As financial services firms proceed to advance AI adoption, governance maturity is lagging behind. Older frameworks around models, data and technology weren’t designed for today’s AI landscape: probabilistic models, opaque third-party dependencies and increasingly autonomous agent systems. As a result, firms attempting to scale AI using traditional governance approaches may face risks which can be difficult to discover, quantify, or control.
Weak AI governance can directly result in misinformed investment decisions, security vulnerabilities, and ultimately financial and reputational losses. Conversely, firms that construct effective governance frameworks can higher align AI with business objectives, manage downside risks, and create a more durable competitive advantage.
To address this challenge, I propose a two-tier AI governance framework that integrates program-level monitoring with use-case-specific controls. Similar to the complementary top-down and bottom-up approaches to investing, this structure allows for each consistency of scale and precision of execution.
The program-level component focuses on three core actions:
- Your AI resources to administer them effectively
- Corporate-level governance structures and mechanisms
- Enterprise-level governance in some critical domains
Discover: A fundamental step is to create comprehensive inventories of AI assets, use cases, and agents. These function constructing blocks for governance processes at each this system level and use case level and needs to be linked to the organization’s overarching governance and risk management mechanisms and tools. As we glance to the long run, it should turn out to be increasingly essential to use a few of the same institutional and organizational processes to managing AI agents that we commonly apply to managing humans, which is sort of unimaginable without these inventories.
Found: Oversight mechanisms fall into this category, including policies and procedures, risk appetite statements, chain of authority and escalation, and the creation of an enterprise AI competency program. These elements define the “rules of the road” and act as the primary line of defense against internal and external pressures that may inevitably arise during AI implementation.
Focus: The rapid proliferation of AI governance frameworks and controls may create the impression that effective governance requires a “boil the ocean” approach. In practice that is neither feasible nor crucial. Instead, AI governance needs to be consciously tailored and aligned to a company’s specific risk profile, operating model, and strategic priorities. The goal shouldn’t be completeness, but effectiveness.
