The boardroom blind spot: Why Nigerian organisations must govern AI before AI governs them
In Nigerian corporate discourse, the word “transformation” has become an overused abstraction that has lost its urgency and precision.
In Nigerian corporate discourse, the word “transformation” has become an overused abstraction that has lost its urgency and precision.
Boards deliberate digital transformation.
Executives champion AI transformation.
Annual reports propose technology-driven transformation. Yet, in most of these same organisations, the board has never once had a formal discussion regarding the actual impact of artificial intelligence on the decisions being made on its behalf.
This disconnect is not just ironic but also dangerous. The adoption of AI in Nigerian organisations is one of the fastest in the world, where usage rates are among the highest globally.
A 2025 global survey by Google and Ipsos found that 48% of the global public had used generative AI in the past year, with adoption significantly higher across emerging economies, including Nigeria. Crucially, this adoption is not occurring in a vacuum, but also in boardrooms, finance, HR, and customer-facing operations, without the full knowledge of the board or any governance framework to guide it.
And yet, while adoption races ahead, governance has barely progressed. The question, then, is not whether Nigerian organisations are implementing AI, but whether the boards in charge are aware of what AI is up to under their watch and are prepared to face the consequences of its failure.
For years, the lack of a specific AI law in Nigeria provided organisations with silent comfort. There was no hard enforcement deadline, no obvious liability system, and no direct regulatory penalty for not taking action. That comfort is growing more out of place.
This is a result of Nigeria’s active regulatory stance on AI. Currently, two AI-specific Bills are in review in the National Assembly: the Control of Usage of Artificial Intelligence Technology Bill (HB 942) and the National AI and Robotic Sciences (Establishment) Bill (HB 601), which both seek to establish a formal regulatory and institutional framework for AI governance in Nigeria, including the creation of a central oversight body with powers relating to registration, standard-setting, and supervision of AI systems.
While these remain under consideration, they signal a clear legislative direction towards structured, enforceable AI oversight.
Beyond this legislative momentum, the pace of change is already accelerating in practice. Sector regulators are not waiting for legislation to arrive. The CBN Fintech Report 2025 highlights that AI is largely adopted in Nigeria’s financial services sector, particularly in fraud detection, customer service, and credit assessment.
More significantly, recent CBN guidelines on anti-money laundering now require financial institutions to implement automated monitoring systems within defined timelines, supported by advanced technologies such as artificial intelligence, machine learning, and predictive analytics to enhance the detection of suspicious transactions and risk patterns.
However, this regulatory shift is not confined to the financial sector. The Nigeria Data Protection Commission has intensified enforcement under the Nigeria Data Protection Act through investigations, coordinated enforcement, and mutual oversight, demonstrating a more assertive approach to data governance.
Across the broader regulatory landscape, there are also early indications of a shift towards more technology-enabled supervision, as regulators begin to explore data-driven and automated approaches to oversight.
Taken together, these developments point in a clear direction: AI governance is moving from optional to obligatory. Hence, boards that are not already building frameworks are waiting to be caught by it.
At a recent high-level governance forum attended by senior board practitioners from some of Nigeria’s leading companies, a chief compliance officer with expertise in anti-money laundering, ethics, and fraud put the scale of the problem in perspective.
She highlighted that Africa loses approximately $88.6 billion annually, equivalent to 3.7% of the continent’s GDP, to illicit financial flows, including money laundering, criminal proceeds, asset misappropriation, procurement fraud, bribery, and corruption.
Governance failures, she observed, occur not where policies are absent, but where organisations have overestimated the effectiveness of the frameworks they already have. She identified three blind spots that she believes Nigerian organisations are systematically underestimating.
The first is AI governance. Almost no one in any Nigerian boardroom today, she claimed, can honestly claim they have never used ChatGPT or a similar AI tool for a professional task. However, most organisations have no formal AI policy governing how these tools are used, how their outputs are verified, or who is accountable for decisions they influence.
The second is third-party risk. While many Nigerian organisations maintain robust internal policies, the greater vulnerability often lies outside the organisation. Vendors are typically onboarded following initial due diligence, but that scrutiny is rarely sustained.
If a joint venture partner or technology provider’s risk profile shifts, as it often can in Nigeria’s operating environment, the organisation using their services bears the resulting regulatory and reputational consequences. Continuous due diligence is therefore not optional; it is the standard boards should now be setting.
The third is the speak-up culture. Many employees have serious concerns but are reluctant to raise them, either out of fear of retaliation or a belief that nothing will be done. Whistleblowing mechanisms that exist only on paper, internally managed, rarely promoted, and never independently evaluated, create the appearance of accountability without any substance.
Hence, effective mechanisms should be independently managed, regularly audited, and reinforced through employee surveys that give boards clear visibility into what is actually happening within the organisation.
As technology shapes decisions across credit, hiring, fraud detection, and customer analytics, the question is no longer whether organisations use AI, but whether their governance frameworks are keeping pace.
This reframes AI from a departmental concern into a board-level responsibility, and oversight of these systems requires the qualities effective boards are expected to bring, including ethical judgement, stakeholder sensitivity, cross-disciplinary thinking, and long-term accountability.
Thus, boards that engage with AI due to a lack of technological expertise are, in effect, abandoning oversight of one of the most consequential forces within their organisations.
