[OR] [MAS] [E3] [C8] Emerging Risks and Future Trends

eBook 3: Chapter 8

 Emerging Risks and Future Trends

Introduction

Operational resilience is continuously shaped by emerging technologies and evolving ecosystem dependencies. As financial institutions in Singapore accelerate digital transformation, the risk landscape is becoming more complex, interconnected, and technology-driven. 

The Monetary Authority of Singapore has highlighted that advancements such as artificial intelligence (AI), cloud computing, and quantum technologies are introducing new forms of systemic and operational risk, requiring enhanced governance, testing, and resilience capabilities.

This chapter explores three critical emerging risk domains: AI and automation risks, quantum computing implications, and the increasing complexity of third-party ecosystems.

AI and Automation Risks

The Rise of AI in Financial Services

Artificial intelligence is rapidly being embedded into core financial services, including:

• Fraud detection and transaction monitoring
• Credit risk assessment
• Customer service automation (e.g., chatbots, GenAI tools)
• Algorithmic trading and decision-making

While AI enhances efficiency and innovation, MAS recognises that it introduces new categories of operational, model, and governance risks.

Key AI-Related Risks

1. Model Risk and Decision Errors

AI models may produce incorrect or biased outputs, leading to financial loss or regulatory breaches.

2. Lack of Explainability

Complex AI models (especially generative AI) may lack transparency, making it difficult to justify decisions.

3. Data Integrity and Quality Risks

AI systems rely heavily on data; poor data quality can compromise outputs and decision-making.

4. Automation Risk

Over-reliance on automated processes may reduce human oversight, increasing the impact of failures.

5. Third-Party AI Dependencies

Many AI capabilities are sourced externally, creating additional third-party risks and reduced control.

MAS Expectations

MAS has issued AI risk management guidance requiring financial institutions to:

• Establish AI governance frameworks and accountability structures
• Maintain an inventory of AI use cases
• Implement lifecycle controls covering design, deployment, and monitoring
• Apply proportionate controls based on risk materiality

Implications for Operational Resilience

AI introduces non-deterministic behaviour, meaning outcomes may not always be predictable. This requires:

• Enhanced testing and validation frameworks
• Continuous monitoring of AI outputs and performance
• Integration of AI risks into scenario testing and resilience planning

Quantum Computing Implications

The Emerging Quantum Threat

Quantum computing, while still evolving, has the potential to disrupt current cryptographic systems that underpin financial transactions and data security.

MAS has identified quantum readiness as an emerging priority, encouraging institutions to prepare for quantum-safe resilience strategies.

Key Risks of Quantum Computing

1. Cryptographic Vulnerability

Quantum computers could break widely used encryption algorithms, exposing sensitive financial data.

2. Data Security Risks

Historical encrypted data may become vulnerable once quantum capabilities mature (“harvest now, decrypt later” risk).

3. System Integrity Risks

Critical systems relying on current cryptographic standards may become insecure.

Implications for Financial Institutions

Financial institutions must begin preparing for:

• Quantum-safe cryptography adoption
• Crypto-agility (ability to switch encryption methods quickly)
• Long-term data protection strategies

Operational Resilience Considerations

Quantum risk is a low-probability, high-impact threat, requiring:

• Forward-looking scenario planning and testing
• Integration into long-term resilience strategy
• Collaboration with regulators and industry bodies

Increasing Third-Party Ecosystem Risk

Expanding Digital Ecosystems

Modern financial services operate within a complex ecosystem involving:

• Cloud service providers
• Fintech partners
• Payment networks
• Data providers
• AI and analytics vendors

MAS highlights that increasing reliance on third parties, especially cloud providers, introduces new dependencies and systemic risks.

Key Third-Party Risk Trends

1. Concentration Risk

Dependence on a small number of large providers (e.g., global cloud platforms) creates systemic vulnerabilities.

2. Multi-Layered Dependencies

Third-party providers often rely on subcontractors (fourth parties), reducing visibility and control.

3. Cross-Border Risk

Global service providers introduce jurisdictional and regulatory complexities.

4. Multi-Party Incident Complexity

Disruptions increasingly involve multiple organisations, requiring coordinated response.

MAS expects financial institutions to develop multi-party incident response capabilities and maintain strong oversight over outsourced services.

Accountability and Governance

A key MAS principle is that:

Outsourcing does not dilute accountability

Financial institutions remain fully responsible for:

• Service delivery outcomes
• Risk management and controls
• Customer impact

Implications for Operational Resilience

To manage ecosystem risks, institutions must:

• Strengthen third-party risk management frameworks
• Conduct end-to-end dependency mapping
• Include third parties in scenario testing exercises
• Develop coordinated incident response mechanisms

Convergence of Emerging Risks

Interconnected Risk Landscape

A defining feature of future operational resilience is the convergence of risks:

• AI systems hosted on cloud platforms
• Cloud providers relying on global infrastructure networks
• AI models integrated with third-party data sources

This creates complex, interdependent risk chains, where a single failure can trigger cascading disruptions.

MAS Perspective

MAS has emphasised that financial institutions must:

• Adopt holistic and forward-looking risk management approaches
• Strengthen technology governance and resilience capabilities
• Prepare for cross-border and multi-party disruptions

Preparing for the Future

Strategic Priorities for Financial Institutions

To address emerging risks, institutions should:

1. Strengthen Technology Governance

• Enhance oversight of AI, cloud, and emerging technologies
• Ensure accountability at Board and senior management levels

2. Enhance Scenario Testing

• Incorporate AI failures, cloud outages, and quantum risks into scenarios
• Test multi-event and multi-party disruptions

3. Invest in Resilience Capabilities

• Build cyber resilience and advanced monitoring systems
• Develop quantum-safe strategies

4. Strengthen Ecosystem Collaboration

• Engage with regulators, industry groups, and third-party providers
• Participate in sector-wide resilience initiatives

Emerging risks such as AI, quantum computing, and complex third-party ecosystems are reshaping the operational resilience landscape in Singapore’s financial sector.

Guided by the expectations of the Monetary Authority of Singapore, financial institutions must adopt a forward-looking, technology-aware approach to resilience.

By understanding these evolving risks and proactively integrating them into governance, testing, and continuous improvement frameworks, organisations can ensure that resilience remains robust, adaptive, and future-ready.

Ultimately, operational resilience is no longer just about responding to known risks—it is about preparing for uncertainty in an increasingly digital and interconnected world.

eBook 1	C1	C2	C3	C4
eBook  2	C5	C6	C7	C8
eBook  3	C9	C10	C11	C12

Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.

 

More Information About OR-5000 [OR-5] or OR-300 [OR-3]

To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.

	If you have any questions, click to contact us.