Responsible AI Governance: Future Proofing Corporate Governance, Strategy, Risk Management and Reporting

However, despite the increasing consensus on the importance of addressing these risks, the absence of an established framework presents a challenge for businesses seeking to develop an effective governance structure. The recent upheaval at OpenAI, leading to the temporary departure of the company’s CEO, spotlights the importance of stronger governance structures in navigating the complexities of AI.

In this context, we advocate for a proactive approach to AI governance, drawing parallels with environmental, social and governance (ESG) frameworks that offer valuable tools for managing AI-related risks. We provide practical advice to business leaders looking to develop a robust governance framework and make a strong commitment to responsible AI with our Responsible AI Principles, Key Questions and Five-Step Action Plan. Our paper starts with a review of AI’s opportunities and risks, the regulatory environment and investor practices. However, for those already familiar with this landscape, our recommended approach starts page 20.

Our analysis of the regulatory environment, including a deep dive into the European Union (EU) AI Act and the United States (US) Risk Management Framework, shows the growing recognition that AI systems need to be governed. Certain legislators – the EU, Brazil and Canada – opt for binding obligations to safeguard stakeholders while others – the US, the United Kingdom (UK) and Japan – have focused on softer regulatory approaches to encourage innovation. Yet, their regulatory initiatives all broadly revolve around core principles of security, transparency and accountability. Our review also provides a table summarising regulatory initiatives based on an extended set of 10 Responsible AI Principles, that may provide businesses with guidance as they build robust AI policies. These principles are briefly described below and more detail can be found on page 14.

1. Data Governance: establish policies, procedures and standards for the collection, management, and utilisation of data.
2. Traceability/Record-keeping: ensure AI developers/engineers trace and maintain records of data sources, algorithms and decision-making processes.
3. Explainability: aim for the explainability of AI systems, which involves their capacity to provide clear and comprehensive explanations for their decisions and actions.
4. Accountability/Human Oversight: assign responsibility for AI systems’ behaviour and decisions.
5. AI Literacy: ensure employees and relevant individuals possess adequate AI literacy, considering their technical expertise, experience, education, training, and the specific AI system’s context and end-users.
6. Accuracy/Fairness: assess the precision and correctness of AI predictions and decisions, ensuring they align with the desired objectives and mitigate bias.
7. Transparency: make AI systems visible and understandable to the relevant stakeholders (including the users) to foster trust and accountability.
8. Security, Safety, and Robustness: establish measures to protect AI systems from unauthorised access, cyber threats and ensure their security and safety in operation.
9. Data Protection: safeguard the privacy and security of the data used by AI systems.
10. Contestability: provide individuals or entities affected by AI with the opportunity to raise concerns under the relevant complaint process.

In line with regulatory initiatives, a number of investors are starting to encourage companies to develop responsible AI governance frameworks. Norges Bank Investment Management (NBIM), who manages assets exceeding $1.4 trillion, has laid out its expectations for portfolio companies, focusing on provisions related to board accountability, transparency and explainability, alongside robust risk management. The Collective Impact Coalition for Digital Inclusion, an investor group managing $6.9 trillion, concentrates on engaging with technology companies, asking them to disclose their commitment to principles of ethical AI. In the US, five entertainment companies and one technology giant have also been targeted by shareholder proposals asking them to clarify AI related risks and how they intended to manage these risks. Collectively, this nascent investor push suggests that companies should prepare for greater engagement with shareholders on AI-related risks.

Investors are becoming increasingly familiar with existing ESG disclosure frameworks, such as the Taskforce on Climate-related Financial Disclosure (TCFD) and the Taskforce on Nature-related Financial Disclosure (TNFD), and we believe they provide an effective way to communicate a company’s approach towards managing AI-related risks and opportunities. Therefore, in alignment with the four-pillar structure of these frameworks, we provide a set of questions designed to guide companies in disclosing and effectively demonstrating their commitment to responsible AI. We show a subset of these Key Questions below, with the full list set out on page 21.