AI powered systems and services have rapidly transformed digital capabilities across every economic sector. With this capacity comes a significant governance challenge. Unlike earlier systems, AI can answer questions or recommend courses of action based not on rules programmed by humans, but on those it has derived from its own analysis of large pools of data.
For AI to produce valuable insights, however, the right kinds of information is required to train it and form the assumptions embedded in the system. There are many examples of outright error or bias. One MIT study found that facial-recognition software worked much more effectively for white males than dark-skinned females, probably because of weaknesses in the training data. Amazon abandoned early efforts to use AI in recruitment assessment because of the latter’s tendency to privilege male applicants. Further complicating the matter, many AI tools produce only answers to questions; the reasoning behind them remains obscured in a high-tech black box.
This need for AI is clear. Best practice in creating ethical corporate guardrails for AI is less so. The experience of Mastercard holds important lessons for companies as they wrestle with this issue. Any company that wants to deploy such powerful capability must create effective ethical-governance standards to avoid reliance on flawed advice that may lead to error or failure to meet compliance requirements.
As the need for AI governance arises from a new digital capability, the temptation is to look for a straightforward technological fix. This is the wrong approach, for two reasons. First, tools ready for easy adoption may not exist. When Mastercard began its process of creating AI governance arrangements, executives scanned what was available and found very little on which they could draw. Since then, AI governance framework toolkits and templates have proliferated online, but there is no guarantee that these will apply to any given company’s circumstances without substantial revisions.
Second, and more important, focusing initially on which technological changes to make is to put the cart before the horse. Instead, in order to create and apply the right governance guardrails, companies must begin by looking at their own core purpose and underlying value, and consider arrangements that will make AI serve these.
Mastercard defines itself as “a technology company in the global payments industry that connects consumers, financial institutions, merchants, governments, digital partners, businesses and other organizations worldwide, enabling them to use electronic forms of payment instead of cash and checks.” It aims to facilitate transactions by acting as a conduit for sending information between merchants and the banks of buyers.
The company has a longstanding policy of adopting the most up-to-date technology to help it accomplish its mission. As early as 1973, it moved from telephone to use of a computer network for payment authorizations. Mastercard sees AI as the most recent innovation that can benefit its stakeholders; accordingly, it has positioned itself to become an Al powerhouse. This includes using technology to enhance its products, increase the efficiency and effectiveness of internal operations and, in particular, use AI to support its fraud prevention, anti-money laundering, and cyber-security processes.
Any such integration of AI, however, has had to occur within the strict framework of the company’s compliance regimes and values. An issue of particular relevance here is Mastercard’s focus on data protection. Indeed, because the company acts, in essence, as a data pipeline between merchant and bank, its policy is to limit the information it receives and sends to the minimum necessary to facilitate any given transaction. It does retain some data, but governs this using its Data Responsibility Imperative: a series of principles that go beyond government data-privacy mandates.
Underlying this policy, and everything else at Mastercard, is the company’s core value of dedication to decency, what it calls its Decency Quotient. Boiled down, this is a commitment that companies and employees will try to do the right thing.
By beginning with first principles (that is, the company’s purpose and values), Mastercard’s executives understood that the business already had some of the building blocks of an AI ethical framework. In particular, the company’s Privacy By Design process ensures that new products have appropriate data-privacy safeguards built in. Privacy By Design was both an initial model for the approach adopted in the broader AI framework, and also has become an element of it, operating whenever new AI use cases raise privacy issues for the company.
The AI governance framework itself also reflects Mastercard’s values and purpose. Governance executives analyze a project for potential integration of AI innovation only when it has reached a suitable stage of maturity. The framework is also designed to be agile. An AI Governance Council oversees it. In order to avoid generating bureaucracy within the company, this meets on an ad hoc basis. The Council consists of the Chief Privacy Officer, the Chief Data Officer, the Chief Security Officer, and the EVP Artificial Intelligence.
Other executives are co-opted where their expertise is particularly pertinent to the consideration of specific use cases, such as the CHRO if an AI tool for assessing applications is under consideration. A great strength of Mastercard’s approach is that it is cross-disciplinary and cross-functional. This feature allows a greater appreciation of potential weaknesses and biases in a new use case.
The framework represents far more than a box-ticking exercise and, for new products and services, can take over a year to implement.
Most importantly, the process is also designed to ensure that ethical integrity and fairness are maintained, and privacy respected. In particular, this means an effort to avoid bias (originating from an AI tool or algorithm) affecting decisions. After developers identify potential problems, solutions may involve technological fixes such as using more representative data or better code; or human ones, such as employing appropriately diverse teams in the development of algorithms.
The framework represents far more than a box-ticking exercise and, for new products and services, can take over a year to implement. The Council has insisted on full transparency in the process, which is essential to allowing financial service providers – Mastercard’s immediate customers – explain decisions to consumers.
Nor are the Council’s activities restricted to product development and deployment. Any new use of AI is relevant, including that taking part in acquired businesses. In one case, a newly purchased business was using AI-powered software to speed up dispute resolutions. The Framework and Privacy by Design processes led to a decision not to integrate the data of the new company into Mastercard’s existing system. This step was to eliminate the chance of other systems using the combined data in a way that would identify the individual consumers. In other cases, governance considerations have led Mastercard to withdraw from deals to acquire startups with potentially useful new AI technology.
A final important learning from Mastercard’s experience is that its AI Framework cannot be seen as a completed solution. It’s always evolving.
In the early stages, every time the team reviewed an AI project, it uncovered new aspects which they needed to incorporate into the framework to ensure it was robust. The company also had several leading academic institutions review the governance process and incorporated their feedback into revisions. Over the longer term, the company is also considering the establishment of an external AI ethics advisory board to maintain standards and objectivity.
An important indication of the effectiveness of the original model and its ability to grow has been Mastercard’s response to generative AI. Unlike some companies, it has been able to allow the use of online generative AI tools, such as ChatGPT, where appropriate, and is using the framework to consider various new initiatives. The particular challenges of the new technology require some adjustments to the model – notably a greater emphasis on reviewing of results and their impacts – but there has been no need to reconstruct the governance framework from scratch.
As Mastercard’s experience shows, the way to overcome the challenges of AI (or the application of any new digital innovation) is to eschew a focus on simple technological fixes and, instead, let an approach evolve, guided by the purpose and values of the organization.
The healthcare and pharmaceutical sectors are experiencing radical evolution through artificial intelligence, driving competition, and improving clinical outcomes. IMD's AI Maturity Index highlights effective approaches from industry frontrunners like Bayer, Medtronic, and...
Professionals who use AI in a disciplined way to compound their cognitive thinking over time will be the long-term winners. Michael Watkins explains how to make AI a cognitive superpower rather than...
From the untamed rise of semi-autonomous agents to growing concerns around accountability and security risks, AI agents are creating new headaches for CIOs. Here's how tech leaders can navigate the challenges. ...
Artificial intelligence is perhaps the most far-reaching technology ever created. Google’s AI business strategist Gopi Kallayil recommends asking yourself three key questions regarding your business strategy and identifies three AI capabilities you...
Explore first person business intelligence from top minds curated for a global executive audience