Board Oversight of AI Risk

Artificial intelligence used to sit several layers below the boardroom, treated as a tool the technology function managed on its own. That has changed. Agentic AI can take actions, not just produce text, and the actions it takes can carry real consequence for the business and its customers.

Why AI is now a board-level matter

An agentic system can move money, change records in systems of record, and reach customers directly, sometimes with limited human review. That places it in the same category as any other capability that can cause loss or harm at scale.

The exposure is operational and fiduciary at once. It is operational, because an AI system that acts on bad input or is manipulated can produce a real incident. It is fiduciary, because directors are responsible for the oversight of material risk, and AI risk is now material in many institutions. Oversight of that risk sits with the board, the same way oversight of credit, liquidity, or cyber risk does.

This does not mean directors need to understand model internals. It means the board needs to be confident that someone does, that the risk is governed, and that there is evidence to show it.

The questions a board should be able to ask and get answered

Good oversight is mostly a matter of asking the right questions and being given clear, evidenced answers. A board does not need to design the controls to test whether they are real. Five questions cover most of the ground.

1. Do we know every AI system and agent in use, and who owns each one? If there is no current inventory with a named owner per system, oversight has nothing to stand on. You cannot govern what you cannot see.
2. What can each one do, and what data can it reach? The risk of an AI system is defined by its permissions and its reach, not by how impressive it looks. A system that can only summarize is very different from one that can move funds.
3. How is that risk controlled, and how is the control evidenced? For each material system, there should be a control, and the control should produce evidence a third party could inspect. A claim without evidence is not assurance.
4. Who is accountable? Accountability for AI risk should map to a named person or committee, not to the technology in the abstract. Diffuse ownership is the same as no ownership.
5. How would we know, and how would we respond, if it went wrong? The board should understand how an AI incident would be detected, escalated, and contained, and who would lead the response.

If the institution can answer these clearly, with evidence behind each answer, the board is doing its job. If the answers are vague, that gap is itself the finding.

The US and EU landscape, at a high level

Boards do not need to track every legislative line, but they should understand the shape of the regulatory and standards environment, because it is converging on a clear expectation. AI and model risk should be governed and evidenced like any other material risk.

In the European Union, the EU AI Act introduces obligations on a risk basis, with higher-risk uses carrying more requirements. Those obligations are being phased in over time. The practical signal for a board is that AI use will increasingly need to be classified, documented, and overseen.

In the United States, the NIST AI Risk Management Framework is a voluntary framework for identifying and managing AI risk across its life cycle. It is not law, but it has become a common reference for what a credible AI risk program looks like, and it is a reasonable yardstick for a board to hold management to.

As a standard, ISO/IEC 42001, first published in 2023, defines a certifiable management system for AI governance, in the same family as ISO 27001 for information security. Certification gives a board independent evidence that a governance system exists and is being run, rather than merely asserted. Alongside these, financial regulators increasingly expect AI and model risk to be governed, documented, and evidenced, on the same footing as other material risks the institution already manages.

Where governance ends and control begins

Governance and inventory are necessary, and they come first. You cannot oversee or control what you have not catalogued. But the board should be clear with itself on one point. An inventory and a policy are not a runtime control. They describe what should happen. They do not stop a live system from doing the wrong thing.

Discovering and scanning AI shows what you have and where it is weak, and that visibility is the right starting point. On its own it stops nothing while a system is running. Some of the hardest gaps are matters of architecture, not something a product fixes. We will say so plainly when that is the case, rather than imply a tool closes a gap it cannot.

So the board's job is assurance, not operation. It is to confirm that the controls exist, that they are owned, and that they work, and to ask for the evidence. The detail of how those controls are designed and run belongs to management. The confidence that they are real belongs to the board.