Why AI is driving an invisible shift in risk management

In enterprise technology, it’s often not strategy decks but sudden shifts in technology that push long-ignored priorities to the surface.

Fifteen years ago, the arrival of mobile upended software development. All of a sudden, people were rushing to address things they should have already thought about in the web app age. User experience, robust testing, programmes that are truly fit for purpose and not just functional – the emergence of mobile highlighted many gaps that organisations had to fill.

In 2025, AI and low code are the innovations having a profound impact on software development in Singapore, due to strong governmental support, such as the National AI Strategy, enabling enterprises to accelerate the adoption of such technologies. And one, perhaps under-acknowledged, consequence is a shift in how organisations approach risk management and regulatory compliance. This is especially true as we move beyond AI-enhanced tools into the era of agentic AI—AI systems capable of autonomous goal-seeking behaviour, orchestration across workflows, and decision-making without direct human input.

Development has decentralized. So must risk management.

How enterprises develop and deliver technology – for both internal and external use – is changing. Where once technology development was a process led centrally by IT, today, low code and AI are driving a shift to development teams that are fractalized across the organisation.

This is incredibly exciting in many ways, as developers can be more responsive to business needs, collaborating directly with the people most aware of what customers, employees and partners require. But at the same time, it changes the business’s relationship with risk.

In the old world, the IT professionals driving development had a holistic perspective of the security concerns, risk profiles, and compliance requirements of the organisation as a whole. But now, distributed developers work on smaller pieces of the puzzle, each presents a range of risk management and governance questions. The emergence of agentic AI compounds this. These systems can take initiative, make decisions, and act across systems, creating a new layer of operational risk that is both faster-moving and harder to audit using traditional methods. Enterprises are now faced with managing the risk, as well as embracing the opportunity, of this democratisation. For Singapore and Asia Pacific enterprises, risk management and data security continue to pose challenges. According to PwC, 84 percent of APAC business and tech executives have reported increases in their cyber budgets.

Adaptive governance for a distributed world

Risk is a complex question in the time of distributed development. The traditional model of one-size-fits-all governance is collapsing. Governance and risk mean different things, depending on where the technology sits in the business. Issues like whether applications are customer-facing, the sensitivity of data, how it’s stored, and privacy considerations will each vary from case to case. What’s needed is adaptive governance—a dynamic, context-aware approach to managing risk that aligns with the specific characteristics of each use case.

Delivering a mobile banking feature could raise all kinds of questions. How and where is customer data stored? Who has access? What will be in the hands of the customers, and what will be in the hands of employees? With so many interconnected issues, it could be easy to miss something crucial from a privacy, security, or regulatory perspective. These risks are magnified with the rise of agentic AI, which broadens access to application development across the organisation and introduces code that may be less transparent, less governed, and harder to trace.

It’s more important than ever that individual developer teams get to grips with the risk and compliance implications of their activities. This creates a new role for risk managers and compliance officers. Rather than simply sitting centrally, these specialists need to be embedded in multidisciplinary technology delivery teams across the organisation, sometimes referred to as “fusion teams”. There, they act as a frontline for risk management, empowering development teams with the right guidance and oversight of their activities.

The smartest organizations are moving to a model of adaptive governance: risk management that’s appropriate for each scenario, and balances innovation with compliance. It’s here that fusion teams will really deliver. With a blend of experts from the business, risk managers, software developers, and UX specialists, teams can better understand the risk and compliance implications of their work and proactively protect the organisation. Enterprises in Singapore are making headway. For instance, four in five banks in Singapore are forecasted to increase their investments in risk management technologies this year. Research also places Singapore’s RegTech market on track to grow to US$386.48 million by 2029.

Invisible but transformational shift

The shift to decentralized technology is nothing new, but low code and AI are catalysing the parallel shift to a new risk management and compliance model. While it may be less visible, the consequences will be significant. In order for Singapore businesses to thrive, everyone must get to grips with the age of adaptive governance, to ensure that distributed development can deliver on its promise, without compromising the business.

Jornt Moerland is Senior Vice President, Asia Pacific at Mendix.

TNGlobal INSIDER publishes contributions relevant to entrepreneurship and innovation. You may submit your own original or published contributions subject to editorial discretion.

Featured image: Pexels on Pixabay

Why organizations must rethink energy use for a more sustainable AI future