The gap that matters

Most boards that have thought seriously about AI have done the first thing: written a policy. The policy sets out what the board expects - which tools are permitted, how outputs should be treated, what should not be shared. It is a reasonable starting point. It is not governance.

A written policy is what the board intends. Operational governance is something different: it is what the tools actually enforce. The gap between the two is where AI risk lives, and for most boards today that gap is wide open.

A new Knowa white paper, The Governance Imperative, is about that gap and what it takes to close it - following on from our earlier series Nine questions and one policy.

See what our CEO, Amédée Levillain, is saying about it: Read his post on LinkedIn.

AI is already in the room

The starting point for the paper is a fact that boards largely prefer not to name: AI use is already happening, regardless of what any policy says. Trustees are pasting consultant recommendations into ChatGPT to ask whether they look reasonable. Advisers are running draft papers through Copilot to tighten the language. Scheme secretaries are using generic AI tools to summarise meeting packs.

None of this was designed for fiduciary work. None of it is governed. The confidentiality boundary is invisible to the tool. The output has no audit trail. The model that answered the question will not remember it was asked.

From the white paper

"Without governance, AI use does not stop. It simply happens unrecorded, in tools that were never built for fiduciary work."

The paper is direct about what this means: the question is not whether to permit AI use. It is whether to govern it. The two are not the same choice, and treating them as if they are is what leaves boards exposed.

Three foundations

Operational governance, the paper argues, rests on three things. Without all three, written policy floats free of working control.

Visibility. Someone with oversight responsibility needs to be able to see what AI tools are being used and what they are being asked. That means structured access logs, not self-reporting. A policy that says "AI outputs must be disclosed" does not produce visibility. A system that records what was asked and what was answered does.

Control. The board needs to be able to decide, in advance, what the tools can and cannot access. That means scoped permissions, not blanket access. A tool that can reach any document in the scheme has no meaningful data boundary. A tool that can only reach documents within the scheme's own record, under defined access rules, gives the board something to stand behind.

Record. Governance that cannot be demonstrated is not governance. Meetings, decisions, actions, and the AI interactions that inform them need to be part of the same durable record - one that will make sense to a regulator or a successor trustee who was not in the room.

Four risks that boards carry

The paper sets out four categories of risk that arise when AI use runs ahead of governance.

  • Data and confidentiality. Scheme documents, member data, and adviser correspondence are processed by tools that have no contractual relationship with the scheme and no defined data boundary. What enters a general-purpose AI tool may train future models, be visible to the provider, or simply leave the scheme's control.
  • Accuracy and output integrity. AI tools present outputs with a confidence that does not reflect their actual reliability on specialist fiduciary questions. A trustee who treats a confident-sounding AI output as a second opinion without verifying it against the source has introduced an uncontrolled variable into a decision that carries personal liability.
  • Access and authorisation. A board member and a scheme administrator do not have the same access rights to scheme documents. A general-purpose AI tool knows nothing of those distinctions. Without deliberate access scoping, the tool reflects whoever is using it, not what the board intended.
  • Compliance and regulatory expectations. Regulators expect trustees to be able to demonstrate their decision-making. An AI interaction that informed a decision but left no trace cannot be demonstrated. The absence of a record is itself a governance failure.

Who answers for it

The paper examines how the question of AI accountability lands differently depending on where you sit.

For trustees, the question is personal liability. Trustee decisions must reflect trustee judgement. An AI tool that shaped a decision but was not governed is not a defence; it is a complication. Trustees need to be able to show that the tools they used were appropriate, that the outputs were verified, and that the judgement was theirs.

For the scheme secretary, the question is operational control. The scheme secretary is often the person closest to how the board actually works, and therefore the person best placed to see where informal AI use is creeping into the process. Governance gaps tend to show up first as process anomalies.

For the chair, the question is accountability to members. The chair needs to be able to give a credible account of how the board reaches decisions - including which tools are used, how they are governed, and what assurance exists that the outputs are reliable.

Oversight in practice

The paper moves from principle to working practice: what does governed AI use actually look like, meeting to meeting?

It starts with the record. Every AI interaction that informs a decision needs to be part of the scheme's record - not a separate log that no one reads, but the same record that captures the decision itself. When a trustee asks a question and an AI answers it, that exchange should be as retrievable as the minutes.

It addresses the adviser boundary. Trustees work with consultants, actuaries, and legal advisers who have their own AI tools and their own working practices. Governed AI use does not mean controlling what advisers do with their own tools. It means maintaining a clear boundary: the scheme's AI interactions stay within the scheme's record; adviser interactions stay within the advisers' own systems. The boundary is not about restriction. It is about knowing where things are.

And it addresses the audit question directly. The record that stands up is not a comprehensive dump of every interaction. It is a structured record that shows, for any decision, what information was available, what was asked, and what the answer was - with citations back to the source documents, so that anyone reviewing it can follow the chain from question to answer to decision.

Building the foundation now

The paper does not argue for a wholesale technology overhaul. It argues for starting in the right place: with the controls that sit behind the board's most important governance obligations.

Three things matter most at the start. First, take stock: identify where AI tools are already in use, whether formally or informally, and what data they are reaching. Most boards will find the answer is more than they thought. Second, decide what good looks like: define, in concrete terms, what visibility, control, and record mean for this scheme. The policy already exists; the operational controls are what is missing. Third, close the gap: choose tools that were built for the work, not general-purpose tools adapted for it.

The distinction between purpose-built and adapted matters. A tool built for fiduciary governance has data boundaries, access controls, and audit trails as design requirements. A general-purpose tool has none of those things, because it was not built for a context where they are legally and ethically necessary.

What Knowa Q does differently

The paper describes what purpose-built AI governance looks like in practice through Knowa Q, the intelligence layer that runs across Knowa's platform.

Knowa Q is scoped to the scheme. It can only reach documents that are within the scheme's own record in Knowa. There is no ambient access to the internet, to other schemes, or to anything outside the defined boundary. The data boundary is not a setting that can be accidentally relaxed; it is an architectural constraint.

Every interaction is recorded. When a trustee or adviser asks Knowa Q a question, the question and the answer become part of the scheme's record. Outputs are cited: Knowa Q points to the specific source document that supports each answer, so the chain from question to answer to evidence can be followed by anyone who needs to review it later.

Knowa Q answers questions about the record. It does not advise. It will surface an inconsistency between two papers and not tell the board which is right. It will show what was agreed at a previous meeting and not opine on whether that agreement should change the present decision. Those are judgements, and judgements belong to the trustees and their advisers.

The full white paper is available to download on the Knowa white papers page.


Written policy tells the board what it expects. Operational governance is what makes it true.