6-digit Singapore postal codes (logged but not blocked):
Format: Singapore 238877
Detection Behavior
| Pattern | Request | Response | Severity |
|---|---|---|---|
| NRIC | Warn | Redact | Critical |
| FIN | Warn | Redact | Critical |
| UEN | Warn | Redact | High |
| Phone | Warn | Redact | Medium |
| Postal | Warn | Log only | Low |
SDK Examples
Python
from axonflow import AxonFlow
async with AxonFlow() as client:
result = await client.get_policy_approved_context(
user_token="sg-user",
query="Customer NRIC is S1234567D"
)
print(f"Policies: {result.policies}") # ['sys_pii_singapore_nric']
TypeScript
import { AxonFlow } from '@axonflow/sdk';
const client = new AxonFlow();
const result = await client.getPolicyApprovedContext({
userToken: "sg-user",
query: "Customer NRIC is S1234567D"
});
console.log(result.policies); // ['sys_pii_singapore_nric']
Go
client := axonflow.New()
result, _ := client.GetPolicyApprovedContext(ctx, &axonflow.PolicyApprovalRequest{
UserToken: "sg-user",
Query: "Customer NRIC is S1234567D",
})
fmt.Println(result.Policies) // [sys_pii_singapore_nric]
Java
AxonFlow client = AxonFlow.create();
PolicyApprovalResult result = client.getPolicyApprovedContext(
PolicyApprovalRequest.builder()
.userToken("sg-user")
.query("Customer NRIC is S1234567D")
.build()
);
System.out.println(result.getPolicies()); // [sys_pii_singapore_nric]
Enterprise Features
NRIC/FIN Checksum Validation
Enterprise includes mathematical checksum validation:
S1234567D → Valid (checksum D verified)
S1234567A → Invalid (checksum should be D)
Reduces false positives by rejecting invalid IDs.
AI System Registry (Enterprise)
Enterprise provides MAS-compliant AI Model Registry:
- Model versioning and approval tracking
- Risk classification (Tier 1-3)
- Change management logging
- Regulator-accessible audit trails
3-Dimensional Risk Rating (Enterprise)
Enterprise automatically calculates materiality based on:
| Dimension | Scale | Description |
|---|---|---|
| Customer Impact | 1-5 | Potential harm to customers |
| Model Complexity | 1-5 | Technical sophistication |
| Human Reliance | 1-5 | Degree of automation vs oversight |
Materiality Classification:
| Sum of Ratings | Classification | Assessment Frequency |
|---|---|---|
| >= 12 | High | Quarterly |
| >= 8 | Medium | Semi-annually |
| < 8 | Low | Annually |
Quick Start
Test Singapore PII Detection (Community)
Singapore PII detection is available now in Community Edition:
# Start AxonFlow
git clone https://github.com/getaxonflow/axonflow.git
cd axonflow
docker compose up -d
# Test NRIC detection
curl -X POST http://localhost:8080/api/policy/pre-check \
-H "Content-Type: application/json" \
-d '{"query": "Customer NRIC is S1234567D", "client_id": "test"}'
Expected response:
{
"approved": true,
"policies": ["sys_pii_singapore_nric"],
"requires_redaction": true
}
Run Example Tests
cd examples/singapore-pii/python
pip install axonflow
python demo.py # 12 tests covering all patterns
Implementation Checklist
Community (Available Now)
- Deploy AxonFlow (Docker Compose or Kubernetes)
- Singapore PII detection enabled by default
- Configure SDK in your application
- Review audit logs for PII detections
- Test with Singapore PII patterns
Enterprise (Contact Sales)
- Enable NRIC/FIN checksum validation
- Configure AI System Registry
- Set up FEAT assessments
- Configure 7-year retention
- Enable compliance dashboard
- Set up HITL for high-risk decisions
Related Regulations
MAS FEAT compliance features also help with:
- PDPA Singapore - Personal data protection
- Technology Risk Management Guidelines - MAS technology governance
- Business Continuity Management - Kill switch aligns with BCM requirements
- SEBI AI/ML Guidelines - Similar requirements for India (View)
- EU AI Act - European AI regulations (View)
Resources
Get Enterprise Features
For full MAS FEAT compliance capabilities:
- Request a Demo - See AI System Registry and FEAT assessments
- Contact Sales - Discuss your compliance requirements
Enterprise customers: See the MAS FEAT Compliance Guide for detailed API documentation, SDK examples, and configuration options.