The rapid adoption of artificial intelligence (AI) across is creating a new and complex layer of risk that regulators, boards and senior executives must no longer ignore, a new report by professional services firm, Kreston Pedabo, has said.

The report warned that as organisations increasingly rely on automated and data-driven systems for decision-making, weaknesses in governance and risk oversight are becoming more visible to regulators.

The report said artificial intelligence has evolved into a strategic risk and resilience concern.

It noted that Nigerian organisations are deploying AI tools across financial services, telecommunications, healthcare, professional services and the public sector to improve efficiency, reduce costs and enhance competitiveness.

While the technologies offer significant benefits, the report cautioned that they also introduce enterprise-wide risks that extend far beyond information technology.

These include data privacy breaches, algorithmic bias, lack of transparency and explainability, ethical concerns, regulatory non-compliance, third-party dependency and reputational damage.

The authors observed that AI risks remain poorly understood at the board level and are managed in silos, increasing organisations’ exposure to regulatory and operational shocks.

The report said regulators are increasingly alert to the weaknesses, adding that even in the absence of comprehensive AI-specific legislation in Nigeria, supervisory authorities use existing governance, data protection and sectoral rules to assess how organisations manage automated decision-making.

As a result, the report noted that boards and senior management are being held accountable for ensuring that AI systems operate within defined risk appetites and align with regulatory and stakeholder expectations.

Beyond artificial intelligence, the report placed AI-related risks within the broader context of a business environment that has become significantly more challenging in recent years.

Macroeconomic volatility, persistent foreign exchange pressures, high inflation, cyber threats and heightened scrutiny of environmental, social and governance practices have combined to increase uncertainty for Nigerian organisations, it noted.

According to Pedabo, regulators are no longer satisfied with fragmented or informal approaches to risk management. Instead, they are demanding clear evidence of structured, enterprise-wide risk management frameworks that are embedded in governance and decision-making processes.

They noted that regulatory reviews increasingly focus on the quality of oversight, the effectiveness of internal controls and the robustness of risk reporting, rather than the mere existence of policies.

The report explained that Enterprise Risk Management provides a systematic approach to identifying, assessing and managing risks that could affect organisational objectives.

Unlike traditional risk management models, they said ERM integrates risk considerations into strategy, operations and performance management.

In Nigeria, the report noted that regulators are placing growing emphasis on alignment with internationally recognised standards such as COSO ERM and ISO 31000, while expecting organisations to demonstrate how these frameworks work in practice.

Risk-based supervision models adopted by regulators such as the Central Bank of Nigeria, the Securities and Exchange Commission and the National Insurance Commission, they said, have further elevated expectations.

The experts added that boards are now expected to take clear ownership of risk oversight, define risk appetite and tolerance levels, address emerging risks and ensure continuous monitoring and reporting.

The report warned that failure to meet these expectations increasingly leads to formal regulatory findings, sanctions or reputational consequences.

Sector-specific regulatory pressure, they said, is shaping how organisations approach both traditional and emerging risks, noting that financial services, banks and other regulated institutions are required to maintain comprehensive ERM frameworks covering credit, market, liquidity, operational, cyber and technology risks, including those arising from automated systems.

In the capital market, they noted that the Securities and Exchange Commission regards enterprise-wide risk management as a cornerstone of good corporate governance, essential for protecting investor confidence and market integrity.

Insurers, the report said, are similarly under pressure from the National Insurance Commission to demonstrate a clear understanding of how advanced analytics and automation affect underwriting, investment decisions, solvency and capital adequacy.

The report noted that expectations around structured risk management are extending beyond heavily regulated sectors.

The authors noted that tax audits by the Nigeria Revenue Service often expose weaknesses in governance and internal controls, while organisations with mature ERM frameworks tend to experience fewer adverse outcomes.

Donors and development partners, they said, are also demanding stronger risk management from non-governmental organisations, particularly where digital tools and data analytics are used in programme delivery.