Board-Level AI Governance for New Zealand Directors

Director Liability Briefings

Most directors understand their general duties under the Companies Act 1993. Few have considered how those duties apply when management deploys machine learning models, generative AI tools, or autonomous decision-making systems that process personal information under the Privacy Act 2020. We run structured briefings that translate sections 131 through 138 of the Companies Act into concrete AI governance expectations: what directors must ask, what documentation to require, where personal liability exposure sits, and how D&O insurance coverage applies to AI-related claims. We cover the intersection of director duties with FMA conduct expectations, RBNZ prudential requirements, and the Fair Trading Act 1986's implications for AI-generated consumer communications. These briefings form the foundation of effective risk management at board level, giving directors the confidence to exercise informed oversight of AI systems without needing to become technologists.

• Companies Act duty mapping to AI risk categories
• Personal liability scenarios and case analysis
• D&O insurance gap assessment for AI-related claims
• Director question frameworks for management reporting

NZ Regulatory Landscape Education

The FMA expects conduct obligations to extend to AI in financial services, scrutinising algorithmic advice, automated credit decisions, and AI-driven customer outcomes with the same rigour as human decisions. The RBNZ expects prudential risk oversight to encompass technology systems, with growing attention to model risk, operational resilience, and concentration risk from third-party AI providers. The Office of the Privacy Commissioner has signalled algorithmic decision-making as a priority under the Privacy Act 2020, with specific guidance on transparency, the information privacy principles, and the emerging interpretation of automated processing obligations. The National AI Strategy, grounded in the OECD AI Principles, is influencing how all regulators think about AI oversight. These compliance expectations exist today, even without AI-specific legislation. We bring boards up to speed on what each regulator expects, where their organisation sits, and what governance gaps create the greatest risk management exposure, translating regulatory signals into actionable governance strategies that satisfy the Companies Act 1993's standard of reasonable oversight.

• FMA conduct expectations for AI-enabled services
• RBNZ prudential risk expectations mapping
• Privacy Act 2020 automated decision-making obligations
• Algorithm Charter and Public Service AI Framework briefing

Treaty-Informed Governance Design

Te Tiriti o Waitangi creates obligations that cannot be addressed by a privacy impact assessment or a standard risk register. When AI systems collect, process, or make decisions using data relating to Māori, boards need governance structures that reflect partnership, protection, and participation at a constitutional level. The Public Service AI Framework makes this explicit for Crown agencies, but the obligations extend further. Any organisation serving Māori communities or processing data about Māori faces expectations that are grounded in the fabric of Aotearoa's governance. Our team helps boards integrate these Treaty of Waitangi obligations into their AI governance substantively, not as an afterthought or a compliance checkbox. We work with directors to understand data kaitiakitanga, tino rangatiratanga over information, and the practical governance mechanisms that demonstrate genuine partnership, from iwi consultation protocols to equitable outcome monitoring. Genuine Māori data governance requires board-level commitment, and we ensure your governance reflects that commitment with mana.

• Māori data sovereignty assessment for AI systems
• Board reporting on Treaty compliance in AI deployments
• Consultation frameworks for AI affecting Māori communities
• Alignment with Te Mana Raraunga principles

Governance Structure and Charter Development

Knowing the risks is only valuable if it changes how your board operates. We design practical governance structures, including committee mandates, escalation thresholds, reporting cadences, and decision authorities, that give directors genuine oversight without requiring them to become technologists. For NZX-listed companies, we align these structures with the NZX Corporate Governance Code. For Crown entities, we integrate Public Service AI Framework requirements and Treaty of Waitangi obligations. For FMA and RBNZ-regulated businesses, we ensure governance structures satisfy the conduct and prudential expectations these regulators have signalled for AI systems. Every structure is tailored to your organisation's size, sector, and AI maturity level. Every structure maintains the rigorous oversight that regulators, stakeholders, and the Companies Act 1993 demand from directors.

• Board AI governance charter with NZ-specific provisions
• Committee mandate design or expansion recommendations
• AI risk escalation and decision authority matrix
• Board-ready AI reporting templates and dashboards

NZX-Listed and Large Private Companies

For boards navigating the NZX Corporate Governance Code alongside AI adoption. Whether you are deploying AI in customer-facing products, internal operations, or strategic decision support, your directors need governance frameworks that satisfy both the Code's principles and your Companies Act 1993 duties, including section 131's good faith requirement and section 137's standard of care. We build governance structures that scale with your ambitions, ensure compliance with the Privacy Act 2020 for AI-driven data processing, and demonstrate the informed oversight that institutional investors and regulators increasingly expect from listed companies.

Crown Entities and Government Organisations

Public sector boards face additional layers that private sector directors do not encounter. The Public Service AI Framework sets explicit expectations for AI deployment. Cabinet expectations on algorithmic transparency demand documented decision-making processes. The Algorithm Charter creates voluntary but reputationally binding commitments. And Treaty of Waitangi obligations are non-negotiable rather than aspirational, requiring genuine partnership with Māori in AI system design, deployment, and oversight. We help Crown entity boards meet these requirements while enabling the AI-driven efficiency gains government agencies are expected to deliver under the National AI Strategy. Governance must balance practical delivery with the unique obligations of serving all New Zealanders, including Māori data governance and equitable outcome monitoring.

FMA and RBNZ Regulated Entities

Financial services boards face the most immediate regulatory pressure on AI governance in New Zealand. The FMA's conduct expectations increasingly encompass algorithmic decision-making, AI-assisted customer advice, and automated compliance processes, with a focus on fair customer outcomes that mirrors the scrutiny applied to human decisions. The RBNZ's prudential focus is expanding to encompass model risk from machine learning systems, operational resilience dependencies on AI infrastructure, and concentration risk from third-party AI providers. If your organisation uses AI for credit decisions, claims processing, fraud detection, or customer advice, board-level governance is not optional. It is what regulators will ask to see. We help financial services boards build governance that satisfies both the FMA and RBNZ while meeting Companies Act 1993 duties and Privacy Act 2020 obligations. Effective oversight in this sector requires boards that understand where AI creates value and where it creates exposure.

Organisations with Māori Community Impact

If your AI systems collect, analyse, or make decisions using data about Māori communities, your board has governance obligations that go beyond the Privacy Act 2020. Te Tiriti o Waitangi creates expectations of partnership, protection, and participation that cannot be satisfied by a privacy impact assessment alone. We work with boards to integrate Treaty principles into AI governance in a way that is substantive, not performative, ensuring data kaitiakitanga, rangatiratanga over information, and meaningful iwi consultation are reflected in how AI is overseen at the highest level. This is about building governance that honours the constitutional fabric of New Zealand. We bring both the governance expertise and the cultural understanding that Māori data governance demands.