Most bank boards can answer for credit risk, capital and cybersecurity. Few can explain why two similar customers received different offers last quarter.
In this Viewpoint article published in Bank Director, Zafin CEO Charbel Safadi makes the case that unobservable decisioning risk is the next governance category boards can no longer afford to overlook.
Download the Article
Bank boards oversee credit, capital, liquidity and cybersecurity. But a new category of governance risk is emerging, and it rarely appears on a board agenda: decisions the bank cannot fully explain.
Most boards cannot clearly answer questions like these: Why was this customer offered this rate? Why did two similar customers receive different outcomes? How consistent are decisions across channels and products? Directors are increasingly accountable for outcomes produced by systems they cannot fully observe or explain. That accountability gap is a financial, regulatory and reputational risk.
Pricing is where this issue first becomes visible, but that is only the beginning. The deeper problem is the gap between what banks design and what actually gets executed.
A Compounding Gap
Every bank has policies, rate sheets, offer frameworks and credit guidelines. But between policy design and customer interaction lies an execution layer that almost no one governs end to end. Even where policies are clear, execution varies in ways that are difficult to trace. Two customers with similar profiles receive different offers because decision logic is applied differently across platforms.
A relationship manager who negotiates a rate at the deal table has no guarantee that what was agreed is what gets billed. A marketing team that launches a promotional offer has no reliable way to prove that every eligible customer received the same terms. A compliance officer asked to demonstrate pricing consistency under examination has to manually reconstruct decisions that were never designed to be reconstructed. This is routine operating reality at many institutions today.
This is what I call unobservable decisioning risk, a category of operational, conduct and compliance exposures that don’t appear on a balance sheet but carry significant consequences when they surface. The board approves a policy but has no visibility into whether that policy reaches the customer. That gap compounds silently, with every campaign, every rate change, every negotiated deal flowing through fragmented systems with no single point of accountability.
AI Is Accelerating the Risk
Artificial intelligence (AI) did not create this problem, but it is worsening it faster than most governance frameworks can respond.
As banks deploy AI to power personalization, dynamic pricing and real-time offers, decision velocity increases by orders of magnitude. An inconsistency that once surfaced slowly across a portfolio can now propagate across millions of interactions before anyone has had the chance to review it.
Banks are deploying these capabilities today. Lloyds Banking Group recently put an AI agent in its boardroom to help directors analyze confidential information, reduce bias and prepare for meetings. North American regulators have already raised concerns about this trend, warning that AI summarization tools may cause directors to miss critical details by not reading materials in full. The signal is clear: AI is entering governance itself, and the governance frameworks needed to manage it are still catching up. The institutions that benefit most will be those that build governance and human oversight into decision execution from the start.
Questions Every Board Should Ask
Boards need assurance that the institution can explain how decisions are made and whether outcomes are applied consistently. That means directors should ask these four questions:
- Can the bank explain a pricing or offer outcome at the individual customer level if a regulator requires it tomorrow?
- When a relationship manager negotiates a deal, is there a governed process ensuring what was promised is precisely what gets executed and billed?
- As AI expands in customer decisioning, are controls in place to ensure those decisions remain auditable, observable and explainable at scale?
- How quickly could the institution prove consistency and fairness under examination?
If management cannot answer these with confidence, the board has identified a material governance gap.
The Governance Imperative
A decade ago, cybersecurity was not a standing board agenda item. It took high-profile failures and sustained regulatory pressure to make it one. The institutions that acted early were better positioned than those that waited for a crisis.
Decisioning governance is on the same trajectory, and the window to get ahead of it is narrowing. Boards do not need to govern every decision. But they have a responsibility to govern how decisions are made across the enterprise. That starts with a single question: Can your institution explain itself? Increasingly, regulators, customers and markets will expect the answer to be immediate.