Logo
FrontierNews.ai

Why Two Global Companies Built AI Governance Differently,and What That Means for Your Organization

Two major enterprises operating across multiple jurisdictions have published detailed blueprints for AI governance structures that separate strategic oversight from operational execution, offering a concrete model for organizations struggling to embed human-rights safeguards into their AI systems. Banco Bradesco, one of Brazil's largest financial institutions, and TELUS, a Canadian telecommunications company, contributed case studies to the AI Company Data Initiative's "Responsible AI in Practice" report, documenting governance architectures that are increasingly referenced in emerging AI regulations and procurement standards.

The findings matter because regulatory exposure is rising. Human-rights-based safeguards are now explicitly referenced in frameworks such as the EU AI Act and UNESCO's AI Ethics Recommendation, and organizations that cannot demonstrate governance structures embedding these considerations at every stage of AI development face heightened scrutiny. The two-tier committee model documented in the case studies provides compliance teams with a concrete architecture they can map against their existing controls and identify gaps in accountability chains.

What Makes the Banco Bradesco and TELUS Model Different?

The case studies reveal that both organizations moved beyond generic compliance approaches. Rather than relying on single, one-size-fits-all AI literacy programs, Banco Bradesco and TELUS developed role-specific training programs tailored to the responsibilities of different business units interacting with AI systems. This distinction is critical: organizations relying on generalized training modules may find those programs inadequate under regulator or auditor review.

The governance architecture documented in the report includes several structural elements that distinguish mature programs from early-stage efforts. Both companies established strategic steering committees that set policy direction, separate from operational committees that execute quarterly reviews with defined agendas covering risk thresholds, incident review, and policy updates. This separation of duties ensures that decision rights are clear and escalation paths are unambiguous.

Cross-functional alignment emerged as a structural requirement rather than an aspiration. The report notes that both organizations embedded human-rights safeguards as mandatory checkpoints at each stage of the AI system lifecycle, not merely as policy-level considerations. This means that AI development teams, legal and compliance staff, business unit leaders, and ethics specialists all have defined roles in the governance process.

How to Build a Multi-Tiered AI Governance Structure

  • Map your committee structure: Compare your current AI governance committees against the two-tier strategic and operational model documented for Banco Bradesco and TELUS, identifying any gaps in decision rights or escalation paths that could leave accountability unclear.
  • Embed human-rights checkpoints: Review your AI governance charter to confirm that human-rights considerations are explicitly embedded as a mandatory checkpoint at each stage of the AI system lifecycle, not addressed only at the policy level or during final approval.
  • Develop role-specific training: Audit your AI training program to determine whether it differentiates by job function, and replace any single generalized module with role-specific curricula aligned to the responsibilities of each group interacting with AI systems.
  • Establish quarterly review cadence: Create a quarterly AI governance review schedule at the operational committee level if one does not already exist, with defined agenda items covering risk thresholds, incident review, and policy updates.
  • Use case studies as benchmarks: Use the Banco Bradesco and TELUS case studies as a benchmark input to your next AI governance maturity assessment, documenting where your program aligns with and diverges from the structures described.

What Regulators Are Watching For

Compliance teams should monitor enforcement actions and supervisory reviews in Brazil and Canada, where Banco Bradesco and TELUS operate, as these may increasingly reference governance architecture expectations that align with the multi-tiered committee model. Regulators in the EU and Latin America have signaled increasing interest in using enterprise implementation evidence to inform guidance on what constitutes adequate governance structure.

The organizational risk of inadequate governance extends beyond regulatory fines. Role-specific AI training requirements, as implemented at both Banco Bradesco and TELUS, reduce the risk of misuse and accountability gaps across business units. When different teams lack clarity on their responsibilities in the AI development lifecycle, the result is often duplicated effort, missed escalations, or decisions made without proper oversight.

Beyond the Banco Bradesco and TELUS case studies, other frameworks are emerging to guide organizations at earlier stages of maturity. Bluewave Technology Group has published a phased 90-day implementation guide for enterprise AI governance programs, covering scope-setting, working group formation, AI use policy drafting, and AI system inventory in the first phase, followed by ownership structures, approval tollgates, observability, and security alignment in subsequent phases. This approach offers compliance teams a concrete sequence rather than a comprehensive framework, making it relevant to programs at the earliest stages of development.

Research from the Oxford Internet Institute's Ethics in AI program contends that corporate governance structures represent the most consequential and underaddressed layer in safe AI development. The analysis focuses on how internal decision rights, executive accountability, and board-level oversight shape deployment behavior in ways external regulation cannot fully reach. Organizations relying on regulatory compliance alone are leaving structural risk unaddressed.

Protiviti has also published a comprehensive AI governance guide covering executive accountability, committee structures, and scalable AI model intake processes for enterprise organizations. The guide synthesizes foundational governance practices into an FAQ-style reference for compliance and risk teams building or maturing their programs, aimed at US-based enterprises navigating the absence of a single prescriptive federal AI standard.

The convergence of these resources signals a shift in how organizations approach AI governance. Rather than treating it as a compliance checkbox, leading enterprises are building governance as a core operational capability that shapes how AI systems are developed, deployed, and monitored. The Banco Bradesco and TELUS case studies provide the most detailed evidence to date of what this looks like at scale.