14 March 2025

Collaboration and transparency must inform AI adoption and use, while fit-for-purpose governance remains important as ever

It feels as though we’re living in the future, right? What was once the realm of science fiction has rapidly become an integral part of how lots of organisations operate, innovate and govern themselves. 

Developments, such as the appointment of an AI member to the board of Abu Dhabi’s International Holding Company in 2024 - albeit not entirely new, Hong Kong’s Deep Knowledge Ventures being part of a board back in 2014 - raise intriguing questions about the future of governance. While non-voting, an AI board member's promised ability to provide data-driven insights and recommendations represent a potentially significant shift in how boards operate while at the same time potentially weakening the director role. 

And in (very) recent UK news, there are renewed promises from the government to go digital, using AI to revolutionise some of the work done in the civil service. Apparently the DVLA receives 45,000 daily letters that are opened and dealt with by hand; HMRC receives 100,000 phone calls a day – some of which are even answered!

AI is a tool of immense potential but, as Rohan Sharma – author of ‘AI in the Boardroom’ – aptly noted in Forbes last week, "AI is a force multiplier—it amplifies whatever is already happening in your corporate structure. If your board has strong oversight mechanisms, AI can accelerate strategic breakthroughs. If your board is riddled with unclear roles, it can magnify the chaos." In other words, AI doesn’t simply introduce change; it amplifies the existing dynamics of your governance structures. The stakes, therefore, are high.

AI provides opportunities for enhancing corporate governance, of course, but it presents risks and challenges. What do boards need to do, practically, to govern effectively in this brave new world?

In thinking about this, I’m interested in the impact of AI on corporate governance, not “AI governance” - the frameworks and standards designed to ensure the ethical development and use of AI - although there is some cross over, of course, and boards will need to grapple with both.

The agency problem and 'clear' governance

Let’s start at the very beginning – a good place to start. As we know, companies are owned by their shareholders and run by their directors. The directors under the any set of articles of association will have all the powers of the company and manage it day to day.  The shareholders have a reserve right under those articles to pass special resolutions to direct the board to do or refrain from doing something – they can also in most instances remove the board. But there’s an asymmetry in oversight – a tension.

This tension is generally referred to as the agency problem. Corporate governance seeks to calibrate the relationship between the two, ensuring that the directors in charge are running the company for the benefit of the shareholders who own it, while also considering wider stakeholders. Directors can delegate to management, but not abdicate responsibility. They retain an oversight/supervisory function, accountable to their shareholders. Shareholders receive information through interactions with the board and via corporate reporting, which explains why directors have made the choices they have.

That’s important and is reflected in the insight of Rohan Sharma’s that I started with, of AI as a "force multiplier" or an amplifying power.

At its core, AI is neither inherently good nor bad. It is a tool—a mirror that reflects and magnifies the structures and systems into which it is integrated. If your governance structure lacks clarity, cohesion, or accountability, AI can exacerbate these weaknesses, potentially leading to significant operational and reputational risks. If you don't have a strong grasp on the organisation, AI is unlikely to assist; you simply won’t understand what’s going on.

This dual nature of AI underscores the importance of strong governance structures whatever the impact of incoming AI might be. As a recent post on the Harvard Law School Forum on Corporate Governance put it, "[i]dentifying and engaging with relevant stakeholders, refining the board's responsibilities, and managing risk through appropriate guardrails" are essential steps for navigating a complex landscape.

Said another way, "the key to board-level AI governance isn't caution—it's clarity". AI and its contribution isn’t something boards should shy away from – indeed, they can’t.  Instead, clarity in governance involves not only defining roles and responsibilities but also ensuring that board members possess the necessary knowledge and skills to oversee AI effectively. 

AI literacy

This is where AI literacy becomes critical. As Kira Ciccarelli of the Diligent Institute explains, "If boards can successfully navigate the tricky balance between AI governance and innovation while addressing the pressing need for AI literacy, they stand to benefit from valuable opportunities such as increased cost efficiency and employee productivity." In other words, boards must invest in upskilling their members, equipping them with an understanding of AI technologies, their potential applications, and their associated risks. 

In my view, this isn’t about (and it wouldn't be feasible to suggest) all board members becoming experts. Rather, it is about having a working understanding of the issues and therefore the ability to ask searching questions of management. 

This is much like the sustainability issues with which boards have been wrestling in recent years. You don’t need to understand how a carbon calculation works to ask the question whether they have been done, although, of course, it is very helpful if you do.

So, this need for AI literacy is not necessarily all about the technical. Board members must understand the ethical, legal, and societal implications of AI. They must be able to ask critical questions, such as those posed by the Institute of Directors (IoD):

• How are AI systems being used within our organisation?
• What data sets are they trained on, and do these data sets introduce bias?
• How do these systems align with our organisation’s values and long-term goals?

These questions are not merely theoretical. They have real-world implications for how AI is integrated into corporate decision-making, risk management, and stakeholder engagement.

Agency meets alignment

This is where the issues surrounding AI meet issues around governance, what Roberta Tallarita of Harvard Law School, calls the ‘Alignment Problem’: "We can program a superintelligent AI to pursue socially desirable goals, but we cannot exclude that, in pursuing those terminal goals, the AI will decide to pursue harmful instrumental goals...[This] is quite similar to the central purpose of corporate governance..."

As with corporate governance viewed through agency theory, there is a tension. In governance, shareholders try to maintain residual control but can't deal with every eventuality. They need to know what is being done in the organisation in order to react – that is why transparent communication, particularly through corporate reporting is so important.  In addition, the interests of management are often aligned with those of shareholders through long term incentive plans or similar.

Tallarita suggests the challenges faced by boards are similar in the case of governance and AI. What boards need to do with AI is to make sure it is "safely profitable," so its use is aligned with the interests of the organisation. In addition, its use should be transparent by design, an idea built out of privacy dialogues, with the intention that the inherent design of any system furthers an aim - in this case transparency. This is a collaborative effort, involving designers of AI systems making their activities transparent through detailed reporting for public consumption, with boards reporting regularly on how they are adopting the technology.

Case studies

To illustrate the potential – and challenges – of AI in governance, let’s examine a few case studies:

AI in Legal Work

At Simmons and Simmons, a global law firm, AI has been integrated into legal workflows through what Peter Lee, a partner at the firm, describes as "agentic AI." This system, based on large language models, functions as a digital co-worker, capable of processing client data and providing insights that enhance legal decision-making. Lee notes, this is "not the same as automatic or robotic process automation because the level of engagement with an agent means it's more like having a digital co-worker."

This highlights the potential of AI to increase efficiency and accuracy in specialised fields. However, it also raises questions about data privacy, accountability, and the balance between human and machine decision-making.  When does a human step in? (An intrinsic part of data protection legislation.)

AI in Risk Management 

In the realm of risk management, AI has been touted as a game-changer. Greg Ombach, writing in Forbes, notes that "AI can enhance resilience by detecting cybersecurity threats and monitoring compliance risks in real time. Integrating AI into risk frameworks enables boards to identify emerging threats early and respond proactively."

Yet, the use of AI in risk management is not without challenges. As we have seen, boards must ensure that their governance structures are fit for purpose, with clear lines of responsibility and the ability to act (or react) quickly. They must also grapple with the potential for too much information, where the sheer volume of AI-generated insights obscures rather than clarifies strategic options/priorities. Will board members be able to see the wood for the trees?  Are they – or others in the organisation – able to understand the material that gets sent their way?  Patterns may be more easily identified, but can the causes be accurately established? If not, the material is useless.

Regulatory Monitoring in Australia

A thought-provoking example comes from the work of Villarion and Bronitt, who propose the use of AI for continuous regulatory monitoring in the mining sector. Their model envisions an AI-driven system that tracks a corporation’s data footprint to ensure compliance with antibribery obligations.

While this approach offers significant potential for enhancing regulatory oversight, it also highlights the limitations of 'black box' AI systems, which can lack transparency and fail to provide actionable guidance for improvement. As Johannes Schneider and colleagues have observed, "AI produces unexpected results that are partly beyond the control of an organization. It exhibits non-predictable, 'ethics'-unaware, data-induced behaviour yielding novel security, safety, and fairness issues."

These case studies underscore the need for boards to approach AI governance with both optimism and caution, balancing innovation with oversight.

So how do we build fit-for-purpose governance structures?

The IoD's 2023 paper on AI in the boardroom provides a roadmap:

• Monitor the evolving regulatory environment: Boards must stay informed about changes in AI-related laws and regulations, ensuring compliance while advocating for frameworks that balance innovation and oversight.
• Establish board accountability: Clear lines of accountability are essential for managing AI-related risks and opportunities.
• Empower cross-functional ethics committees: Diverse committees with veto power can provide valuable oversight, ensuring that ethical considerations are integrated into decision-making processes.
• Regularly audit AI applications and their impacts: Continuous auditing ensures that AI systems are functioning as intended and meeting ethical and regulatory standards.
• Train stakeholders to interpret AI outputs: AI literacy must extend beyond the board to include all stakeholders who interact with or rely on AI systems.

These measures are not merely best practices; they are imperatives for any organization seeking to harness AI responsibly and effectively.

Yet, as of mid-2024, one survey had 45% of boards without AI on the agenda at all, another 16% only having it on the agenda once a year.  This is set against 44% of companies using AI and 35% considering the key risk to be a lack of knowledge.

Now, again, the comparison with ESG might be instructive: a charitable reading of these figures might be that boards may consider, as they have been arguing with ESG, that as this threads itself through everything the organisation does (at least potentially) that it wouldn’t be a standalone agenda item.  But that misses the point – its implications should be transparent – our key word. Management should be sharing with the board what AI is being used; the board should be taking this into account in setting strategy.  

And that brings us back to the evolving role of AI in the boardroom itself. How do we feel about the AI board member mentioned at the beginning of this post? Could an AI board member be properly accountable and owe fiduciary duties?  Presumably not, unless there is some sort of penalty that could be applied, perhaps insurance backed?  Will individual board members use due skill, care and diligence in making decisions, as they are obliged to do under UK company law, or will they simply do what the AI tells them – whatever that may be?  And what if it’s a so-called hallucination, a nonsense?

You're perfect...now change

Still, in some ways it’s business as usual. Directors can satisfy their responsibilities and fulfil their oversight role by:

• constructive challenge to management 
• reviews and deep dives into areas of the business 
• regular appraisals of management and committees
• keeping terms of reference for committees under review,

all in the context of AI. Where is AI being used? How? What safeguards are in place?

There will be new elements, of course. Does the Board understand (per the IoD):

• how data, algorithms, and other technologies are being used in the business, including third party products which embed AI technologies, especially to make key decisions or redirections?
• how is ethics around technology included in board governance?
• how is it communicating the importance of an ethical approach to technology adoption?
• who is accountable at board level for these issues?

Everything to play for

There’s no doubt that AI is a tool that’s of great value in terms of productivity. Boards, however, and those of us who support them will need to take great care that we understand how and where AI is being used and communicating that to stakeholders.  

In many ways AI is a risk and an opportunity to be dealt with or seized, as any other. The difference, perhaps, is the 'creeping' effect of AI - its potential to be used in organisations without control or review or even awareness. The critical themes are – and will remain – collaboration and transparency and it will be the board's role, supported by management, to push for that in all discussions.

As with all governance, the main risk is being taken by surprise.