From Principles to Practice: MAS AI Risk Management in 2026

The instinct is to read 2026 as a year of new rules. It is not. FEAT is unchanged. What changed is where the risk now lives. In the pre-generative era, AI risk was largely a property of the model. Was it fair. Was it explainable. Was it accountable for a single scored decision. With agentic systems that plan, call tools, and act over many steps, the risk surface is no longer the model in isolation. It is the operating environment the model runs inside: what it is allowed to touch, what it logs, where a human can intervene, and how intent is recorded.

That is why the 2026 documents read like operations manuals rather than ethics statements. Project MindForge extends a lineage that runs from FEAT in 2018 through Project Veritas in 2019, which operationalised FEAT before generative AI arrived. MindForge carries that forward into generative and agentic systems. The principles did not move. The implementation surface did.

The clearest articulation of this shift sits next door to financial regulation, in IMDA's Model AI Governance Framework for Agentic AI. Version 1.0 launched on 22 January 2026 at the World Economic Forum in Davos. Version 1.5, a 53-page document, followed on 20 May 2026 and was updated on 5 June 2026, incorporating feedback from more than 60 companies and citing the World Economic Forum, GovTech Singapore's Agentic Risk and Capability Framework, and CSA Singapore.

The framework rests on four dimensions: assess and bound the risk, make humans meaningfully accountable, implement technical controls and processes, and continuously monitor and test after deployment. Read those again as a build specification rather than a values list. "Make humans meaningfully accountable" and "continuously monitor after deployment" are not aspirations. They describe components a system must have.

The most consequential sentence in the IMDA framework is a concession. Its executive summary holds that existing principles for trusted AI, such as transparency, accountability and fairness, continue to apply but must be translated into practice for agents. It states that meaningful human control and oversight must be integrated into the agentic AI lifecycle. And then it concedes that continuous human oversight over all agent workflows becomes impractical at scale.

That is a regulator stating, in writing, that manual human-in-the-loop cannot be the answer. If a human must approve every agent action, the system does not scale, and the oversight degrades into a rubber stamp. The framework does not respond by demanding more human review. It responds with structure. Its worked case studies use a Verifiable Credential of Intent, issued by a human approver to an agent, and keep human checkpoints at consequential decision stages. They list logging and monitoring as one of an agent's core components, present specifically to enable monitoring, debugging, and accountability. One IMDA case study applies all four dimensions to a deployment named OpenClaw.

Strip the labels and you have an architecture: a recorded statement of human intent, gates at the decisions that matter, and an audit log built into the agent rather than bolted on. That is not an ethics statement. It is a design brief.

Put the financial-sector toolkits and the IMDA framework side by side and the same instruction appears. Stop treating governance as a property of the model. Start treating it as a property of the environment the model operates in. The MindForge toolkit's operationalisation handbook and implementation examples exist precisely because executives can recite FEAT but cannot, on their own, wire it into a system that takes actions.

For any firm deploying agents over real business operations, this reframes readiness. Agent-readiness is no longer a feature you add for convenience. It is a compliance posture. An agent that cannot show who authorised an action, cannot point to the checkpoint where a human could have stopped it, and cannot produce a column-level record of what it changed is not merely less capable. Against the direction Singapore's regulators are now setting, it is weak in compliance posture. The documents stop short of binding rules in several places, and MAS had not finalised standalone guidelines as of the March 2026 toolkit release. But the architectural expectation is unambiguous.

Read the four dimensions as a specification and a defensible agent environment needs four things in place before an agent touches anything that matters.

First, bounded scope. The agent's reach is assessed and constrained in advance, not discovered at runtime.

Second, recorded intent. A human authorisation that travels with the action, the Verifiable Credential of Intent pattern, so accountability is captured at the moment of approval rather than reconstructed after an incident.

Third, structured checkpoints. Human intervention concentrated at consequential decisions rather than smeared thinly across every step. That is the only honest answer to the "impractical at scale" problem.

Fourth, native logging. Monitoring and an audit trail built into the agent as a core component, granular enough to answer what changed, when, and on whose authority.

None of these is exotic. All four are buildable today. The gap in most organisations is not capability. It is that their business operations are not structured for an agent to read, act on, and be audited against. That is the work that now sits between principle and practice.

Origin Pi builds the agent-ready business layer: a governed business brain that makes a company's operations structured, machine-readable, and safe for agents to act on. The patterns Singapore's regulators are now writing down are the patterns we build against. A confirm-step before a consequential action is the structured human checkpoint. A column-level audit trail is the native logging the IMDA framework names as a core agent component. Recorded authorisation is the Verifiable Credential of Intent in practice. We did not adopt these because a framework appeared. We treat agent-readiness as the literal implementation of the move from principles to practice. If you are working out what a governed, auditable agent environment looks like in your operations, see our work on AI compliance and AI governance.

• IMDA Model AI Governance Framework for Agentic AI, Version 1.5, 53 pages, published 20 May 2026 and updated 5 June 2026, built on four dimensions.
• IMDA Version 1.0 launched 22 January 2026 at the World Economic Forum in Davos.
• MAS, with industry, announced the Project MindForge AI Risk Management Toolkit on 20 March 2026, comprising an executive handbook, operationalisation handbook, and implementation examples, covering traditional, generative, and agentic AI.
• Association of Banks in Singapore published the Handbook on Generative AI Guardrails in Banking on 24 March 2026..pdf)
• MAS issued the Consultation Paper on Proposed Guidelines on Artificial Intelligence Risk Management on 13 November 2025, closing 31 January 2026, addressing generative and agentic AI; standalone guidelines not finalised as of March 2026.
• MAS FEAT principles issued 2018, not revised in 2026; Project Veritas operationalised FEAT from 2019; Project MindForge extends that lineage.