Insights
“When we partner with our clients on AI adoption, we see tremendous potential waiting to be unlocked. The fastest path to realizing that potential is not rushing to deploy tools, but taking the time to define meaningful use cases, set clear data boundaries, and establish governance that guides every decision.” – Paul Goduco, Chief Technology Officer, PBI
That principle sits at the heart of how we work with alternative asset managers today. As AI becomes increasingly embedded in how managers operate, the ones best positioned with regulators and investors will be those that can demonstrate they are using it responsibly. This article explores what a governance-first framework looks like in practice, and why the sequence of adoption matters as much as the tools themselves.
Start With Governance, Not the Tool
The most common mistake alternative asset managers make when approaching AI adoption is starting with the platform. Teams evaluate ChatGPT against Microsoft Copilot, debate whether Claude is better suited for document review, and move quickly toward deployment without first establishing the governance foundation that makes any of those choices responsible.
This pattern repeats with every new wave of AI capability. ChatGPT captured attention first. Then Claude. Now the conversation has shifted toward autonomous agents and what comes next. Each cycle brings genuine capability, but it also brings pressure to act before the governance groundwork is laid. Discipline at that moment is exactly what separates durable adoption from repeated exposure.
The firms navigating AI adoption successfully have defined their use cases, established their policies, and put their oversight structures in place before committing to a tool. A governance-first framework is not tied to any single platform or model, and that is precisely what makes it hold up under scrutiny when an ODD practitioner or regulator starts asking questions.
Why AI Demands a Different Kind of Governance
A governance-first approach to AI starts with understanding why AI requires a different framework than traditional software. Conventional applications are deterministic, accessing defined data sources, producing clear audit trails, and doing exactly what they are programmed to do. AI systems operate differently. They make probabilistic, context-driven decisions, and without explicit restrictions, they may access far more of a firm’s environment than intended. Their reasoning processes can be opaque, their outputs require human validation, and their failure modes are unlike anything a traditional IT governance framework was designed to address.
The appropriate governance analog for AI is not a software deployment but a privileged insider: an entity that must be subject to access controls, change management, data governance, and continuous oversight. Firms that internalize this distinction build governance frameworks that are genuinely protective. Those that treat AI like another software rollout accumulate risk that tends to become visible at the worst possible moment.
Importantly, governance is not a one-time exercise. As Paul puts it: “Governance is a living framework, evolving alongside AI platforms, emerging capabilities, vendor changes, and regulatory expectations. By embedding these practices from the start and revisiting them continuously, our clients are empowered to innovate boldly, scale confidently, and demonstrate responsibility to investors, regulators, and ODD teams alike.” Lasting advantage in this space comes from building the discipline to evolve governance as fast as the technology itself.
Choosing the Right Platform for the Right Use Case
A governance-first framework does not mean slowing down AI adoption. It means being deliberate about matching tools to use cases before deployment rather than after. The major enterprise AI platforms each have genuine strengths, and the right choice depends entirely on the task, the data involved, and the regulatory context in which it will be used.
For alternative asset managers, the most important distinction is between platforms suited to day-to-day workflow augmentation and those better suited to document-intensive, analytically rigorous work. Getting that match right reduces both cost and risk, and it gives compliance teams a clear, documentable rationale for each deployment decision rather than a platform rollout in search of a use case.
The Governance Gaps That Create the Most Exposure
In our work with alternative asset managers, we consistently find that the most significant governance exposures are not the obvious ones. They tend to surface in unexpected places: where policy language outpaces technical enforcement, where approved tools coexist with AI capabilities quietly embedded in platforms the firm already uses, and where vendor contract promises diverge from what is actually happening at the model level.
A vendor’s zero data retention policy, for example, does not guarantee that prompts containing sensitive information will not influence model training or other sessions unless that claim is verified at the model level rather than simply accepted based on contract language. And many firms focus their governance frameworks on the AI tools they have chosen to deploy while overlooking the AI capabilities being embedded in established platforms across their existing technology stack. Each of those integrations represents an exposure that a governance framework must account for.
Deploying Responsibly: The Controls That Matter
A governance-first deployment approach requires alignment across three areas that firms often treat independently. Policy establishes the boundaries, technical controls enforce them, and governance structure ensures there is clear accountability when something falls outside those boundaries. Getting all three right and keeping them current as the AI landscape and regulatory expectations evolve, is what separates a governance framework that holds up under scrutiny from one that looks good on paper.
PBI: Governance-First AI for Alternative Asset Managers
PBI works at the intersection of front-office workflow, enterprise data management, and managed IT security, and our approach to AI governance reflects that integrated perspective. We require use case definition before any deployment, empower our CISO to provide formal evaluations on any AI tool we assess or recommend, and connect AI governance to the same discipline that governs your cloud posture, data access controls, and cybersecurity frameworks.
Rather than treating AI as a separate workstream, we help alternative asset managers make that connection visible, documented, and defensible, as part of a unified operational narrative that holds up under regulatory scrutiny, investor due diligence, and the scrutiny of your own compliance team.
Ready to build your AI governance framework?
The opportunity for AI in asset management is real, and lasting value comes from responsible adoption. With clearly defined use cases, the right governance structures, and ongoing oversight, firms can move faster, scale smarter, and innovate with confidence.
As Paul puts it: “Governance first gives firms a clear path to deploy AI responsibly today, while continuing to adapt as platforms, regulations, and business needs evolve.”
Firms ready to build that foundation can reach our team at https://pbi.lacewingstaging.com/contact-us/
Frequently Asked Questions
What does a governance-first AI framework mean for alternative asset managers? A governance-first framework means establishing use cases, policies, technical controls, and oversight structures before selecting or deploying any AI platform, rather than building governance around tools that are already in use.
How should alternative asset managers choose between AI platforms? Platform selection should follow use case definition. Different platforms are better suited to different tasks, and the right choice depends on what the tool will be used for, what data it will access, and what data protection requirements apply in that context.
What are regulators and ODD practitioners looking for in AI governance? They are examining whether firms have written AI policies, cross-functional governance structures, enterprise-tier licensing, and technical controls that go beyond policy to actively restrict and monitor AI access. The sophistication of these questions is increasing with every review cycle.
How should firms approach AI governance as platforms and models keep changing? Governance should be built to outlast any single platform. As ChatGPT gave way to Claude and Claude gives way to whatever comes next, the constant is governance built around principles rather than platforms. Use case discipline, access controls, and oversight structures apply regardless of which model or agent is in use, and that is precisely what makes them defensible.
News and articles
