The Board's AI Oversight Reality Check: What You Need to Know Before Your Next Meeting
A practical guide for community bank and credit union boards on governing AI initiatives, focusing on the right questions to ask and the governance frameworks that actually work.
Your board just approved the bank's first AI initiative. The presentation looked great. The vendor promised transformational results. The budget seemed reasonable. Everyone nodded approvingly.
But here's the uncomfortable truth: most boards can approve a $500K AI project. Almost none of them can explain what they just approved.
I've watched this movie before. During my time as CTO at Bank of New Glarus, we lived through the early days of cloud adoption when boards were making seven-figure decisions about technologies they barely understood. The stakes today with AI are higher, the regulatory scrutiny is more intense, and the consequences of getting it wrong are more severe.
The good news? AI governance isn't rocket science. But it requires boards to ask different questions than they're used to asking.
The Questions Your Board Isn't Asking (But Should Be)
Most board presentations about AI focus on the shiny outcomes. Revenue uplift. Cost savings. Customer satisfaction scores. These matter, but they're not where the real risk lives.
The risk lives in the infrastructure decisions your executive team is making right now while you're focused on the business case.
Start with data lineage. When your AI makes a decision, can you trace it back to the specific data that influenced that outcome? If a loan applicant gets denied and files a discrimination complaint, can your team show exactly which data points drove that decision?
Most AI vendors will tell you their systems are "explainable." Press them on this. Ask to see a real explanation of a real decision. If they start talking about "black boxes" or "proprietary algorithms," your alarm bells should be ringing.
Next, ask about model drift. AI models degrade over time. The data that trained your model six months ago might not reflect today's reality. How often are you retraining? Who's monitoring for performance degradation? What happens when a model starts making systematically bad decisions?
I learned this lesson the hard way at AWS when I worked with a retail client whose fraud detection model started flagging legitimate transactions as suspicious. The model was still working—it was just working on outdated assumptions about customer behavior. The financial impact was immediate and severe.
Finally, dig into your vendor's operational security. Where is your data being processed? Who has access to it? What happens if the vendor gets breached? If you're using a cloud-based AI service, you're essentially handing your most sensitive customer data to a third party. Your regulators care deeply about this, even if your vendor seems casual about it.
The Regulatory Reality Nobody Talks About
Here's what keeps me up at night: the regulatory landscape for AI is evolving faster than most financial institutions can adapt.
The FFIEC issued guidance on AI risk management in 2021, but it was vague enough to be almost useless. State regulators are filling the void with their own interpretations. California just passed legislation requiring banks to maintain detailed logs of AI decision-making processes. New York is considering similar rules. Texas is going in a different direction entirely.
Your compliance team is probably scrambling to keep up. But compliance isn't the board's job. Governance is.
The difference? Compliance is about checking boxes. Governance is about understanding risk. A compliant AI program that destroys customer trust is still a failure. A technically non-compliant program that delivers real value while managing risk appropriately might be exactly what your institution needs.
But you can't make that judgment call if you don't understand what you're governing.
What Good AI Governance Actually Looks Like
The best AI governance I've seen doesn't start with technology. It starts with use cases.
Community First Credit Union in Florida took this approach when they piloted AI-powered member service chatbots. Instead of asking "How do we implement AI?" they asked "What member problems are we trying to solve?" The technology decisions flowed from there.
They started small. One specific use case. One department. Clear success metrics. Defined rollback procedures. When the pilot succeeded, they expanded methodically. When something didn't work, they killed it quickly and learned from the failure.
Their board's role wasn't to understand the technical details. It was to ensure the bank had the right processes, the right people, and the right risk appetite for the initiative.
That's what good governance looks like. You're not managing the technology. You're managing the organization that's managing the technology.
The Human Element Nobody Wants to Discuss
Here's the part of AI governance that makes everyone uncomfortable: the people whose jobs are changing or disappearing.
Your loan officers aren't going to tell you they're worried about being replaced by an algorithm. Your call center staff isn't going to volunteer that AI chatbots handle routine inquiries better than they do. Your branch managers aren't going to admit that predictive analytics might be better at cross-selling than their personal relationships.
But they're all thinking it. And their anxiety is going to show up in your implementation results.
During the AWS years, I saw organizations spend millions on AI initiatives that failed not because of technical problems, but because of human resistance. Employees who felt threatened found creative ways to undermine new systems. Customers sensed the tension and lost confidence in the institution.
Your board needs to address this directly. Not just the retraining programs and the communication strategies, but the fundamental question of what your institution stands for in an AI-enabled world.
Are you replacing human judgment with algorithms, or are you augmenting human capabilities with better tools? The answer shapes everything from your technology architecture to your hiring strategy to your brand positioning.
Three Questions for Your Next Board Meeting
Before you approve another AI initiative, ask these three questions:
1. If this AI system makes a mistake that costs us $1 million and generates negative headlines, can we explain to regulators and the media exactly how the mistake happened and what we're doing to prevent it from happening again?
2. If our AI vendor goes out of business tomorrow, can we continue operating the systems they built for us, and do we own all the data and models they created?
3. Six months after we deploy this AI system, how will we know if it's actually working better than the process it replaced?
If your executive team can't answer these questions clearly and specifically, you're not ready to approve the project. Full stop.
The AI revolution is real. The opportunities for community financial institutions are significant. But the institutions that succeed will be the ones that approach AI with clear-eyed governance, not wishful thinking.
Your board's job isn't to become AI experts. It's to ensure your institution has the structure, processes, and culture to succeed with AI. That's a very different challenge, and it's one that requires your full attention.