When Algorithms go wrong, directors are on the hook

Harm from AI is often discussed as an exception – an unfortunate edge case that can be patched with better data, better prompts, or better intent.

Boards should reject that framing.

Around the world, the most consequential AI failures were not surprises. They were foreseeable outcomes of predictable governance gaps: weak oversight, blurred accountability, and inadequate pathways for people to challenge automated decisions. When harm becomes visible through lawsuits, investigations, and public outrage, the institution is called to account. And at that moment, the board was not asked what it believed. It is asked what it governs.

Consider what these widely reported cases have in common.

In one high-profile dispute, families alleged that an insurer’s use of an algorithmic tool accelerated coverage denials for post-acute care, creating medical risk for vulnerable patients and triggering litigation. In another case, a customer relied on a chatbot’s guidance from a major airline and suffered a financial loss; the tribunal held the company responsible for the misinformation. In a third, an automated hiring screen rejected older applicants, resulting in a regulator-led enforcement action and settlement.

Then there are the incidents that show how synthetic reality can bypass traditional controls. A global firm suffered a substantial loss after an employee was persuaded via a deepfake-enabled video call to transfer funds. And in an identity and justice context, a faulty facial recognition match contributed to a wrongful arrest, raising civil liberties concerns and exposing the cost of overreliance on algorithmic outputs.

At a national scale, an automated debt scheme generated unlawful debts and widespread distress, culminating in a Royal Commission that described it as a major failure of administration. Another system used to detect fraud in public benefits spiralled into institutional harm for thousands of families, triggering investigations and long-term loss of trust.

Different sectors. Different geographies. One recurring lesson: harm is not a bug in AI governance. Harm is the bill that arrives when oversight is weak.

For corporate boards, the fiduciary implications are clear.

First, AI compresses the distance between decision and consequence. When decisions are automated, they scale instantly, impacting thousands of customers, patients, or applicants before a single executive meeting takes place. Second, AI introduces “authority without accountability” unless boards insist otherwise. A model can carry influence, but it cannot carry duty. Third, AI failures are rarely framed as technology failures in public. They are framed as leadership failures: ‘Why did you allow this?’ Why did you not detect it? Where could people appeal?

African boards should treat these cases as early warnings, not foreign stories. In many African markets, AI is being adopted rapidly through third-party tools such as credit scoring, fraud detection, customer support automation, identity verification, and workforce analytics, often with limited internal capacity to independently validate what the tools do in production. When the system is built elsewhere, trained elsewhere, and updated elsewhere, governance risk becomes geographically diffused. Accountability, however, remains local. That combination – high reliance and low verification – creates a risk profile boards cannot delegate away.

The most important board question is not “Do we use AI?” It is ‘What harm are we willing to risk, and what proof do we require before we accept that risk?’

What boards must demand

Boards add strategic value when they require evidence, not assurances.

They should demand a clear classification of “high-impact” AI uses – systems that materially affect access, opportunity, safety, or financial outcomes – and insist those systems face a higher governance bar before scale.

They should require named accountability at the executive level for AI outcomes, including customer harm, not only performance metrics. If accountability cannot be named, governance is already failing.

They should insist on redress that works in practice: a human-accessible path to challenge decisions, clear timelines, and documented remediation. A right without a route is a reputational risk.

They should require independent oversight. That means internal audit involvement for high-impact AI, third-party validation where appropriate, and board-level reporting that includes incidents, appeals, reversals, and harm metrics, not only adoption progress.

And they should modernise controls for synthetic reality: out-of-band verification for high-risk approvals, deepfake-aware training, and fraud controls designed for AI-enabled impersonation, not yesterday’s scams.

AI will deliver value in Africa. But value without accountability is fragile. The board’s job is not to be impressed by capability. It is to govern consequences.

Because when AI decisions affect lives, the question is never whether harm was intended. It is about whether harm was foreseeable and whether the institution built governance strong enough to prevent it, detect it, and repair it.

Amaka Ibeji, Founder of DPO Africa Network, is a Boardroom Qualified Technology Expert and Digital Trust Visionary. She advises boards, regulators, and organizations on privacy, AI governance, and data trust, while coaching and fostering leadership across industries. Connect: LinkedIn amakai | [email protected]