Topics:   Compliance,Legislative & Regulatory,Regulations & Legislation,Risk Management,Strategy,Technology

Topics:   Compliance,Legislative & Regulatory,Regulations & Legislation,Risk Management,Strategy,Technology

December 4, 2019

Directors Consider AI’s Implications for Board Work and Regulatory Oversight

December 4, 2019

Beyond using artificial intelligence (AI) for products and services, companies can effectively leverage AI to drive greater efficiency. But with new capabilities come ethical and regulatory considerations that demand the board’s attention.

These prescient themes were the basis of a recent roundtable event hosted by NACD, in partnership with Grant Thornton, on October 29 in Naples, Florida. Nichole Jordan, Grant Thornton’s national managing partner of markets, clients, and industry, led the conversation, which explored how boards can leverage AI to inform their oversight capabilities and the regulatory concerns that arise from this increasingly omnipresent technology.

For example, Jordan observed that platforms currently exist that scan millions of data points on key topics, which are then distilled and presented on a dashboard—effectively transforming the role of traditional analysts. These systems can, for instance, continuously monitor and pull information from competitors’ press releases to keep tabs on what those firms are doing around innovation, product releases, and mergers and acquisitions. All directors then have to do is scan the data for outliers or the information with the greatest ramifications for their business. AI can also be used to monitor employee engagement and culture.

But there is a potential pitfall: being faced by more information than is appropriate for the board. “If you look at a hierarchy, we shouldn’t be doing management’s job,” one participant said. “We need to get that sweet spot between being inundated with information and staying involved at the strategic level.”

Jordan agreed, emphasizing the importance of focusing on a narrow set of metrics closely tied to your company, its strategy, and the key benchmarks it uses to compare itself to competitors. For example, Jordan suggested looking at data on the employee base, the customer base, and the marketplace.

But data points are only a launchpad, as one attendee advised: “Dashboards are not designed to answer questions, but to provoke questions—to prod areas that might be opportunities or risks. It’s a means of gaining greater understanding, not a means of making passive judgments.” That enhanced understanding of the business and the environment in which it operates puts a board in a stronger position to provide effective oversight.

On the business side, AI stands to provide an as-yet-unseen level of transparency into how an organization functions and where breakdowns occur. Using the sales sector as an example, AI can be used to monitor interactions between an employee and a customer—from the tone of the salesperson’s voice to the tone of written exchanges. Information gleaned from these exchanges can identify behaviors that have both positive and negative effects on the business. However, several participants said the unfettered use of AI could signal the end of privacy as we have traditionally known it—and this is where ethical and regulatory concerns arise.

In terms of variations in state- and federal-level privacy laws, Jordan said organizations will be held accountable to the most restrictive level. Laws are also rapidly evolving, and Jordan said what makes this more hazardous to navigate is the lack of consistency—and current inertia around creating regulatory uniformity. Here, Jordan mentioned the work of the Information Technology Industry Council (ITI), a trade organization that works to influence policy.

“The members of the ITI board are members of major technology companies—Amazon, Microsoft, Google—and they work to try to get ahead of this by self-regulating, because the last thing they want is for AI to get out of control such that it would have a negative impact on the business environment,” she said. “This is a global organization and the UK is currently leading the way—they have a high level of regulation in their expectations—and I think that impacts what we will implement here in the US.”

Of course, this dynamic will introduce additional regulatory hurdles to navigate. Speaking from personal experience, one member remarked that publishing leaderboards that compare different teams’ performance is allowed in the United States but is forbidden in the United Kingdom. Additionally, as one attendee observed, “The issue is that Europe is not prescriptive—the US is. Europe has GDPR [the General Data Protection Regulation], what the goal is, what the policies are, but nothing about how to do it.”

“If you don’t have someone joining you at your meetings to apprise you of all of the changes around privacy, AI, and cybersecurity,” Jordan said, “I encourage you to do so to get an understanding of management’s plans to proactively stay ahead of where the regulations are going.”

For additional insights from this conversation, including dialogue on the implications of AI on the workforce, click here.

Pictured above: Jeri Isbell and Michael Desmond.

Comments

Glenn GowDecember 10, 2019

Jesse,

Thank you for sharing these insights on AI.

I agree the board needs to stay at the strategic level. As boards begin to understand the importance of AI to the company's business, they need to decide how AI fits into the overall corporate strategy and drive initiatives around AI.

Some of the key questions boards need to address:
– Where can we gain the most competitive advantage?
– How important is AI relative to other investments for the company?
– What shape are we in and how long will it take to ramp up?
– Given a severe talent shortage, how do we implement AI?

Data privacy regulations, primarily GDPR and CCPA need to integrate with AI. Questions arise around how AI makes decisions as it’s often a black box system. To deal with data privacy, existing AI systems may need to change.

Finally, the thing that boards should care about the most is whether or not their company is using AI to help with cybersecurity. We know the hackers are using AI to attack.

Glenn Gow

Read Related Content