AI, intellectual property and governance: Why the real conversation belongs in the boardroom
7 min read
Artificial intelligence (AI) is no longer something financial institutions are preparing for. It is already embedded in how decisions are made, how products are designed and how risk is managed.
Whether through fraud detection, algorithmic trading, customer engagement or compliance monitoring, AI is steadily reshaping the financial services sector.
Much of the conversation around AI still focuses on innovation and capability, what these systems can do, how quickly they can be adopted and how they can improve efficiency. Beneath that, however, a more consequential conversation is emerging, centred on ownership, accountability and governance.
Increasingly, that conversation belongs in the boardroom.
AI does not operate in isolation. It sits at the intersection of technology, intellectual property (IP), risk and strategy. It creates value through data, models and automation while simultaneously introducing difficult questions about ownership, protection and liability when things go wrong.
Many organisations are beginning to recognise the real challenge with AI is not the technology itself, but whether existing governance structures can deal with the pace, complexity and legal uncertainty that accompany it.
The evolution of the AI debate reflects this shift. Much of the early focus centred on copyright risk. Generative AI systems are trained on vast volumes of data, much of which is protected by copyright. This has created increasing uncertainty around whether the use of copyrighted material in AI training, or the outputs generated by these systems, may amount to infringement.
In South Africa, the position is particularly nuanced. Copyright infringement does not depend on intention, but on whether a substantial part of a protected work has been reproduced. This means that even ordinary workplace conduct, such as employees uploading third-party research or sensitive client information into public AI tools, may create legal exposure.
For many institutions, this has been a significant wake-up call. AI risk is not confined to developers or IT teams. It can arise quietly through everyday business practices.
Copyright, however, is only one aspect of the issue. The next question organisations inevitably confront is whether AI-generated innovation can, in fact, be owned.
Patent law has started to provide some clarity. Courts in several jurisdictions have confirmed that AI itself cannot be recognised as an inventor. Human involvement remains central to patent protection, and ownership of an AI system does not automatically translate into ownership of everything it produces.
The organisations most likely to succeed in an AI-driven environment are not necessarily those using the most AI, but those capable of clearly identifying, structuring and protecting the human ingenuity underpinning it.
AI-related inventions are not excluded from patent protection altogether. Significant opportunities remain for businesses that can demonstrate genuine technical innovation rather than merely layering AI onto existing processes.
Patents, however, tell only part of the story. Some of the most valuable components of AI systems are precisely those that traditional IP frameworks struggle to protect. Proprietary datasets, model refinement techniques, training methodologies and internal processes often occupy a grey area: too commercially sensitive to disclose publicly, yet not always suited to copyright or patent protection.
This is where trade secrets become critically important. For many financial institutions, confidential data and proprietary models are among their most valuable assets and, in many cases, the true source of competitive advantage.
Trade secrets are, however, inherently fragile. Their protection depends entirely on confidentiality – and once confidentiality is lost, so too is the protection. AI can make that loss much easier.
Entering sensitive internal information into a GenAI platform may compromise confidentiality, particularly where data is retained or processed outside the organisation’s control. The same tools driving productivity and innovation may therefore expose the very information businesses are trying to protect.
That tension explains why the conversation can no longer remain solely within legal, compliance or technology teams.
AI cuts across every part of an organisation. It affects how decisions are made, how risk is assessed, how products are developed and how accountability is allocated. It does not fit neatly within traditional corporate silos, and fragmented governance approaches are unlikely to succeed.
Boards are being drawn into a far more active role, not because directors need to become AI specialists, but because AI is increasingly shaping organisational risk, strategic direction and long-term value creation. Effective oversight now requires more than understanding outcomes. Boards must also understand the assumptions, data and processes driving those outcomes.
AI governance is not ultimately about controlling technology. It is about ensuring organisations remain in control of their decision-making, IP and risk exposure as technology becomes increasingly embedded in business operations.
That requires different questions to be asked at leadership level:
- Is AI adoption aligned with business strategy?
- Does the organisation understand where its greatest AI-related risks lie?
- Are proprietary datasets, models and processes adequately protected?
- Is the organisation retaining ownership and control over the value AI is helping to create?
AI is not static. Models evolve, outputs shift and risks change over time. Governance cannot therefore be treated as a once-off policy exercise; it must be continuous, adaptive and embedded into decision-making processes.
For financial institutions, this creates both pressure and opportunity. Organisations that approach governance as a compliance obligation may find themselves slowing innovation while still struggling to manage risk effectively. Those that approach it strategically, integrating IP, governance and risk management into a coherent framework, are likely to move faster and with greater confidence.
The conversation around AI is no longer solely about technology. It is about how organisations protect value, manage accountability and maintain trust in a rapidly changing environment.
That is why this discussion has moved beyond innovation teams and legal departments. It now belongs in the boardroom.
Leanne Mostert
Partner
