Boardrooms Under AI Scrutiny
The conference room at Atlantic Trust Bank was cavernous, a relic of a more opulent era. Thick walnut paneling, brass sconces, and a table that could seat twenty-five—though today, only twelve sat around it, shifting in tailored silence.
On the screen: a single line.
“78% of companies now use AI in at least one business function.”
The chief executive, sleeves rolled and jaw tight, tapped his Montblanc against the lacquered edge of the table.
“So,” he asked, not looking up. “Where do we stand?”
Six Stats Every Director in That Room Should Know
The CIO advanced the slide. The numbers came quickly—some expected, others not. All unsettling.
- CEO ownership matters. Only 28% of companies assign direct AI oversight to the chief executive, but those that do? They reap the largest EBIT gains.
- Adoption has surged. Just a year ago, 55% of firms were dabbling in AI. Now it’s 78%—most of them racing without maps.
- Discipline is missing. Less than one-third follow McKinsey’s 12 “scaling practices”—KPI tracking, controlled rollouts, structured retraining.
- Workflow is the blind spot. Only 21% have re-engineered even one workflow for AI. The rest are layering code over outdated pipes.
- Explainability and accuracy are weak points. Even the largest firms, McKinsey warns, have no edge here. AI might be secure and compliant—but is it correct?
- Few have gone all-in. Barely 1% of companies say their enterprise-wide AI rollouts are “mature.” Most are still building the runway.
The COO at Atlantic Trust frowned, arms folded. “So we’re running a Ferrari engine through a plumbing system built for bicycles.”
Outsourcing the Tech Doesn’t Outsource the Risk
The general counsel leaned forward. “We didn’t build the fraud-detection algorithm ourselves. But we’re liable if it messes up. Correct?”
Correct.
McKinsey’s data underscores the dilemma: most banks buy their AI. Yet regulators—from the Fed to the ECB—hold the user responsible under model-risk standards like SR 11-7 and TRIM.
- Explainability isn’t optional. Banks must demand model cards, audit trails, and feature-importance transparency from every vendor.
- Accuracy drifts. Left alone, models will degrade—just like any asset. Periodic back-testing, precision SLAs, and rejection thresholds are essential.
- Cyber defenses need upgrades. Firewalls don’t catch prompt injections or model poisoning. That means red-teaming vendor APIs, sanitizing input streams, and adding forensic monitoring to track anomalous output.
“Let’s be clear,” the CISO said. “If an AI tool denies a mortgage for the wrong reason, regulators won’t care who sold us the code. They’ll care what controls we had in place.”
The Rise of the AI-Risk Officer
The head of HR had bad news. The bank couldn’t fill its open AI compliance role. No qualified applicants.
Nationwide, McKinsey reported that while demand for data scientists remains high, it’s AI-risk officers—people who bridge compliance, ethics, and machine learning—that banks are scrambling hardest to hire.
“Then we build our own,” said the CRO. “Rotations. Compliance staff shadow the data team. Engineers learn what a regulator thinks like.”
Smart move. Atlantic Trust wouldn’t be alone. More banks are starting cross-functional upskilling to break silos between cyber, risk, and AI. The age of the siloed specialist is fading.
Five Moves Before the Next Strategy Offsite
By the time coffee arrived, the board had jotted five clear priorities. They looked mundane. They were anything but.
| Move | First Action | What to Track |
|---|---|---|
| Name an AI czar | Assign CRO or CISO formal responsibility | Residual AI risk vs. stated appetite |
| Build a Governance Hub | Centralize model inventories and policy exceptions | % of models with current documentation |
| Redesign a single process | Start with something high-volume (fraud, onboarding) | Time-to-decision, pre/post accuracy |
| Enforce explainability | Make transparency a purchase condition | % of vendors providing XAI-ready output |
| Track value + risk | Create twin dashboards for ROI and KRI | Cost savings vs. drift alerts, side by side |
Ambition + Discipline Wins the Race
The meeting at Atlantic Trust didn’t end with applause. It ended with a quiet resolve.
They would pilot a workflow overhaul before year-end. Every Gen-AI vendor would be reevaluated for transparency. An AI governance charter would be written—and owned by someone with teeth.
As chairs scraped and briefcases clicked shut, the CEO paused, one hand still on the table.
“We don’t need to be early adopters,” he said. “We need to be surgical. Disciplined. We govern money like oxygen. Let’s govern machines the same way.”
He nodded to the CISO.
“Start drafting.”
Reference
McKinsey & Company. (2025, March). The state of AI: How organizations are rewiring to capture value. Global survey of 1,491 executives. Link.