Indian businesses are at a crossroads. Increased ESG (Environmental, Social and Governance) considerations are creating both challenges and huge opportunities for businesses. Can they harness the vast tech talent to transform?
Board oversight priorities are often split between what individual directors say is important to them and what they actually dig into and devote time and resources to. The former topics get the most news, while the latter are the hardline issues that keep directors, CEOs, and legal counsel up at night.
For example, DEI (Diversity, Equity, and Inclusion) and ESG concerns have become topics of governance roundtables, consulting advice, and thought leadership articles. Both measures are being incorporated into corporate reporting around the world on a wide range of topics, including carbon footprint, diversity, sustainability, stakeholders, and energy use. ESG and DEI policies have real-world financial and legal implications. Importance Both are facing increasing uncertainty and rethinking, with the outcome today being more uncertain. Some events have noted that organizations are only paying lip service to it and not internalizing it. Companies face a global minefield of legal requirements and conflicting agendas on ESG topics, which those seeking to market themselves as sustainability leaders may find themselves struggling to dodge. Greenwashing Claim.
Meanwhile, DEI faces a tougher landscape in the U.S., as more and more U.S. states pass laws banning DEI policies in state agencies, and companies increasingly shy away from discussions of diversity, equity, and inclusion projects.
But there's another area that's looming large as a governance concern for all companies, one that's also very international, with serious consequences for failure, and this is a broad and rapidly changing technology topic.
Like DEI and ESG, technology issues are hotly debated topics among veteran executives around the world. But artificial intelligence, cybersecurity, data privacy, IoT, and related areas now bring pressing legal and regulatory demands that must be the focus of boardrooms everywhere. Cybersecurity and data protection rules with strong safeguards are being implemented around the world and are expanding exponentially. AI Regulation in Europe, the US, China, and Japan Most other countries require strict accountability and disclosure.
This set of global and regional rules covers a wide range of topics, from protecting customer data, to restricting which countries can store it, to banning online “misinformation,” to banning the use of AI tools to create deepfakes and intellectual property piracy. These laws provide for a host of penalties for companies to comply, but just as importantly for boards, they require extensive reporting and disclosure, all of which boards must review. Earlier this year, 77% of global CEOs surveyed by PwC were concerned about liability that could arise from AI in the coming months and years.
This means that while boards need to monitor and respond to growing ESG pressures, technology regulations are powerful, pervasive and multinational, often with frightening liability and penalties for oversight. So which of these issues do you think are actually troubling board members?
Technology areas the board should focus on
Technology issues are fast-changing, complex, interconnected and often industry-specific. So the first challenge for boards is to clarify what specific areas they need to oversee, where they overlap, and how they apply to each company. Here's a checklist to kickstart your governance plan:
First, assess how the list of technology areas below impact your company (by sector, stage of growth and future strategy), how your board will monitor and promote the opportunities those technology areas may bring, internally the risks of failure or non-compliance and externally the risks of liability or enforcement action, how effective the internal controls are to monitor each technology area, cross-cutting assessments (how new technologies or oversight failures will impact other areas), budget planning and forecasting, management and board structure to monitor change and progress, the talent expertise that exists in each area, all public, regulatory and stakeholder messaging about the technology, and what insurance and hedging protections there are against failure.
As for the technology sector itself, let's start with cybersecurity: To what extent and how frequently does the board or committee interact with the company's CISO (or whoever fills that function)? What are the criteria for event significance? How are cybersecurity risk assessments structured, conducted and disclosed? How do intrusion prevention measures compare to current best practices? How are incidents and security audits reported to the board?
Next is data protection. How mature are your data protection controls? How comprehensive and up-to-date is your company's data inventory? What laws and regulations govern data storage and use, and how will you be informed of upcoming changes to this? Where is your company's data stored, both internally and externally (including overseas locations where data privacy laws may differ)? Who oversees your third-party vendors? What data management/hygiene frameworks do you have in place?
The third is AI: How is your company currently using generative AI and related capabilities, and what are your plans (near term, 3-5 years)? What is the state of your staff expertise in AI technologies? What is the situation on your board of directors? What is the expertise? Who on the executive team “owns” the AI portfolio or is it decentralized by function? Is the current structure optimal (and why?)? How does executive team evaluate emerging AI opportunities and how does it report back to the board? Showcase safeguards in place to address AI issues such as misinformation, information security (AI can voraciously gobble up and spread corporate data), bias in AI models, and legal/copyright concerns.
what other What areas (machine learning, cloud computing, ransomware, Internet of Things, metaverse/immersive technologies, robotics, quantum computing) should boards include in their technology oversight portfolio?
M. Mounir is an advisor to Fortune 500 companies, startup investor, and co-founder of the nonprofit Medici Innovation Institute. Ralph Ward is a global board advisor, coach, and publisher.
