Full Risk Assessment: regulator-acceptable evidence for MAS-regulated financial institutions
A 5 to 10 day structured assessment that produces the complete evidence package a CISO at a MAS-regulated financial institution can hand to MAS, the board, and the internal auditor. Mapped to MAS FEAT, IMDA AI Verify, PDPA, and ISO 42001.
What the assessment covers
All 42 risks in the Protum Agentic Risk Matrix across eight domains: Decision Risk (model reliability, hallucination controls), Delegation Risk (tool permissions, escalation paths), Execution Risk (sandbox containment, side-effect controls), Interaction Risk (prompt injection, jailbreak defences), Memory Risk (context window controls, persistence boundaries), Identity Risk (authentication, impersonation defences), Governance Risk (audit trails, human oversight), and Value Risk (business alignment, cost controls).
Deliverables
A signed Trust Record per assessed agent, a compliance gap report mapped to each framework control, a remediation log with prioritised findings, a board-ready executive summary, and a public certification mark your buyers and regulators can verify independently.
Framework coverage
MAS FEAT (Fairness, Ethics, Accountability, Transparency) Principles, IMDA AI Verify Assessment Framework, Singapore PDPA data governance requirements, ISO/IEC 42001 AI management system, OWASP Agentic AI Top 10, and the Protum Agentic Risk Matrix.
Timeline
Five to ten business days from kickoff to final report. Kickoff call on day one, structured interviews and evidence collection through day five, draft findings review on day seven, final Trust Record issued by day ten.
Book a Full Risk Assessment