AI Risk Pulse - Maturity Gap

Written By Aarona Chou

AIxRisk has conducted a series of AI Risk Pulse polls soliciting the risk community on their perspective on the two sides of AI Risk: Managing AI Risks and using AI to manage risks.

(1) On accountability, the answer was clear: the 1st Line still owns it even though the appointments of AI czars in the Technology function or other centralized corporate functions blurs the line of accountability vs. responsibility.

(2) At the same time, when we asked about the biggest risks in AI adoption, respondents pointed to a three-way tie: Data, Governance, and Model Drift suggesting the challenges to broad-based AI deployment are interconnected and complex.

(3) AI is not transforming risk management evenly. It is concentrating in familiar places — and beginning to emerge where it matters most:

  • AI is gaining traction in risk and compliance functions (2nd Line)

  • The business is mostly focused on commercial applications (1st Line)

  • And it is emerging as a Board oversight tool

Taken together, these results tell a deeper story — one that goes beyond adoption.

They highlight a maturity gap in how AI risk is actually managed and governed.

What We Are Seeing: Optimization Without Transformation

1. The 2nd Line Is Leading in using AI as a risk tool

AI is delivering its most visible impact in risk and compliance — and that is not surprising.

  • Surveillance, monitoring, policy alignment, and analytics are natural entry points

  • Use cases are data-rich and centrally managed

  • Benefits are largely efficiency-driven

But we should be clear: this is optimization, not transformation.

2. The 1st Line Owns Risk — But Isn’t Using AI to Manage It

The business remains the accountable owner of AI risk and outcomes, yet adoption here is uneven.

  • AI is concentrated in commercial and productivity use cases

  • There is limited AI usage in core risk disciplines:

    • Supervision

    • RCSA

    • Control effectiveness testing

    • Risk appetite monitoring

The line that owns risk is not yet meaningfully using AI to manage it.

3. The Board: From Lagging Indicator to Emerging AI-Enabled Oversight

AI is beginning to emerge as a powerful Board oversight tool.

Today’s reality is still imperfect:

  • Reporting remains largely retrospective and long dated

  • Materials are dense and slow to synthesize

  • Insights are often diluted

But this is precisely where AI has the potential to shift the model:

  • Turning static reporting into dynamic insight

  • Enabling near real-time risk visibility

  • Elevating decision quality and accountability at the top of the organization

AI can fundamentally reshape how Boards oversee risk.

What Is Driving This Pattern

The barriers are not new — they are simply amplified in an AI context:

  • Data quality and lineage remain foundational

  • Governance clarity is inconsistent across organizations

  • Model risk is now continuous and dynamic

The Real Inflection Point

To date, AI has been used to:

  • Process more data

  • Reduce manual effort

  • Improve efficiency

That is the starting point — not the destination.

The real shift will come from:

  • Embedding AI into how the 1st Line actively manages risk

  • Enabling real-time, insight-driven governance at the Board level

  • Transforming how the 2 nd line manages risk

Bottom Line

Today, AI is optimizing the 2nd Line.

Tomorrow, it must:

  • Make the 1st Line more effective in owning and managing risk

  • Enable the Board to operate with greater insight, speed, and accountability

Closing Thought

AI does not redefine risk governance — it elevates it. The question is whether organizations are ready to follow.

Aarona Chou https://AIxRisk.com
Next

Dynamic Risk and Control Frameworks for Agentic AI