As artificial intelligence rapidly transforms the financial services landscape, mutual fund boards face a growing imperative to ensure that third-party service providers' AI practices align with the funds' standards and investors' best interests. With vendors increasingly leveraging AI for critical functions such as data management, investment technology, and customer service, directors must take a proactive stance in overseeing these relationships to mitigate risks and maintain trust.

The board's role in shaping AI vendor selection and monitoring policies is more critical than ever¹. By establishing robust guidelines and engaging in regular dialogue with advisers about third-party AI practices, directors can foster a culture of responsible innovation while safeguarding fund assets and reputation. This oversight function is not just a matter of risk management but also an opportunity to steer the fund toward the responsible adoption of transformative technologies.

Key Risks

AI's transformative potential comes with a variety of risks that directors must navigate:

Data Management and Privacy Risks: Improper access controls or breaches at vendor organizations can expose sensitive fund and investor data. Rigorous due diligence and ongoing monitoring of vendors' data governance practices are essential². Directors should inquire about vendors' data security measures in the context of AI systems, incident response plans, and compliance with relevant privacy regulations.

Model Risks: If an adviser incorporates third-party AI models in the investment processes or operational workflows, flawed AI models or insufficient validation and testing can lead to inaccurate investment decisions or operational errors. Boards should ensure that advisers have processes to evaluate the soundness of vendors' AI methodologies, including their data inputs, assumptions, and evaluation³. Regular audits and evaluation can help identify potential weaknesses in vendors' AI systems.

Ethical Risks: AI systems can perpetuate biases or make discriminatory decisions if not designed and monitored carefully. Boards should review whether there are acceptable levels of transparency and explainability in vendor AI practices. Directors should ask about vendors' processes for detecting and mitigating algorithmic biases, as well as their adherence to ethical AI principles such as fairness, accountability, and transparency. Regulatory

Compliance Risks: As AI regulations evolve, vendors' missteps can create legal and reputational liabilities for funds. Directors must verify that advisers are vigilant about vendors' adherence to applicable AI laws and standards. This includes staying abreast of regulatory developments in key markets and ensuring that vendor contracts include provisions for compliance.

The Board's Role

To effectively oversee third-party AI risks, mutual fund boards should:

1. Set clear expectations for ethical AI development and deployment by vendors, aligned with the fund's values and risk appetite. This involves articulating the fund's AI principles and communicating them to advisers and vendors. Boards should also define the metrics and reporting requirements for assessing vendors' alignment with these principles.
2. Establish vendor selection guidelines that prioritize AI governance, risk management, and control capabilities. Due diligence should encompass vendor policies, processes, and track records. Boards may consider developing AI-specific criteria for evaluating vendors, such as their transparency practices, model validation methods, and staff expertise.
3. Insist on contract provisions that enshrine responsible AI usage, robust data protections, and audit rights. Working with legal counsel, boards can ensure that contracts provide adequate safeguards and remedies in case of vendor non-compliance, tailoring these provisions to the specific AI services provided and associated risks.
4. Require regular reporting from advisers on vendor AI risk assessments and material system changes. The frequency and format of these reports should be commensurate with the complexity and criticality of the AI services provided. Boards should also have access to independent audits or assessments of vendors' AI practices.
5. Foster ongoing dialogue with advisers and vendors to stay abreast of AI best practices and address emerging challenges proactively. This may involve periodic meetings with vendor representatives, participation in industry forums, and engagement with AI experts. Boards should encourage a culture of openness and continuous improvement in vendor relationships.

What to Ask About AI Practices

To guide their oversight efforts, directors should pose probing questions to advisers about their approach to managing third-party AI risks:

• What due diligence process does the adviser use to evaluate potential vendors' AI governance and risk management? How does this process differ from the evaluation of traditional service providers?
• How does the adviser ensure that vendor contracts include appropriate provisions on AI usage, data protection, and audit rights?
• What regular reporting does the adviser receive from vendors on their AI risk assessments and any material changes to their AI systems? How is the information verified?
• How does the adviser foster ongoing dialogue with vendors about AI best practices and ensure alignment with the fund's AI standards? What mechanisms exist for escalating concerns or disputes?

Key Considerations for Fund Directors

Understanding the fund's overall AI strategy and initiatives is crucial for directors to provide effective oversight of third-party AI risks. Regular briefings from advisers can help the board stay informed about the evolving AI landscape and its implications for vendor relationships3. Directors should also seek to understand the competitive pressures and industry trends driving the adoption of AI by the fund and its service providers.

Evaluating the adviser's oversight of vendor AI practices should be a key priority for the board. Directors should assess the adequacy of the adviser's vendor management program, including its ability to identify, monitor, and mitigate third-party AI risks. This may involve reviewing the adviser's vendor selection criteria, risk assessment methodologies, and performance monitoring processes. Directors should also inquire about the adviser's contingency plans for addressing vendor disruptions or failures.

Continuous education on AI risks and regulatory developments is essential for directors to fulfill their oversight duties effectively. Boards should prioritize AI training and seek insights from external experts as needed. This education should cover not only the technical aspects of AI but also the ethical, legal, and societal implications of its use in the fund management context. Directors should also stay attuned to evolving industry standards and best practices for AI governance.

Reviewing fund disclosures on AI usage can help directors ensure transparency and alignment with investor expectations. As AI becomes more prevalent, clear communication about the fund's approach to managing AI risks, including those related to vendors, will be increasingly important. Boards should work with the adviser and legal counsel to develop appropriate disclosure language and ensure consistency across various communications channels, such as prospectuses, shareholder reports, and website content.

Opportunity for Boards

In the age of AI, robust board oversight of third-party vendors is not just a best practice but a fiduciary imperative. By proactively engaging with advisers, setting high standards for AI governance, and continuously monitoring vendor practices, mutual fund directors can help steer fund management toward responsible innovation while safeguarding investor interests.

Effective AI oversight demands a forward-looking, risk-aware mindset. Directors must be prepared to grapple with complex trade-offs between the benefits of AI-powered efficiency and the potential risks of opaque or misaligned vendor practices. Ongoing education, dialogue, and collaboration will be key to navigating this fast-moving landscape.

Ultimately, the goal of third-party AI oversight is not to stifle innovation but to ensure that it proceeds in a manner consistent with the fund's values, regulatory obligations, and duties to investors. Fund directors have a unique opportunity to shape its trajectory in the service of investor protection and long-term value creation. By setting a high bar for vendor oversight and modeling responsible AI governance, boards can contribute to a more trustworthy, accountable, and sustainable financial ecosystem.

Joyce Li, CFA, is CEO of Averanda Partners, where she advises business leaders at the intersection of AI, finance, and governance. She has nearly two decades of investment management experience, including as a mutual fund portfolio manager at Matthews International Capital Management. An experienced board director, Li serves on the advisory board of the technology startup OpenBB and previously served as president on the CFA Society San Francisco board and on other nonprofit boards. Li co-authored the Athena Alliance AI Governance Playbook and created the “AI Simplified for Leaders” newsletter with curated strategic insights.

^[1] AI Governance Playbook. (2024). Athena Alliance.

^[2] Role of the Mutual Fund Director in the Oversight of the Risk Management Function. (2022). Deloitte.

^[3] Board Oversight of Certain Service Providers. (2007). IDC.