Nowhere are the phrases "a double-edged sword" and "it cuts both ways" more apt than to describe the potential that artificial intelligence (AI) has in our world today. As AI rapidly reshapes how decisions are made, how work is performed, and how value is created, this is no longer merely a technological issue. Boards today are challenged to oversee not only the opportunities AI presents, but also its broader implications on governance, workforce transformation, risk management, and stakeholder trust. The pace of AI adoption is accelerating across industries, yet governance maturity in many organizations may still be lagging behind..
This gap matters.
There is literally no end to the possibilities that an AI engine may come up with. Organizations today are deploying AI tools to enhance productivity, support decision-making, improve customer experience, strengthen operational resilience, and accelerate innovation. Yet alongside these opportunities come equally significant risks — ranging from cybersecurity vulnerabilities, data privacy concerns, and misinformation risks to questions surrounding accountability, explainability, workforce displacement, and ethical use.
For boards, the challenge is not whether AI should be adopted, but how an organization can harness the potential of AI, and putting in guardrails so as not to inadvertently imperil the trust generated over the years by their companies through unregulated use of AI.
With this in mind, KPMG International and INSEAD Corporate Governance Centre (“INSEAD”) have launched the AI Governance Principles for Boards — a principles-led framework intended to help boards navigate one of the most significant governance challenges of our time.
Importantly, the framework recognizes that boards are not expected to manage AI directly. Rather, their role is to provide strategic oversight: setting expectations, challenging assumptions, overseeing risks, and ensuring that AI adoption aligns with the organization’s long-term strategy, values, and risk appetite.
Figure 1: AI Governance Principles for Boards
Briefly, the five principles espoused by KPMG and INSEAD are for boards to:
1. Ensure that AI initiatives are what the company wants in the long term.
2. Exercise sufficient oversight over AI initiatives, choices and investments.
3. Oversee transitions from a human workforce perspective.
4. Ensure that AI engines reflect the right ethical boundaries.
5. Continuously revisit its policies, structures, and processes so that the board can keep up with developments in the AI space.
Taken together, these principles reinforce an important reality: AI governance is not solely about risk mitigation or compliance. It is fundamentally about long-term strategic stewardship.
Boards today are increasingly required to “govern at two speeds” — balancing immediate oversight of AI-related risks while simultaneously making longer-term decisions around business transformation, workforce evolution, operating models, and competitive positioning.
Trust will become increasingly central to successful AI adoption. Organizations that invest early in governance, accountability, transparency, and trustworthy AI practices are likely to be better positioned to scale AI confidently while maintaining stakeholder confidence. As highlighted in the KPMG-INSEAD paper, trust is not a constraint on AI adoption, but rather the foundation that enables AI to be deployed responsibly and sustainably.
Boards themselves may also need to evolve. Effective AI oversight may require boards to continuously strengthen their understanding of emerging technologies, reassess governance structures and committee mandates, and adapt oversight processes based on the needs of the company and its strategic objectives in the emerging AI landscape today.
A cursory glance at the latest round of annual reports issued by Malaysian public-listed companies provides some glimpses as to how ready are Malaysian PLC boards to tackle the AI conundrum. In a sample of 2025 corporate governance reports from five of the largest PLCs on Bursa Malaysia – by market capitalization – and hot off the press, four of these reports, regrettably, featured no mention on how the board is actively addressing the issue of AI as part of its oversight responsibility. The fifth one only mentioned the need to recruit directors with knowledge or experience in AI matters.
This raises an important question: are boards moving quickly enough to match the pace of AI adoption taking place within organizations?
The Malaysian government, to its credit, has taken important race in this AI race through the establishment of the National AI Office (NAIO), which came into being in December 2024 to lead efforts in governing AI development in the country. Notably, the NAIO also highlights on its website, the National Guidelines on AI Governance and Ethics, which is published under the auspices of the Ministry of Science, Technology and Innovation. This document outlines a set of 7 principles for governing AI use, covering widely understood concepts such as accountability, transparency and fairness.
In addition, boards may also benefit from referring to the ASEAN Guide on AI Governance and Ethics, which was published in 2024 and is available on the ASEAN Secretariat website. This document also outlines a number of principles for boards to consider in harnessing the potential of AI.
Ultimately, there is no shortage of principles that boards may use to customize towards their own AI policy document and to guide their oversight of AI use. The more pressing question is whether boards are prepared to discharge their responsibilities in overseeing the company’s interaction with AI, before regulatory expectations, stakeholder scrutiny, or business disruption force the conversation.
Traditional KYC processes remain foundational but are no longer sufficient. Regulatory expectations globally now emphasize identification and verification of UBO: those who ultimately own, control or benefit from an entity or transaction.
The proliferation of family offices, nominee arrangements and offshore structures has increased both the complexity and importance of UBO transparency. The key question remains consistent: who ultimately exercises control and receives economic benefit?