AI oversight is a boardroom job now, broker networks can't outsource accountability – Bilgrami

For most of the last two years, AI in the mortgage sector has been treated as a productivity issue. A tool that the operations team trials, the brokers get excited about, and the IT function integrates.

But with the scale of AI use ramping up, the gap between how AI is governed and how much it’s relied upon is becoming a real exposure, particularly for large broker firms, networks and clubs.

A UK Finance article by Mathew Wells, head of risk advisory UK at Wavestone, points out that as AI becomes embedded across financial services operations, AI risk is not a technical issue for the chief information officer (CIO) to manage alone. It is, instead, a strategic governance issue that implicates responsibilities for every board member, from the CEO and chief operating officer (COO) to the chief information security officer (CISO) and chief marketing officer (CMO).

It particularly applies squarely to networks and clubs that are overseeing advice across hundreds of firms.

Sponsored

Aldermore Insights with Jon Cooper: Edition 9 – Why lending strategy is becoming more central in buy to let

Sponsored by Aldermore

The risk isn’t the technology… it’s the blind spots around it

The UK Finance piece is candid about why this matters, which will feel familiar to anyone who has tried to map their own AI footprint.

Many organisations, it notes, lack visibility of their AI landscape and the risks it presents, making it hard to assess maturity or establish effective risk governance. Without a clear grasp of compliance requirements and best practice standards, boards face blind spots that expose them to regulatory and reputational risk, and it warns that the cost of getting it wrong can be severe.

The deeper problem is structural.

In many firms, accountability can be fragmented, with no dedicated roles or capacity for AI oversight, while the processes that should catch these risks, such as routine risk management or IT reviews, can sometimes miss AI as it’s so new, leaving governance outdated and risks unmanaged. For a network, multiply that across every member firm using AI-assisted sourcing, affordability, criteria or client communication tools, and the scale of the blind spot becomes clear.

The technology may be performing well, but the governance has some catching up to do.

The consequences for networks and larger corporates

A network or a larger corporation carries a particular version of this risk, as you aren’t just governing your own use of AI. You’re standing behind the tools your member firms or employees rely on, often via partnerships you’ve selected or endorsed centrally.

If an AI-assisted advice tool produces inconsistent outputs, processes client data in a jurisdiction you didn’t expect, or becomes materially more expensive overnight because of an upstream price rise, the consequences flow across your whole membership, and the regulatory questions land at your door, not the vendor’s.

Consumer Duty sharpens this further. Demonstrating fair value and good customer outcomes is already a board-level obligation. A core advice tool that unwittingly works against this, through cost escalation, opaque decision logic, or untested fairness, is precisely the kind of risk UK Finance argues boards can no longer treat as a technical footnote.

Accountability for the outcome cannot be delegated to a supplier, however capable.

What good board-level oversight looks like

The value of the UK Finance framing is that it opens up a valuable conversation on how to tackle this. The AI tech is creating incredible, valuable opportunities for brokers. We now just need to ensure that the governance is up to scratch.

Here are UK Finance’s questions, adapted for broker networks or clubs:

• Do we know our AI landscape? Which advice decisions and member firm processes depend on AI tools, and who owns oversight of each? If no one can produce that map, that is itself the finding.
• Is AI in our enterprise risk framework, or bolted on? UK Finance’s guidance to chief risk officers is explicit… AI risks should be integrated into our enterprise risk framework, with lifecycle-wide controls, not handled as a separate, informal exception.
• Can our tools be explained? Boards are advised to require explainability, ongoing monitoring and transparent reporting of AI systems. For an advice tool, that means being able to justify a recommendation or rejection to a customer, a regulator, or the Financial Ombudsman Service (FOS).
• Is the data use compliant and bias-controlled? The guidance flags monitoring AI-related data for discriminatory outcomes as a standing question – directly relevant where tools touch affordability or eligibility.
• Who is accountable when it goes wrong? If the honest answer is ‘the IT team’ or ‘the supplier’, the oversight gap UK Finance describes is live in your organisation.

UK Finance’s top-level prescription for boards is a useful checklist in its own right. Set the tone at the top, demand transparency, ensure accountability, stay ahead of regulation, invest in education and invest in AI tooling. These are all governance responsibilities.

Where oversight becomes operational – choosing the right partners

For all distributors, much of this board-level intent is exercised at a single, practical moment, when you choose or renew an AI partner.

Demanding transparency, confirming accountability for outcomes, checking explainability and tracking regulatory exposure are abstractions until a supplier is in front of you and you’re deciding whether to sign. That is why supplier due diligence deserves board-level attention rather than being left entirely to procurement. It’s where governance principles are modelled and enforced.

It’s worth being clear-eyed about vendor framings here too.

Suppliers, including those publishing their own AI standards, are making a case for their approach, and a board’s job is to test those claims, not adopt them wholesale. But the underlying direction of travel is not in dispute. The firms that treat AI oversight as a standing board responsibility now, and build supplier scrutiny into that, will be far better placed than those still treating it as something the IT function handles.

As UK Finance puts it, AI risk management must therefore be a standing item on board and executive agendas. For firms whose entire proposition increasingly depends on AI-assisted advice, it’s the difference between capturing AI’s value and losing control of its risks.