Navigating AI Risks: A Guide for Board Members - Part II

Part II - Steps Boards can use to Mitigate AI Risks

Given the complexity and rapid evolution of artificial intelligence (AI), boards must adopt a proactive and structured approach to mitigate the risks associated with this transformative technology.  

In Part I of this series, we did a deep dive into some of these risks and their potential implications. In Part II, we will explore steps boards can utilize to mitigate AI risks to the board and to their organizations.

Below is a more detailed exploration of seven key steps boards can take to manage AI risks effectively. As always, these steps are not exhaustive, and organizations should always look at their particular circumstance in determining their risks and ways to mitigate them.

1. Develop a Comprehensive AI Governance Framework

Establishing a comprehensive AI governance framework is the cornerstone of mitigating AI risks. This framework should serve as a blueprint for how AI is developed, deployed, and monitored across the organization. It should cover all aspects of AI use, from ethical considerations and data management to regulatory compliance and risk management. Boards should ensure that the AI governance framework is dynamic and can evolve as the technology and regulatory environment change. Regular reviews and updates to the framework are essential to keep it relevant and effective.

Key Elements:

• Policy Development. Create clear policies that define acceptable and unacceptable uses of AI within the company. This includes guidelines on data usage, AI training, decision-making processes, and transparency requirements.
• Roles and Responsibilities. Define the roles and responsibilities of various stakeholders within the organization, including the board, executive management, data scientists, and legal teams. Ensure that there is a clear line of accountability for AI governance.
• Ethical Guidelines. Incorporate ethical principles into the framework, such as fairness, accountability, and transparency. These guidelines should align with the company’s values and corporate social responsibility commitments.

2. Enhance Board Education and Expertise

AI is a complex and rapidly evolving field that requires board members to continuously update their knowledge and skills. Enhancing board education and expertise on AI is critical to effective oversight and decision-making. Boards should evaluate whether they have the necessary expertise to oversee AI-related risks effectively. If gaps are identified, they may consider adding directors with specific AI or technology backgrounds to strengthen the board’s capabilities.

Key Elements:

• Continuous Learning. Boards should invest in ongoing education for directors, including attending workshops, seminars, and conferences focused on AI. This will help them stay informed about the latest developments, risks, and best practices in AI.
• Expert Consultation. Boards can benefit from consulting with external AI experts who can provide insights into specific technologies, regulatory trends, and emerging risks. This may include inviting AI specialists to board meetings or forming an AI advisory council.
• Specialized Training. In some cases, it may be beneficial to provide specialized training for directors on key AI topics, such as data privacy, machine learning, and AI ethics. This training should be tailored to the specific needs of the company and its industry.

3. Conduct Regular Risk Assessments

Regular risk assessments are essential for identifying, evaluating, and mitigating AI-related risks. These assessments should be comprehensive and cover all areas where AI is used within the organization. Boards should ensure that risk assessments are not just one-time exercises but are conducted on a regular basis, especially as new AI technologies and applications are introduced. The results of these assessments should be reported to the board’s audit or risk committee for review and action.

Key Elements:

• Enterprise-Wide Assessments. Conduct risk assessments across all business functions where AI is deployed, including operations, marketing, finance, customer service, and human resources. This will help identify potential vulnerabilities and areas where AI could pose significant risks.
• Scenario Analysis. Use scenario analysis to explore different AI-related risk scenarios, such as data breaches, regulatory changes, or ethical breaches. This will help the board understand the potential impact of these risks and develop appropriate mitigation strategies.
• Risk Prioritization. Once risks are identified, prioritize them based on their potential impact and likelihood. Focus on the most critical risks that could have a material impact on the company’s operations, reputation, or financial performance.

4. Implement Strong Data Governance Practices

Data is the lifeblood of AI, and strong data governance practices are crucial to mitigating risks related to data privacy, security, and accuracy. Effective data governance ensures that data is managed responsibly and used in compliance with legal and ethical standards. Boards should oversee the company’s data governance policies and ensure that they are aligned with the AI governance framework. They should also encourage a culture of data responsibility within the organization, where all employees understand the importance of protecting and managing data effectively.

Key Elements:

• Data Access Controls. Implement strict access controls to ensure that only authorized personnel can access sensitive data. This includes establishing protocols for data encryption, anonymization, and secure storage.
• Data Quality Management. Ensure that the data used by AI systems is accurate, complete, and up-to-date. Poor data quality can lead to biased or incorrect AI outputs, which can have serious consequences for the business.
• Compliance Monitoring. Regularly monitor data management practices to ensure compliance with relevant data protection laws and regulations, such as GDPR, CCPA, and the EU AI Act. This includes conducting audits and risk assessments to identify potential gaps in data governance.

5. Monitor AI Outputs and Decision-Making

AI systems can produce outputs that have a significant impact on business operations and decision-making. Monitoring these outputs is essential to ensure that they are accurate, fair, and aligned with the company’s objectives. Boards should require regular reports from management on AI outputs and decision-making processes. They should also ensure that there are mechanisms in place for employees and customers to raise concerns about AI-generated decisions and that these concerns are addressed promptly.

Key Elements:

• Human Oversight. Establish processes for human oversight of AI-generated outputs, particularly in critical areas such as customer interactions, financial reporting, and product recommendations. Human oversight can help identify and correct errors or biases in AI outputs before they cause harm.
• Bias Detection and Mitigation. Implement tools and processes to detect and mitigate biases in AI systems. This includes regularly reviewing AI algorithms for potential biases and making adjustments as needed to ensure fairness and impartiality.
• Decision-Making Transparency. Ensure that AI-driven decision-making processes are transparent and understandable to all stakeholders. This includes documenting how AI systems make decisions and providing explanations for AI-generated outcomes.

6. Engage with Regulators and Industry Bodies

As AI regulations continue to evolve, it is important for boards to stay ahead of the curve by actively engaging with regulators and industry bodies. This proactive approach will help companies anticipate regulatory changes and adapt their practices accordingly. Boards should ensure that their companies are not only compliant with current regulations but also prepared for future changes. This may involve establishing a dedicated regulatory affairs team or appointing a senior executive to oversee AI-related regulatory compliance.

Key Elements:

• Regulatory Monitoring. Establish a system for monitoring regulatory developments related to AI, both at the national and international levels. This will help the company stay informed about new laws, guidelines, and enforcement actions.
• Industry Collaboration. Participate in industry groups, associations, and consortia focused on AI governance and best practices. Collaboration with peers can provide valuable insights into emerging trends and help shape industry standards.
• Regulatory Advocacy. Engage with regulators to provide input on AI-related policies and advocate for balanced regulations that protect consumers while allowing for innovation. This may involve participating in public consultations, submitting comments on proposed regulations, or meeting with regulatory officials.

7. Establish Clear Accountability Structures

Clear accountability structures are essential for ensuring that AI governance and risk management are taken seriously at all levels of the organization. Boards must establish who is responsible for overseeing AI-related activities and ensure that these individuals are held accountable for their performance. Boards should ensure that accountability for AI governance is clearly defined and that there are consequences for failing to meet established standards. This may involve linking executive compensation to AI governance performance or conducting regular evaluations of the company’s AI oversight practices.

Key Elements:

• Board Oversight. Designate specific committees or individual board members to oversee AI governance and risk management. This could include the audit committee, risk committee, or a specially formed technology committee.
• Executive Accountability. Hold senior executives accountable for implementing the AI governance framework and managing AI-related risks. This includes setting clear performance metrics and regularly reviewing their progress.
• Internal Reporting. Establish robust internal reporting mechanisms to ensure that AI-related issues are communicated to the board in a timely and transparent manner. This includes regular updates on AI initiatives, risk assessments, and compliance efforts.

By adopting these seven steps, boards can better position their companies to harness the benefits of AI while minimizing the associated risks. Effective governance and oversight are critical to ensuring that AI is used responsibly and in a way that aligns with the company’s strategic objectives and ethical values.

In the last part of this series, we will explore how insurance can be used to mitigate these risks.