Week 01 · AI and Generative AI
AI Use Inside the Institution
The Issue
Many institutions are using AI tools without a board-level inventory of where AI is deployed, who approved it, and what risks it introduces.
Plain-English Explanation
AI is showing up across functions — marketing, customer service, lending support, fraud detection, vendor platforms — often through tools the board has never reviewed. Without a clear picture of internal AI use, directors cannot oversee what they cannot see.
Why it matters to the board
Boards are expected to understand the institution's risk profile. AI exposure now sits inside that profile, even when no policy formally names it.
The Boardroom Question
"What internal AI tools are currently in use across our institution, who approved them, and how is that inventory maintained?"
Documentation Note
Note that the board received an educational overview of internal AI use and requested management to maintain a current inventory of AI tools in use across the institution.
Source / Reference
Interagency Guidance on Third-Party Relationships: Risk Management (June 2023); FFIEC Information Security booklet.
PDF: /resources/boardroom-reps/week-01.pdf