There is a phrase that appears with remarkable regularity in corporate minutes, regulatory filings, and post-crisis reviews. Three words that simultaneously convey authority and conceal everything behind it: “the board approved.”
For decades, this formulation was adequate. Boards approved capital expenditures, M&A transactions, and risk frameworks — decisions that could, in principle, be interrogated by any sufficiently determined director willing to read a briefing paper and ask the right questions. The black box was inconvenient. It was not catastrophic.
That calculus has changed. Boards are now being asked to approve artificial intelligence systems — systems that generate credit decisions, flag fraud, triage customer complaints, and in some sectors, automate regulatory reporting. These are not procurement decisions. They are governance decisions about algorithmic power. And yet the standard of evidence required to say "the board approved" has barely moved.
This is not an abstract governance concern. It is a fiduciary one.
What I Saw On Both Sides Of The Table
I have spent the better part of three decades in rooms where this tension plays out — first as a technology leader reporting to boards in large financial institutions, and more recently as an advisor to them. That vantage point has shaped a view I now hold with considerable conviction: the opacity that was always a governance weakness has become, in the age of AI, a governance failure.
As a technology leader, I watched boards receive AI proposals as they once received core banking migration proposals — as technical matters to be delegated to management, with oversight expressed through outcome metrics rather than architectural understanding. The result, predictably, was accountability gaps. When an AI-driven process produced an unexpected outcome, the board was often the last to understand why and the first to be held responsible.
As an Advisor, I now sit on the other side of those presentations. What I see has not substantially improved. Boards receive AI investment proposals with business case summaries and vendor attestations. They rarely receive a clear answer to the question that matters most: what does this system do when it is wrong, who is affected, and how will we know?
These are not technical questions. They are governance questions. And they deserve governance-grade answers.
In Ordinary Governance, Opacity Is A Failure. In AI Governance, It Is A Fiduciary One
The distinction matters. A black box boardroom — one where "the board approved" conceals rather than governs — has always been a failure of process. But in ordinary corporate decisions, the failure is bounded. A poorly scrutinised acquisition can be unwound. A flawed capital allocation can be corrected.
AI systems deployed at scale operate differently. They encode assumptions into millions of decisions before anyone recognises the pattern. By the time the failure surfaces, the harm is diffuse, the causation is contested, and the audit trail — if one exists — requires specialist knowledge to interpret.
Boards that approved these systems without understanding them do not escape accountability simply because the system was complex. Regulators globally are making this point with increasing clarity. The emerging consensus across jurisdictions is unambiguous: AI governance is a board responsibility, not a management one.
What An AI-literate Board Decision Record Should Actually Contain
Boards do not need to understand the mathematics of a large language model to govern it responsibly. They do need to ask — and receive substantive answers to — a specific class of questions. Based on direct experience across both roles, I would propose that any board decision record for a significant AI deployment should include the following.
First, a plain-language articulation of what the system does, including the conditions under which its outputs are most likely to be incorrect. Second, a clear mapping of which decisions the system makes autonomously versus which it supports. Third, an explicit accountability chain — not a governance chart, but a named individual responsible for model performance and a defined escalation path when performance degrades. Fourth, a bias and fairness assessment that the board itself has reviewed, not merely acknowledged. And fifth, a sunset or review clause — a defined point at which the system's continued deployment is re-evaluated rather than assumed.
None of this requires a board to become technically proficient. It requires a board to become governance-proficient in technology — precisely the capability gap that most organisations have yet to close.
Three Takeaways For Leaders Who Will Not Wait
The urgency of this issue is not diminished by its complexity. For senior leaders and board members navigating this moment, three actions stand out.
Insist on AI literacy as a board competency, not a management briefing. The information asymmetry between technology leaders and board members is not inevitable — it is a design choice that boards can change. Demand that AI governance frameworks be written for non-technical oversight, not for technical teams.
Reframe the AI approval process as a risk governance process. Every significant AI deployment should clear the same standard of scrutiny as a major credit decision or an acquisition. The question is not "does management recommend this?" but “does the board understand what it is approving?”
Build the AI decision record now, before the regulator asks for it. In financial services, the expectation of documented AI oversight is no longer prospective — it is current. In other sectors, it will arrive faster than most boards expect. The institutions that build these capabilities proactively will have a structural advantage over those that build them reactively.
The boardroom has always been the place where organisational power meets accountability. Artificial intelligence does not change that principle — it intensifies it. The opacity that was once a governance inconvenience is now a governance liability. Boards that govern AI with the same rigour they bring to capital allocation and risk management will not merely satisfy regulators. They will build the institutional trust that, in the end, is the most durable competitive asset any organisation possesses.
The black-box boardroom had its day. In the age of AI, it has no future.
Disclaimer: The views expressed in this article are those of the author and do not necessarily reflect the views of the publication. |
