AI Governance Institute logo
AI Governance Institute

Practical Governance for Enterprise AI

← News
Research2026-07-09

Multi-Tiered AI Governance Committees Tested at Scale: Banco Bradesco and TELUS Case Studies Reveal What Works

What happened

The AI Company Data Initiative released Responsible AI in Practice: AI Company Data Initiative Case Studies, a primary-source report documenting real-world AI governance implementations at two major enterprises operating across multiple jurisdictions. Banco Bradesco, one of Brazil's largest financial institutions, and TELUS, a Canadian telecommunications company, each contributed detailed accounts of their governance architectures, including the composition and mandate of strategic steering committees, the cadence and scope of quarterly operational reviews, and the specific mechanisms used to embed human-rights safeguards across the AI development lifecycle. The report identifies cross-functional alignment as a structural requirement rather than an aspiration, noting that both organizations developed role-specific training programs rather than relying on generalized AI literacy initiatives. Published under a global jurisdiction scope, the findings are intended as a transferable implementation model for enterprises building or maturing their own responsible AI programs.

Why it matters

  • ·Regulatory exposure: Human-rights-based safeguards are increasingly referenced in emerging AI regulations and procurement standards, and organizations that cannot demonstrate their governance structure embeds these considerations at the lifecycle level face heightened scrutiny under frameworks such as the EU AI Act and UNESCO AI Ethics Recommendation.
  • ·Operational impact: The two-tier committee structure documented here, separating strategic oversight from operational execution with defined review cadences, provides a concrete governance architecture that compliance teams can map against their existing controls and identify gaps in accountability chains.
  • ·Organizational risk: Role-specific AI training requirements, as implemented at both Banco Bradesco and TELUS, reduce the risk of misuse and accountability gaps across business units, and organizations relying on generic training programs may find those programs inadequate under regulator or auditor review.

Governance controls affected

What to do now

  • Map your current AI governance committee structure against the two-tier strategic and operational model documented for Banco Bradesco and TELUS, and identify any gaps in decision rights or escalation paths.
  • Review your AI governance charter to confirm that human-rights considerations are explicitly embedded as a mandatory checkpoint at each stage of the AI system lifecycle, not addressed only at the policy level.
  • Audit your AI training program to determine whether it differentiates by job function, and replace any single generalized module with role-specific curricula aligned to the responsibilities of each group interacting with AI systems.
  • Establish a quarterly AI governance review cadence at the operational committee level if one does not already exist, with defined agenda items covering risk thresholds, incident review, and policy updates.
  • Use the Banco Bradesco and TELUS case studies as a benchmark input to your next AI governance maturity assessment, documenting where your program aligns with and diverges from the structures described.

What to watch next

Compliance teams should monitor whether other major industry initiatives publish comparable case study reports, as regulators in the EU and Latin America have signaled increasing interest in using enterprise implementation evidence to inform guidance on what constitutes adequate governance structure. The AI Company Data Initiative may release additional sector-specific case studies covering industries beyond financial services and telecommunications, which would allow compliance teams to benchmark against peers more precisely. Enforcement actions and supervisory reviews in Brazil and Canada, where Banco Bradesco and TELUS operate, may increasingly reference governance architecture expectations that align with the multi-tiered committee model documented here.

Related Coverage

Research2026-06-13

A 90-Day Blueprint for Standing Up AI Governance: What Bluewave's Sequenced Framework Means for Compliance Teams

Bluewave Technology Group has published a phased 90-day implementation guide for enterprise AI governance programs, covering scope-setting, working group formation, AI use policy drafting, and AI system inventory in the first phase, followed by ownership structures, approval tollgates, observability, and security alignment in subsequent phases. The guide is positioned as a practical starting point for organizations that have not yet formalized AI governance without overengineering early controls. It offers compliance teams a concrete sequence rather than a comprehensive framework, making it relevant to programs at the earliest stages of maturity.

Research2026-06-10

Internal Governance Gaps, Not Just Regulation, Drive AI Deployment Risk, Oxford Research Argues

A post from the Oxford Internet Institute's Ethics in AI program contends that corporate governance structures represent the most consequential and underaddressed layer in safe AI development. The analysis focuses on how internal decision rights, executive accountability, and board-level oversight shape deployment behavior in ways external regulation cannot fully reach. The piece argues that organizations relying on regulatory compliance alone are leaving structural risk unaddressed.

Corporate Policy2026-07-08

Protiviti's AI Governance Guide Surfaces a Structural Gap: Most Enterprises Still Lack Formal Intake, Inventory, and Committee Controls

Protiviti has published a comprehensive AI governance guide covering executive accountability, committee structures, and scalable AI model intake processes for enterprise organizations. The guide synthesizes foundational governance practices into an FAQ-style reference for compliance and risk teams building or maturing their programs. It is aimed at US-based enterprises navigating the absence of a single prescriptive federal AI standard.