By Nibras Adambawa – Founder and Principal Advisor, Limiere
The Advisor in the Room
There is a scene that has played out in banking boardrooms with striking regularity over the past three years. A senior technology executive, or occasionally a partner from one of the large consultancies, stands before a bank’s board of directors and presents the institution’s AI strategy. The slides are polished. The language is fluent in board-speak, with references to customer experience, operational efficiency, and competitive differentiation. There is usually a global peer comparison showing where the bank sits relative to rivals. There are deployment timelines, vendor logos, and a roadmap.
What is almost never present is a fiduciary framework. There is no clear articulation of how AI investments will be governed against the board’s accountability to shareholders and depositors. There is no discussion of where ethical boundaries sit and who sets them. There is no honest reckoning with what the bank does not yet know how to govern. And almost without exception, the person presenting either has a financial interest in one or more of the platforms being recommended, or they are embedded so deeply in the operational machinery of the institution that their perspective, however expert, is not independent.
This is not a criticism of those individuals. They are typically highly capable, and often they are doing the best they can within the structures they inhabit. The problem is structural. The advice reaching bank boards on AI is arriving through channels that are, almost by design, unable to serve the board’s fiduciary function cleanly. The result is not malicious. It is something more insidious: it is advice that looks complete, but is not.
The Precedent Is Not New
Banking has encountered this structural problem before. It is worth dwelling on that history, because boards that do not learn from it will repeat it in a different register.
The risk management failures that preceded the 2008 financial crisis were not primarily failures of information. Boards received reports. Models were run. Risk committees met regularly. The failure was that the boards were receiving risk intelligence filtered through the very businesses generating the risk. The incentive structures of those presenting to audit and risk committees were not aligned with the board’s obligation to the institution. When the credit risk function’s assumptions were challenged, the challenge came from within the same institution that had a balance sheet interest in the answer being benign.
The consequences are well documented. What is less frequently discussed is the governance lesson embedded within them: the quality of oversight is inseparable from the independence of the input that informs it.
A similar structural tension emerged in the late 1990s and early 2000s around technology risk. Boards of large banks approved infrastructure investment programmes and core system replacements based on advice that came primarily from the vendors selling the infrastructure and the consultancies earning implementation fees. Independent, institution-serving counsel, counsel with no stake in any particular outcome, was the exception rather than the rule. Many of those transformation programmes overran, underdelivered, or created the technical debt that still constrains institutions today. The advice was not always wrong. But it was rarely fully honest, because full honesty was not in the commercial interests of those providing it.
AI is the third iteration of this structural problem, and it is the most consequential. The volume and velocity of AI-related advice reaching bank boards today is extraordinary. The proportion of that advice that is genuinely free of commercial entanglement, operationally disinterested, and oriented entirely toward the board’s fiduciary accountability is vanishingly small.
Why the Conflict Is Structural, Not Incidental
It is important to be precise about the nature of the problem, because the temptation is to treat it as a matter of individual integrity. It is not. The conflicts embedded in most AI advisory relationships reaching bank boards are structural, and they persist even when every individual involved is acting in good faith.
Consider the large management consultancy. Engagement economics for major consultancies depend on scope expansion. An initial AI strategy engagement generates a pipeline of implementation work, technology selection assignments, change management programmes, training, and long-running transformation streams. This is not corruption. It is a legitimate business model. But it means that the strategic counsel delivered at the front end of the engagement is shaped, consciously or not, by what the back end of the engagement can deliver. An honest assessment that a bank is not yet ready for enterprise AI deployment, that its data infrastructure is inadequate, that its board governance is immature, or that a particular use case offers negligible economic return – such an assessment is structurally unwelcome in a model that depends on scope creation.
Consider the technology vendor. Cloud providers, AI platform companies, and data infrastructure businesses have invested heavily in building board-level relationships precisely because board endorsement accelerates procurement decisions. The AI frameworks, toolkits, and governance templates they offer are genuinely useful. But they are also designed to create dependency on the vendor’s ecosystem. This is not a flaw; it is the point. No vendor has a financial interest in advising a board that a competitor’s platform is better suited to the institution’s needs, or that the institution should delay deployment until its governance architecture is adequate. The advice is always shaped by what the vendor can sell.
Consider the internal function. Chief Data Officers, Chief Technology Officers, and Chief AI Officers within banks are skilled, committed professionals. They are also employees with career interests, budgetary ambitions, and institutional loyalties. The advice they provide to boards on AI strategy and governance is necessarily filtered through the lens of what is achievable within their own function’s mandate, what reflects well on their leadership, and what secures their budget for the next cycle. This is human nature, not misconduct. But it is not independence.
The board, in each of these relationships, is receiving AI counsel through a lens that has a commercial, operational, or institutional interest in a particular outcome. The board’s fiduciary obligation requires that it govern AI in the long-term interests of the institution, its shareholders, its depositors, and the financial system. That obligation requires a different kind of input. It requires counsel that is oriented solely toward the board’s accountability, with no stake in any technology outcome, no pipeline of implementation work to protect, and no organisational interest in any particular answer.
The Economics of Getting This Wrong
The case for independent advisory is not merely principled. It is, on any realistic analysis, economically compelling. Bank boards that fail to govern AI with appropriate independence are exposed to a set of risks that are quantifiable in terms that directors understand: capital, returns, regulatory standing, and franchise value.
Begin with model risk. Banks are deploying AI-driven models across credit underwriting, fraud detection, liquidity management, and customer segmentation with a speed that has in many cases outpaced the governance architecture intended to validate and monitor those models. When a credit model contains an undetected bias, the consequences are not confined to individual customer harm, though that harm is real and serious. They extend to provisioning inaccuracy, which affects the income statement and capital ratios, to regulatory sanction, which can carry material financial penalties, and to reputational damage, which affects the cost of deposits, the ability to attract talent, and the confidence of institutional investors. A conservative estimate for a mid-tier retail bank that faces a significant AI model failure in its credit underwriting function, one that reaches regulatory attention, would suggest a direct financial impact of between USD 50 million and USD 300 million when capital charges, remediation costs, conduct redress, and reputational effects are aggregated.
The cost of inaction is similarly quantifiable, though in a different direction. Banks that do not govern AI well do not simply avoid risk. They tend to move slowly, to accumulate pilot programmes without enterprise integration, and to allow the cost-to-income ratio to stagnate while competitors with better-governed AI deployments take structural efficiency advantages. The operational leverage available through well-governed AI in areas such as back-office automation, intelligent document processing, and fraud detection is real and material. For a bank with a cost-to-income ratio of 58 percent, a disciplined and well-governed AI deployment programme, one that has board mandate, clear accountability, and integrated risk oversight, could reasonably be expected to contribute three to five percentage points of improvement over a five-year horizon. For an institution with total operating costs of USD 2 billion, that represents USD 60 million to USD 100 million in annual operating cost reduction at steady state. That opportunity is not captured by institutions whose AI governance is fragmented, vendor-driven, or insufficiently owned at the board level.
There is also the regulatory dimension. Supervisory authorities globally are accelerating their development of AI governance expectations. The European Central Bank has signalled that model risk management frameworks must evolve to address AI-specific characteristics. The UK’s Prudential Regulation Authority has published expectations around model explainability and third-party AI dependency. The UAE Central Bank has moved with notable speed to establish principles-based AI governance requirements for licensed institutions. Regulators do not yet mandate independent AI advisory. But the direction of travel is clear: boards will increasingly be expected to demonstrate that they have governed AI with the same rigour applied to capital adequacy and operational resilience. Boards that cannot demonstrate independent oversight, boards whose AI governance has been shaped entirely by vendors and internal functions, will find their position increasingly difficult to defend.
What Pure-Play Advisory Actually Means
The term requires definition, because it is at risk of becoming imprecise. Pure-play AI governance advisory, in the context of bank boards, means advisory whose sole mandate is the board’s fiduciary AI accountability. It does not build or sell technology. It does not implement programmes. It does not train data scientists or deploy platforms. It does not create a pipeline of follow-on work that depends on scope expansion. Its economic model is not contingent on any particular outcome other than the board being better equipped to govern.
This mandate has several practical implications that distinguish it from other forms of AI counsel.
First, it is oriented toward the question that only the board can answer: not “what AI should we deploy?” but “how do we govern AI in a way that we can defend, to regulators, to shareholders, to customers, and in hindsight?” These are different questions. The first is operational. The second is fiduciary. Most AI advice banks receive is directed at the first. A board’s deepest obligation is to the second.
Second, because there is no commercial interest in any particular technology outcome, the counsel can be honest in a way that commercially entangled advice cannot. It can tell a board that the institution is not ready for a particular deployment without fear that the assessment undermines a proposal already in the pipeline. It can identify that a vendor relationship creates a concentration risk in the institution’s AI infrastructure without any concern about protecting a referral arrangement. It can recommend delay when delay is the right governance answer, even when the operational pressure is toward acceleration.
Third, pure-play advisory operates at the level of the board’s actual accountability. It is not delivering a technical assessment or an implementation plan. It is helping the board form a mandate, define its oversight architecture, set ethical boundaries, benchmark governance maturity, and ask the right questions of the management team. These are the outputs that a board needs in order to discharge its fiduciary duty with respect to AI, and they are precisely the outputs that neither a vendor, nor a consultancy with implementation ambitions, nor an internal function is structurally positioned to provide.
The Governance Architecture That Independent Advisory Enables
When a bank board has access to genuinely independent AI counsel, the governance architecture it can build is qualitatively different from what is typically achieved through internal or commercially entangled sources.
The starting point is a board AI mandate: a formally adopted statement of the board’s approach to AI stewardship, including its principles, its oversight responsibilities, the ethical boundaries it has set, and the accountability framework it has established. This mandate is not a technology document. It is a governance document, and it belongs at board level. In the absence of independent advisory, mandates of this kind are typically drafted by internal functions and reflect the institutional interests of those functions. An independently advised board produces a mandate that reflects its own fiduciary judgment, informed by external expertise that has no stake in the drafting.
From the mandate flows an accountability matrix. The board needs clarity on who owns what within the institution’s AI governance architecture, not in a technical sense, but in an accountability sense. The Chief Risk Officer’s ownership of model lifecycle governance sits differently from the CDO’s ownership of data integrity, which sits differently again from the CEO’s ownership of the enterprise AI strategy. The board’s role is to set the mandate and receive evidence that the accountability architecture is functioning. Independent advisory helps boards design this architecture without the distortions that arise when the same function designing the architecture is also subject to it.
The third element is the ethical boundary framework. AI in banking intersects with some of the most consequential decisions in customers’ financial lives: credit access, insurance pricing, fraud determinations, and the risk of financial exclusion. The ethical boundaries a bank sets around its AI use, what it will and will not do, how it will handle bias, how it will ensure explainability for customers affected by algorithmic decisions, are not merely compliance questions. They are questions of institutional character that the board has a duty to set. Independent advisory provides the intellectual discipline to ensure that these boundaries are substantive rather than performative, and that they are integrated into the risk and capital framework rather than appended to it as a soft addendum.
Finally, there is the maturity assessment function. A board needs an honest picture of where the institution stands in its AI governance development, not a picture provided by the function responsible for that development, but an independent benchmark against regulatory expectations, global peer practice, and the board’s own stated ambitions. That benchmark is the basis for an informed conversation between the board and management about pace, investment, and risk tolerance.
The Pattern of Governance Failure
It is instructive to consider what happens in the absence of independent advisory, not in the abstract but in the pattern that is already emerging in banking markets where AI deployment has accelerated faster than governance.
In several large retail banking markets, credit underwriting models that were deployed rapidly during the 2020 to 2022 period, models trained on pre-pandemic data, validated by internal teams under time pressure, and approved through governance processes designed for conventional statistical models rather than machine learning, have produced outcomes that regulators are now examining with considerable scepticism. In some cases, the models have demonstrated demographic disparities in approval rates that, while not intentionally discriminatory, create the conditions for enforcement action under fair lending or consumer protection frameworks. The boards of the institutions involved were not uninformed. They received management assurances that models had been validated. What they did not have was independent counsel capable of asking whether the validation framework itself was adequate for the type of model being deployed.
In a different register, several banks have made substantial AI infrastructure commitments to single cloud providers, commitments that, when examined against operational resilience obligations and concentration risk frameworks, create dependencies that prudential supervisors are increasingly uncomfortable with. The decisions were commercially rational and were supported by detailed analysis from the vendors and from consultancies with partnership relationships with those vendors. The boards approved the commitments. What was absent from the board’s decision-making process was an independent voice capable of identifying the concentration risk without any interest in protecting the vendor relationship.
These are not dramatic failures. They are quiet ones, the kind that only become visible in hindsight, and whose governance lessons tend to be absorbed only after the regulatory intervention or the reputational event that makes them impossible to ignore.
The Fiduciary Argument, Stated Plainly
There is a version of this argument that a board member might find uncomfortable, and it is worth stating it plainly rather than allowing it to hover at the edge of the discussion.
A bank director who approves an AI strategy on the basis of advice from parties with a financial interest in that strategy, who sets ethical boundaries with input only from functions that have an operational interest in those boundaries being permissive, and who assesses AI governance maturity using reports produced by the functions responsible for that governance, has not fully discharged the fiduciary obligation that the position entails.
This is not a legal opinion. The law of directors’ duties in most jurisdictions does not yet specifically address AI governance obligations. But fiduciary duty is not a static concept. It evolves in response to what a reasonable director, acting with appropriate care and diligence, should have known at the relevant time. As AI becomes more material to the financial performance, risk profile, and conduct record of regulated banks, the standard of what a reasonable director should have ensured, including what quality of independent counsel they should have sought, will rise accordingly. Regulators are already signalling this direction. Future enforcement actions and supervisory findings will crystallise it.
The board that governs AI rigorously, with independent counsel and a clear mandate, is not being cautious at the expense of progress. It is building the institutional foundation that makes AI-driven performance sustainable, because performance that cannot be governed cannot be defended, and what cannot be defended will eventually be constrained by those with the authority to constrain it.
Looking Forward: What Future Boards Will Be Judged On
It is worth exercising the imagination for a moment and considering how the governance of AI in banking will look from a vantage point ten to fifteen years ahead.
By the late 2030s, AI will not be a strategic initiative within banking. It will be the operating substrate of banking. Credit decisions will be made by systems that are more autonomous than anything currently deployed. Liquidity management will involve real-time AI optimisation across treasury portfolios. Customer interactions will be mediated by systems capable of financial advice, product recommendation, and relationship management with a sophistication that current conversational AI cannot approach. Agentic systems, AI capable of taking multi-step actions on behalf of institutions and customers without human authorisation of each step, will be embedded in operations, compliance monitoring, and market-making functions.
In that environment, the governance question will not be whether boards understand AI well enough to engage with it. It will be whether boards governed it responsibly during the formative period, the period we are in now, when the patterns were being set, the precedents were being established, and the institutional character of AI governance was being formed.
Regulators in that future will look back at the decisions made between 2024 and 2030 with the same forensic attention that today’s regulators apply to pre-crisis risk governance decisions. They will ask which institutions had independent board-level AI oversight during the formation period. They will ask whether ethical boundaries were set by the board or delegated entirely to functions with competing interests. They will ask whether the advice informing board decisions was free of commercial entanglement. They will ask, in essence, whether the boards of that era took their fiduciary obligation to govern AI seriously, or whether they treated AI as a management matter that happened to be reported to the board.
The boards that will be judged most harshly are not those that made errors in the deployment of specific AI systems. Error is inevitable in any domain of genuine complexity. The boards that will be judged harshly are those that did not build the governance architecture to catch and correct errors early, and did not seek the independent counsel that would have helped them build it.
Embedded within that judgment is a market outcome as well as a regulatory one. The institutions that govern AI well during this formative period will be the ones that deploy it most sustainably, attract the most durable shareholder confidence, maintain the most constructive regulatory relationships, and earn the deepest customer trust. Trust, as anyone who has spent time in banking governance understands, is not a soft asset. It is the foundation on which the entire liability franchise rests. It is what allows a bank to fund itself at a cost that makes its business model viable. Governing AI in a way that protects and deepens that trust is not a distraction from the pursuit of financial performance. It is the precondition for it.
The case for independent AI governance advisory is ultimately this: AI is now material enough to institutional outcomes, financial, regulatory, reputational, and ethical, that governing it on the basis of commercially mediated input is no longer consistent with what fiduciary duty requires. The board that recognises this, and acts on it, is not being defensive. It is being appropriately serious about what accountability means in the intelligent era.
Limiere is a pure-play AI advisory built exclusively for banking boards and executive leadership. No tools. No vendors. No conflicts of interest. Purely high-order stewardship at the level where accountability resides. limiere.com
