As AI pushes the traditional analytics lifecycle to evolve, traditional risk management is not usually equipped to address all of its implications. Companies are now embarking on a journey to upgrade existing governance frameworks to account for these new methodologies and technologies. Let’s dive into the challenges, realities, and road ahead with key takeaways from our recent Dataiku Product Days session, Aligning AI With Enterprise Governance, which clarifies the in’s and the out’s of AI Governance, including what it means for traditional enterprise governance and risk management. But first, before we jump in, let’s do a quick roll call to meet our host and panelists that have supplied these special insights.
Host:
Paul-Marie Carfantan, AI Governance Consultant at Dataiku.
- At Dataiku, Paul-Marie is responsible for designing and implementing methods and solutions to govern AI at scale. His role includes co-developing Dataiku’s global offering for robust and efficient AI Governance and acting as a go-to person on AI Governance-related topics for the Americas. Paul-Marie builds on years of experience researching, contributing to think tanks, and consulting in the field, notably at Deloitte and the London School of Economics.
Panelists:
Julien Molez, Group Innovation and AI Leader at Société Générale.
- At Société Générale, Julien is focused on fostering global innovation by making sure that different businesses know how to transform in the digital age to remain competitive. His team helps internal consumers know how to deliberate their data and craft sound business value monitoring tactics.
Minetou Ndiaye, Insurance and Trustworthy AI Director at Axionable.
- With Axionable, Minetou curates trusted AI offerings with a focus on sustainability and responsibility. She places emphasis on solving real business problems to create scalable value, from audit to the operationalization of business solutions. In the insurance sector, in particular, Minetou witnesses the impact of heavy regulations and the many compliance challenges to navigate. In insurance, AI has applications throughout the value chain and Minetou works to show how governance can be used to better define and differentiate these various risk areas.
Jacob Beswick, Director, AI Governance Solutions at Dataiku.
- Prior to working at Dataiku, Jacob led programs on AI regulation and AI governance in the UK government. Now at Dataiku, Jacob leads the AI Governance Solutions team and is responsible for thought leadership on AI governance, which includes identifying priority requirements and working to put them into practice. Recently, his team has been building out a cohesive offering on AI Governance within Dataiku.
The unique perspectives on AI Governance that each of our panelists provided help us form a well-rounded, cross-industry outlook on AI Governance, from concept to practice.
From Universal Governance to Specific Management
In order to fully explore and understand various approaches to AI Governance, it helps to start from a foundational concept. Jacob defines AI Governance for us as centralization, prioritization, and standardization of rules, processes, and requirements that shape how AI is designed, developed, and deployed. AI Governance is something that isn’t only conceptual but also speaks to very operational topics (e.g. ensuring all projects and models follow the same workflow, qualifying all projects’ values and risks before development, and ensuring there are means of executing controls and enforcement alongside speed of development).
Julien's Perspective From the Financial Realm
It is always a question of proper balance. Governance is a question of balancing compliance (i.e. knowing how to identify, mitigate and report on risks related to AI) with business objectives (e.g. maintaining production speed and time-to-market while gaining oversight over the project lifecycle). You have to strike a balance between the two. Understanding compliance requirements and setting up compliance assessment and reporting can slow things down. When things are too slow, it impedes competitiveness and, as we all know, the digital age demands speed.
At Société Générale, governance is approached from three directions — data, value, and model risk.
- Data means that the organization is making sure that data governance is already in place and that they track all data-related requests through the whole company with descriptive details. The lifecycle needs to be transparent and replicable, keeping in mind that each step should align with regulations and frameworks of the organization.
- Aspect two, value, means that business value is the paramount determining factor of use case selection. Use cases need to have explicit value potential that can be seen all the way to the final production and adoption stages.
- Finally, model risk involves implementing bias detection and drift control measures. Banks focus on gaining control over multitudes of models and defining the difference between material models with large risk impacts and a one-size-fits-all process.
When traditional governance meets the integration of AI, things are bound to overlap and change, and that can make things difficult to clarify. The thoughtful design of AI Governance is key. It has to be cost-effective and fit amongst the pre-existing processes of the organization. In banking, the focus is upon strengthening existing roles and programs rather than creating new ones.
It is as much, if not more, about the people and strategy rather than the technology itself.”
Minetou's Perspective From Insurance Consulting
Having a strong governance approach is an opportunity to have confidence in AI for shareholders and employees. AI Governance ultimately creates safe and innovative environments, fosters trustworthy efficiency, optimizes operational action, and generates value. For these reasons, the insurance industry is increasing attention to governance strategies. New roles like AI ethics managers emerge in organizations by the day. These kinds of roles require people who understand both legal and business challenges of governance topics and goal stabilization. A lot of growth and evolution is occurring in this space.
Jacob's Perspective Shaped by the Public Sector and Dataiku
A person responsible for ethical AI versus the business risks that have been articulated for a while demonstrates the purview and scale of the diversity of risk considerations across businesses. This is a broad concept that is being dressed up to address diverse topics, and managing those diverse topics with the overarching concept of governance is an interesting challenge.
In terms of leveraging AI regulations to shape AI governance, we are currently in an anticipatory space. Nothing is “real” yet. We have a notion as to what kind of rules we might be seeing, but they are still being molded. A place where we find agreement and consistency right now, even at the intergovernmental level, is within value-based and principle-based frameworks. Here, there is coherence. At the root, regulations are about keeping humans safe, and the way that they benchmark this is through these principles frameworks. Look at how these frameworks fit with your AI lifecycle. Identify where in your AI lifecycle the risks exist and if those risks matter to your organizational objectives. Determine what resources you need to align processes with these frameworks as well as what internal capabilities already exist in your organization.
There is not one singular best approach here, as this is still being built out, but this is a good place to begin navigating this complex web of governance. The operationalization challenge will be interesting to work on moving forward, and smart companies will be introspective and wise when choosing partners for the journey.
So, at this time, instead of looking at how to adapt risk frameworks to the regulations, look at the principles and values frameworks within the context of your AI lifecycle.”
Demystifying and Making Informed Decisions
If you are overwhelmed by all of the nuances happening, here are three key points that will help lead your organization to informed AI Governance decisions:
- Do you have a registry of all of your AI models being managed by someone(s) in the organization? If the answer is no, that is a place to start. Hit the basics first.
- You need to assess the impact of the AI application. Consider trustworthy AI topics not as a nice-to-have option but instead as a strategic approach that can unite shareholders and finally users. Don’t be late for the party.
- There are many variables at play — ethics, values, processes, people, technology. What people are doing is dictated by business needs and innovative technology. How do you find the balance in the social and technical aspects? Let’s figure it out. This is a question we are working on at Dataiku.
To summarize, the difficulty emerges in achieving a balance specific to an organization’s unique stakes and aligning the speed of development with control to make sure that both the business risks and value risks can be addressed. The goal at the end of the day is to help organizations add value and ask the right questions to govern and scale AI effectively.