国际治理创新中心-人工智能相关风险：基于ESG的监督方法的优点（英文原版）.pdf

CIGI Papers No. 279 — August 2023 AI-Related Risk The Merits of an ESG-Based Approach to Oversight Mardi Witzel and Niraj Bhargava CIGI Papers No. 279 — August 2023 AI-Related Risk The Merits of an ESG-Based Approach to Oversight Mardi Witzel and Niraj Bhargava Copyright © 2023 by the Centre for International Governance Innovation The opinions expressed in this publication are those of the authors and do not necessarily reflect the views of the Centre for International Governance Innovation or its Board of Directors. For publications enquiries, please contact publications@cigionline.org. This work is licensed under a Creative Commons Attribution — Non-commercial — No Derivatives License. To view this license, visit (www.creativecommons.org/licenses/by-nc-nd/3.0/). For re-use or distribution, please include this copyright notice. Centre for International Governance Innovation and CIGI are registered trademarks. 67 Erb Street West Waterloo, ON, Canada N2L 6C2 www.cigionline.org About CIGI The Centre for International Governance Innovation (CIGI) is an independent, non-partisan think tank whose peer-reviewed research and trusted analysis influence policy makers to innovate. Our global network of multidisciplinary researchers and strategic partnerships provide policy solutions for the digital era with one goal: to improve people’s lives everywhere. Headquartered in Waterloo, Canada, CIGI has received support from the Government of Canada, the Government of Ontario and founder Jim Balsillie. À propos du CIGI Le Centre pour l’innovation dans la gouvernance internationale (CIGI) est un groupe de réflexion indépendant et non partisan dont les recherches évaluées par des pairs et les analyses fiables incitent les décideurs à innover. Grâce à son réseau mondial de chercheurs pluridisciplinaires et de partenariats stratégiques, le CIGI offre des solutions politiques adaptées à l’ère numérique dans le seul but d’améliorer la vie des gens du monde entier. Le CIGI, dont le siège se trouve à Waterloo, au Canada, bénéficie du soutien du gouvernement du Canada, du gouvernement de l’Ontario et de son fondateur, Jim Balsillie. Credits Managing Director of Digital Economy Robert Fay Director, Program Management Dianna English Project Manager Jenny Thiel Senior Publications Editor Jennifer Goyder Publications Editor Susan Bubak Graphic Designer Brooklynn SchwartzTable of Contents vi About the Authors vi Acronyms and Abbreviations 1 Executive Summary 1 Introduction 3 What Is ESG? 4 Why Govern AI Use through an ESG Approach? 5 The World of AI Governance 8 The Nature of AI-Related Risk 11 The Materiality of AI-Related Risk 16 Integrating Material AI-Related Risks into ESG 17 Considerations for a Path Forward 19 Works Cited 20 Appendix vi CIGI Papers No. 279 — August 2023 • Mardi Witzel and Niraj Bhargava About the Authors Mardi Witzel is an associate with NuEnergy.ai and is focused on ESG (environmental, social and corporate governance) and AI governance, and the special challenges facing high-growth firms. She serves on the board of PolyML, a private firm specializing in machine learning and advanced analytics, and has 20 years of experience in not-for-profit board governance, stakeholder engagement and strategic planning. Niraj Bhargava is the CEO and lead faculty at NuEnergy.ai and an expert on artificial intelligence (AI) governance. He leads a team of experts specialized in AI governance education, in the creation of organization- level AI governance frameworks and in the integration of NuEnergy’s AI trust measurement software, the Machine Trust Platform. Acronyms and Abbreviations AGI artificial general intelligence AI artificial intelligence AIA Algorithmic Impact Assessment AIDA Artificial Intelligence and Data Act AI RMF AI Risk Management Framework CDSB Climate Disclosure Standards Board ESG environmental, social, governance IFRS International Financial Reporting Standards IIRC International Integrated Reporting Council IP intellectual property ISO International Standards Organization ISSB International Sustainability Standards Board IT information technology NGOs non-governmental organizations NIST National Institute of Standards and Technology SASB Sustainability Accounting Standards Board TCFD Task Force on Climate-Related Financial Disclosure VRF Value Reporting Foundation1 AI-Related Risk:The Merits of an ESG-Based Approach to Oversight Executive Summary Artificial intelligence (AI) technology has been found to generate value for many firms; however, it also has unintended and undesirable consequences. The reality of AI-related risk has led to the development of AI governance frameworks and calls for greater oversight of the use of AI. The merits of an ESG (environmental, social, governance)-based approach to oversight of AI-related risk are considered in this paper, with a focus on the current trajectory of international sustainability standards development. Despite their differences, AI governance and ESG reporting both seek to address risk in the broadest sense, with proactive and transparent approaches to its management and mitigation. Recognizing that readers may be familiar with either AI governance or ESG but not likely both, the paper is constructed so as to provide an overview of each. The paper examines what is different about AI-related risk and identifies four factors: speed and scale, AI empowerment, AI life cycle and AI ethics. The analysis finds possible gaps and/or material topics that are not covered by the Sustainability Accounting Standards Board (SASB), including AI-related risks that may differ on an industry basis and on the basis of an enterprise’s role in the AI value chain. A preliminary set of recommendations for incorporating material AI-related risk into ESG reporting, covering both general or context-setting disclosures and industry-specific disclosures, is provided. Introduction AI technology is being applied broadly in business. According to one study (McKinsey this paper is focused only on a discussion of the financial materiality of AI risk to firms. Despite their different histories, the worlds of AI governance and ESG reporting share a common motivation: to address risk in the broadest sense, with proactive and transparent approaches to its management. Evidence of this agenda can be seen in recent developments from each discipline. The publication of the European Union’s proposed Artificial Intelligence Act (AI Act) in April 2021, represents the first example of a comprehensive regulatory approach to AI, carrying with it a broad suite of obligations, including transparency and disclosure relating to AI, and, in particular, the enterprise systems supporting its responsible development and use. In November 2021, the International Financial Reporting Standards (IFRS) Foundation announced the creation of an International Sustainability Standards Board (ISSB), signalling the advent of a more unified global approach to voluntary reporting and disclosure on ESG or sustainability standards. 1 The root of the case for an ESG-based approach to assessing risk and opportunity is found in stakeholder orientation, the time horizon it applies to both risk and opportunity and the role of reporting and disclosure. Stakeholder concern about AI-related business impacts, in general, and how data is sourced, secured and used, in particular, is at an all-time high. The call for appropriate corporate management and disclosure of AI use is emerging as both a public expectation 1 The terms ESG and sustainability are used interchangeably in this paper in relation to the reporting and disclosure initiatives. and, in many jurisdictions, a legal or regulatory requirement. Whereas conventional accounting methods are limited today in terms of their ability to incorporate many financially material issues, ESG frameworks provide a complementary approach. The literature on ESG and AI governance has been evolving, but there are only a few papers specifically exploring the utility of ESG as a framework for understanding, reporting and disclosing AI-related risk. James Brusseau (2023) finds the current suite of ESG ratings frameworks lacking for evaluating AI impacts and proposes a model based on commonly held principles for ethical AI, rather than adaptation of an existing ESG framework. Henrik Skaug Sætra (2021) proposes a framework for evaluating ESG-related impacts of AI according to the United Nations Sustainable Development Goals. Sætra (2022) builds on earlier work, presenting an AI ESG protocol — a framework for evaluating the ESG implications of AI capabilities, assets and activities according to three scopes of impacts and where these are experienced in the supply chain. This paper builds on this research in an examination of the value of applying an ESG lens to the challenge of AI governance, and specifically the management of AI-related risk. Recognizing the practical implications of the newly formed ISSB for global reporting, the contribution of this paper is to review the range of AI governance tools available today, explore the nature of AI-related risk and set forth an approach to how the reporting and disclosure of AI-related risk could be integrated into the work of the ISSB, toward development of a single global baseline for sustainability reporting. The hope and expectation is a fully implemented ESG framework, incorporating AI and, ultimately, the full realm of digital governance, will result in systems, controls and accountability for monitoring and reporting on the part of chief financial officers. The first section provides an overview of what is meant by ESG, because any evaluation of its value as a lens requires a basic appreciation of what ESG is. With this in hand, the second section conceptually explores the question of why AI should be governed through an ESG approach. In order to dig into this question more deeply, the third and fourth sections examine the state of AI governance approaches and the nature of AI- related risk, respectively. Having a foundational understanding of AI-related risk and AI governance facilitates the discussion that is the meat of this 3 AI-Related Risk:The Merits of an ESG-Based Approach to Oversight research, found in the last two sections of the paper. The fifth section addresses the idea of materiality in the context of AI-related risk and the sixth section provides preliminary ideas about how to accommodate these material concerns into the structure of ESG standards, reporting and disclosure that exists today. Specifically, the paper proposes questions and ideas reflecting the state of the ISSB’s guidance as captured in its Exposure Draft, General Requirements for Disclosure of Sustainability-related Financial Information. 2 What Is ESG? It is hard to find a good single definition of ESG, because it depends on the application. ESG might be seen as a set of environmental, social and governance criteria that investors use to screen investments. It could be seen to represent the score of a firm’s collective consciousness for ESG factors. Alternatively, a company might view ESG as a set of standards for corporate behaviour to be used in formulating strategies for long-term value creation. ESG is a framework for thinking more comprehensively and, therefore, more accurately about the risks and opportunities that firms face over short, medium and longer time horizons and how these may impact firm performance. Regardless of what it is called, there is a strong likelihood that important risks and opportunities are not being managed if a firm has not adopted an ESG framework. Instead of calling it ESG, this approach to thinking, planning, doing and reporting could instead be called “integrated financial and non-financial governance” because it incorporates a broader range of factors impacting company performance and valuation than traditional rules of financial disclosure require today. Practically speaking, ESG for organizations manifests itself as a management, reporting and disclosure approach that may be facilitated by one or more of a number of ESG frameworks. Large public companies are especially likely to be doing ESG reporting today, with evidence that more than 90 percent of the S&P 500 publish sustainability 2 See www.ifrs.org/projects/work-plan/general-sustainability-related- disclosures/exposure-draft-and-comment-letters/. reports (Governance and Accountability Institute 2021), although the transparency and quality of their data vary considerably. It is not only public companies — private companies, government agencies and non-governmental organizations (NGOs) also publish ESG data. Organizations may choose to use one of the leading global frameworks, such as those provided by the Global Reporting Initiative or the Value Reporting Foundation (VRF) 3 to identify, measure and report on the issues that are most material to their businesses. And beyond the information provided directly by an organization, investors and other stakeholders may look to sustainability information that is published by third-party ESG Ratings Agencies, such as Sustainalytics or MCSI ESG Research. The number of companies that publish ESG reports will continue to grow, as will the depth and quality of data, for a few reasons. Stakeholders, including investors, consumers, employees and regulators, are demanding access to this information. Additionally, there is evidence of ESG’s value as a driver of firm performance and of the role intangible assets play in enterprise valuation (often eclipsing tangible assets). And while the current hodgepodge of global ESG standards and frameworks has undermined uptake across many sectors, that is about to change, with the announcement of a global initiative to create universal standards for sustainability or ESG reporting. In 2021, the IFRS Foundation established an ISSB as a parallel organization to the International Accounting Standards Board, whose financial reporting standards are used in over 140 countries. This new organization will spearhead convergence on a set of harmonized global sustainability standards, in collaboration with the world’s leading ESG reporting frameworks. The new ISSB will consolidate leading investor-focused sustainability disclosure organizations including the Climate Disclosure Standards Board (CDSB) and the VRF, which itself is an amalgam of the former SASB and the IIRC. This consolidation, into a body capable of developing and overseeing a single set of global sustainability standards, is expected to be a game changer for sustainability reporting. If a company is taking a proactive approach to ESG, it means the board and senior management team are, one, consciously asking questions, getting 3 The Sustainability Accounting Standards Board (SASB) and the International Integrated Reporting Council (IIRC) came together to form the VRF in 2021.