Ethicsverse Day Session #2: Smart Moves, Safe Bets – Practical Gen-AI for E&C

The gap between AI adoption and AI governance is widening at an alarming rate, with organizations deploying sophisticated artificial intelligence systems while operating under compliance frameworks designed for a pre-AI world. Traditional risk management approaches—periodic audits, annual training, and regulatory-first thinking—prove inadequate when applied to technologies that learn, adapt, and make autonomous decisions in real-time.

This special episode of The Ethicsverse explored the critical intersection of artificial intelligence governance and ethics within corporate compliance frameworks. The discussion addressed fundamental challenges facing compliance officers as they navigate the rapidly evolving AI landscape, emphasizing the need for internal political alignment, appropriate governance structures, and practical risk management approaches. Key themes included the limitations of regulatory-first approaches given the nascent state of AI regulation, the importance of building cross-functional consensus around AI risks, and the necessity for compliance professionals to develop technical literacy without becoming subject matter experts. The session highlighted practical strategies for AI governance committee formation, risk triage methodologies, and monitoring frameworks while addressing the reality of shadow AI usage within organizations. Speakers emphasized that successful AI governance requires flexible frameworks that can adapt to technological evolution, robust training programs that move beyond traditional compliance education models, and recognition that AI risk management follows established risk management principles applied to new technological contexts.

Featuring:

• Andrew McBride, Founder & CEO, Integrity Bridge LLC
• Reid Blackman, Founder & CEO, Virtue Consultants
• Matt Kelly, CEO & Editor, Radical Compliance
• Nick Gallo, Chief Servant & Co-CEO, Ethico

Prioritize Internal Political Alignment Over Regulatory Compliance

• The most significant obstacle to effective AI risk management is achieving internal political alignment across departments and organizational levels, as technical teams, business units, and compliance functions often operate with vastly different risk perspectives and priorities.
• Unlike traditional compliance areas where regulations provide clear guidance, AI governance requires building consensus around risk identification, severity assessment, and mitigation strategies before any meaningful policy implementation can occur.
• Organizations must invest substantial effort in education and cross-functional dialogue to establish shared understanding of AI risks, recognizing that political alignment represents the foundational requirement for successful AI governance programs.

Develop AI-Specific Risk Triage Frameworks

• Successful AI governance depends on establishing clear triage mechanisms that differentiate between low-risk AI applications requiring minimal oversight and high-risk deployments demanding comprehensive governance review.
• Organizations should create frameworks that assess both business value and risk factors, including cybersecurity implications, regulatory exposure, and potential for reputational damage to ensure appropriate resource allocation.
• This approach prevents governance bottlenecks while ensuring appropriate resources are allocated to the most critical AI implementations that could generate significant organizational impact.

Build Technical Literacy Without Becoming Technical Experts

• Compliance professionals must develop sufficient AI literacy to engage meaningfully with technical teams and understand fundamental concepts like training data, model outputs, and basic algorithmic processes without becoming data scientists.
• The goal is to ask informed questions, challenge technical assumptions, and translate AI risks into business language that organizational leaders can understand and act upon.
• This competency enables compliance officers to maintain their oversight role while avoiding intimidation by technical jargon or complexity, ensuring they remain effective participants in AI governance discussions.

Establish Context-Appropriate AI Governance Committees

• The structure and composition of AI governance committees should reflect existing organizational power dynamics and decision-making processes rather than following a one-size-fits-all approach.
• Some organizations may benefit from dedicated AI governance boards, while others should integrate AI oversight into existing risk committees or create subcommittees with specialized focus areas based on their unique organizational context.
• The key is ensuring that committees include relevant subject matter experts for specific AI use cases while maintaining appropriate independence and authority to enforce governance decisions.

Focus on Process Auditing Rather Than Algorithmic Analysis

• Effective AI oversight involves auditing the processes surrounding AI development and deployment rather than attempting to peer inside algorithmic “black boxes” that are inherently complex and opaque.
• Compliance teams should evaluate whether organizations have identified appropriate ethical nightmare scenarios, conducted sufficient testing with adequate sample sizes, established ongoing monitoring protocols, and maintained documentation of risk mitigation efforts.
• This process-focused approach provides actionable audit trails while acknowledging the inherent complexity of modern AI systems and focusing on measurable governance activities.

Implement Continuous Monitoring Over Periodic Assessment

• AI systems require continuous monitoring rather than traditional periodic audit approaches due to their dynamic nature and potential for model drift over time.
• Organizations must establish real-time or near-real-time monitoring of AI outputs, employee usage patterns, and system performance against established risk thresholds to maintain effective oversight.
• This monitoring should encompass business performance metrics, compliance with governance frameworks, identification of emerging risks, and assessment of employee behavior in AI-enabled processes.

Address Shadow AI Usage Through Pragmatic Policies

• Organizations must acknowledge that employees will use AI tools regardless of prohibitive policies, with studies showing approximately 50% of employees admit to using AI in ways that violate company policies.
• Rather than attempting to prevent all unauthorized AI usage, companies should provide sanctioned enterprise AI tools with appropriate controls, implement technical safeguards that prevent sensitive data exposure, and focus training on responsible usage rather than prohibition.
• This approach channels inevitable AI adoption toward organizationally controlled platforms while maintaining necessary oversight and reducing the risks associated with unmanaged AI tool usage.

Revolutionize Compliance Training for AI Contexts

• Traditional compliance training methodologies are fundamentally inadequate for AI risk management due to the rapid pace of technological change and the need for employees to make real-time risk decisions when using AI tools.
• Organizations must develop continuous, skills-based training programs that integrate AI ethics and risk management into job-specific functions rather than treating AI as a separate compliance topic delivered through traditional training methods.
• This training should focus on practical decision-making frameworks that help employees identify and mitigate risks in their daily AI interactions, moving beyond check-the-box compliance education models.

Leverage AI to Enhance Compliance Function Capabilities

• Compliance teams should strategically adopt AI tools to improve their own operational effectiveness, particularly in areas like policy development, due diligence processes, and investigation management where AI can provide significant efficiency gains.
• AI can serve as a compliance coach for individual officers, create common knowledge bases for team consistency, and automate document review processes that would be prohibitively time-intensive for human reviewers.
• However, these implementations require careful testing, appropriate controls, and recognition that AI tools should augment rather than replace human judgment in compliance decisions.

Apply Established Risk Management Principles to New Contexts

• Despite the novelty and complexity of AI technologies, fundamental risk management principles remain applicable and should form the foundation of AI governance programs rather than requiring entirely new frameworks.
• Organizations should leverage existing enterprise risk management frameworks, adapt familiar risk assessment methodologies, and build upon established governance structures rather than creating entirely new compliance architectures.
• The key insight is recognizing that while AI introduces new pathways to familiar risks, the core disciplines of risk identification, assessment, mitigation, and monitoring remain constant across technological contexts.

Closing Summary