Corporate regulators are beginning to develop corporate governance requirements around AI: for example, the Hong Kong Monetary Authority has published guidance for banks (see guidelines on consumer protection in respect of use of big data analytics and AI and high level principles on AI).

The US National Association of Corporate Directors (NACD) with Marsh & McLennan has published a good ‘how to’ guide: ‘Governing Digital Transformation and Emerging Technologies’, which is a worthwhile read for company secretaries and internal counsel advising boards (you will need to set up a temporary account to download here).

The report identifies 5 principles which are pitched at a high level, but the report has some useful thinking and decision tools underneath each:

Principle 1: Approach emerging technology as a strategic imperative, not just an operational issue.

The NACD report makes the telling point that because to date most directors’ exposure to disruptive technology has been managing cybersecurity risk, a common pitfall is that “technology governance equals risk governance”. What’s missing when viewing AI through a ‘risk lens’ is that success in using AI depends on proactively building ‘trust’ with consumers – that requires shift to a broader more proactive mindset.

Principle 2: Develop collective, continuous technology-specific learning and development goals.

Directors cannot properly oversee what they don’t understand. As most directors in large companies are in the 50s and 60s, they can struggle with technology. A tempting ‘quick fix’ is to add a director from a technology background, but a token tech savvy director may not help. A recent study by MIT found that companies with digital and technology expertise on their boards do outperformed their counterparts – but you needed at least three tech knowledgeable directors to make a difference. The NACD report also noted that while most companies reported spending time and resources at the board level on continuing education, US directors on average spent only 20 hours a year on continuing education and only 17 percent had an individual leaning plan.

Principle 3: (Re)align board structure and composition to reflect the growing significance of technology as a driver of both growth and risk.

The audit and risk committee of a board can become a ‘kitchen sink’ for anything unknown, puzzling and rapidly changing in the life of a company. The NACD report encourages companies to think about a separate digital transformation committee, which - unencumbered by managing short term technology risks –can be better placed to both look over the horizon and to assess whether how AI is being used align with the company’s ethics, purpose and values (again that ‘trust’ issue).

Principle 4: Demand frequent and forward-looking reporting on technology-related initiatives.

The NACD cautions that while advances in data analytics can enrich the information available to the board, a common pitfall is ‘too much information, too little insight’. The report comments that “recognising that companies have so far struggled to reap meaningful benefits from their digital transformation investments, boards should focus on early warning signals that long term transformation initiatives may be struggling”.

Principle 5: Periodically assess the organization’s leadership, talent, and culture readiness for technological change.

The NACD report said a ‘whopping’ 85% of surveyed directors expressed confidence in their management team’s ability to reap digital transformation”. The report’s authors were highly sceptical of this rosy picture –the reality is more likely to be that many current leaders have little experience or a poor track record in driving digital transformation and in any event, current skills will quickly become obsolete.


Read more: Governing Digital Transformation and Emerging Technologies

Expertise Area