TheCorporateCounsel.net

Here’s an anecdote from the Wall Street Journal that you might find very exciting or very scary, depending on your perspective:

At a recent bank board meeting, directors were treated to a surprise. They listened to the chief executive talk strategy—except it wasn’t actually the CEO talking. It turned out to be a voice-cloning model that was trained, using the CEO’s prior earnings calls, to generate new content.

This was a staged exercise to “grasp the impact — and potential risks — of generative artificial intelligence,” but it still seems like one of those exercises in preparation that might make you (or any board member) feel worse and not better! Unsurprisingly, the article says the meteoric rise of AI in corporate America is keeping directors up at night. The article suggests that board members regularly ask the following questions, among others, to the management teams:

Who in senior leadership focuses on AI?

Where is AI being used within the company?

How are tools being identified and ranked for risk?

How are third-party providers using it, and how are boards monitoring evolving regulatory regimes and litigation?

Over at the D&O Diary, Kevin LaCroix gave his perspective on the article, saying, “while many directors recognize the importance of getting a handle on AI and how it might affect their companies, they are struggling to find the right approach even as AI-related questions become more pervasive.” And that could be a problem. Kevin points out that “questions concerning possible AI-related board liability exposures pervade all of these issues [and] companies that experience AI-related problems or disruption could well face the unwanted attention of plaintiffs’ lawyers, who, armed, with the benefit of hindsight, might well scrutinize prior company actions, particularly board activity.”

There’s no magic fix, but for a resource that can help boards and audit committees struggle through, take a look at the Center for Audit Quality’s recently released guide “Audit Committee Oversight in the Age of Generative AI” intended to “aid audit committee members looking to dedicate more time discussing AI governance by providing an overview of genAI and questions audit committees can ask to better understand company management’s approach to the use of genAI and oversee the related risks” — especially focused on use in financial reporting and ICFR.

The questions address risk considerations related to governance, data privacy and security, technology selection and design, technology deployment and monitoring, fraud and the regulatory environment. Some are intended to be addressed to management and others to the outside auditor. All of the questions are pulled out of the full resource and listed separately in Appendix A for easy reference.

– Meredith Ervine