Center for AI Oversight

Advancing the practice of AI oversight governance for boards, executives, and regulators.

The Center is an independent, educational institution. It defines what boards and executives in regulated industries must govern in AI, and who is accountable, so they can make informed decisions at the speed the technology demands. Governance, on this view, is not a brake on AI adoption. It is what makes confident adoption possible.

Guided by leaders who built the regulatory landscape.

The Center's work is informed by former senior leaders who shaped the oversight and regulatory infrastructure governing AI adoption today.

Includes former senior leaders from:
Federal Reserve U.S. Securities & Exchange Commission Federal Communications Commission U.S. Department of the Treasury U.S. Dept. of Health and Human Services
Jim Cunha
Jim Cunha
Former EVP, Federal Reserve Bank of Boston
Led innovation strategy at the Boston Fed, including digital currency research and payment systems modernization.
LinkedIn →
Chuck Senatore
Chuck Senatore
Former Director, SEC Southeast Region
Directed SEC enforcement and examination programs across financial services regulatory oversight. Former Head of Risk Oversight at Fidelity Investments.
LinkedIn →
David Simpson
David Simpson
RADM (Ret.) / Former Chief, FCC
Senior military and regulatory leadership across telecommunications, cybersecurity, and critical infrastructure.
LinkedIn →
Brian Peretti
Brian Peretti
Former CTO & Deputy CAIO, U.S. Treasury
Led technology strategy and AI governance at one of the largest federal agencies.
LinkedIn →
Senior Fellows
Ankur Singhal
Ankur Singhal
Board of Directors, Cyber Risk Institute
Technical leadership spanning financial regulation and technology risk.
LinkedIn →
Former Advisory Board
Lance Leggitt
Lance Leggitt
Former Deputy Assistant to the President for Domestic Policy; Former Chief of Staff, HHS
LinkedIn →

The Center's work takes four forms.

As an educational institution, the Center produces frameworks, research, education, and convening on the board-level discipline of AI oversight governance. Its work serves boards, audit executives, risk leaders, regulators, and trade organizations in regulated industries.

The Oversight Program

A practical model for board-level AI oversight: 76 controls across 5 pillars and 14 domains, with diagnostics tied to the laws, regulations, and case law that define what boards are accountable for.

Explore the Program →

Publications & Research

Co-developed works with institutional partners, including the Private Director's Body of Knowledge and the Internal Audit assurance supplement, plus regulatory briefings and legal analysis.

See publications →

Education & Training

NASBA-compliant education for directors, chief audit executives, and risk leaders, in online, virtual, and in-person formats. Governance competency for senior professionals, not technology tutorials.

Inquire about training →

Convening & Speaking

Keynotes, panels, board briefings, and roundtables that bring the Center's thinking to conferences, boardrooms, and regulator forums on AI oversight governance.

Invite the Center →

Every form of the Center's work serves a single mission: advancing AI oversight governance as a board-level discipline in regulated industries. To engage with the Center's education, research, or convening, write to info@cfaio.org.

The AI Oversight Program

Governance is not a committee or a control on the technology. It is the program that allows boards and executives to make timely, trusted decisions about AI, finding the informed strategic balance of risk and reward. The AI Oversight Program is built on five pillars and fourteen domains, with each control mapped to the laws, regulations, case law, and standards that define the standard of care across jurisdictions and industries.

5 Pillars
14 Domains
Mapped to authoritative sources Case law · Regulations · International standards · Fiduciary duty
I
Agile Governance
The Constitution
  • AI Governance Program and Policy Framework
  • AI Governance Structure, Oversight, and Resources
  • Governance Program Assurance and Continuous Learning
II
Risk-Informed System
The Guardrails
  • AI Risk Methodology, Scope, and Tolerance
  • Risk Intelligence and Threat Landscape
III
AI Trust and Assurance
The Evidence
  • AI Model Risk and Agentic Lifecycle Oversight
  • AI Data Governance Oversight
  • AI Transparency, Explainability, and Human Oversight
  • AI Security and Resilience Assurance
IV
Risk-Based Strategy and Execution
The Strategic Alignment
  • Risk-Informed Strategy, Resources, and Organizational Readiness
  • AI Value Realization and Operational Resilience Oversight
  • Third-Party AI and Supply Chain Governance
V
Risk Escalation and Disclosure
The Voice
  • AI Risk Escalation and Disclosure Protocols
  • Validation of Escalation and Governance Effectiveness

Co-authored with the institutions that define governance standards.

Forthcoming, Q3 2026
AI Oversight: The Private Director's Body of Knowledge
A strategic guide for private company boards on AI governance as a fiduciary obligation. Covers the Velocity Gap, the Builders and Buyers distinction, the Caremark duty of oversight, and the director's toolkit.
Co-published with Private Directors Association
Forthcoming, Q3 2026
AI Governance Best Practices for Internal Auditors and Governance Professionals
A practical tool that equips internal auditors and governance professionals to provide strategic assurance over AI governance. It defines the AI governance program as the primary auditable entity and gives internal audit a structured way to assess the program's design adequacy and operating effectiveness.
Developed to support implementation of the IIA AI Auditing Framework

The intellectual foundation of the Center's work.

The Problem

The Velocity Gap

AI is being adopted faster than most organizations can govern it. The gap between the speed of AI adoption and the speed of AI governance is where fiduciary risk, regulatory exposure, and missed strategic opportunity all live. The AI Oversight Program is the institutional capability that closes it.

Read the essay →
The Trap

The Committee Fallacy

Forming an AI committee is not a governance program. Without a programmatic framework defining what must be governed and who is accountable, committees produce activity without accountability and leave the Governing Body exposed.

Read the essay →
The Standard

The Informed Decision Standard

When a regulator, court, or auditor asks whether the organization made an informed decision about AI, the Program must demonstrate the answer in evidence. The Standard is satisfied when the Governing Body has what it needs, the Program is real rather than theatrical, and the chain from policy to practice to assurance is traceable.

Read the essay →
The Outcome

Decision Velocity

Decision Velocity is the ability to make faster, risk-informed decisions backed by evidence, without sacrificing accountability. It is the strategic outcome the AI Oversight Program is built to deliver, and the reason oversight governance is an enabler of AI adoption rather than a constraint on it.

Read the Insights →

One oversight signal. One governance insight. One action item.

Once a month. Read in under 3 minutes. For board directors, audit executives, and risk leaders responsible for AI oversight governance.