Commentary July 07 2026

Tiou Clarke | Who audits the AI algorithm?

Updated 6 hours ago 3 min read

Loading article...

  • Tiou Clarke

A quiet crisis of accountability is unfolding across corporate landscapes as companies outsource core business logic to automation. Algorithms now vet resumes, process credit lines, and interface with clients. However, as these systems evolve from simple assistants into autonomous ‘agentic’ tools (capable of making choices without human oversight), a glaring vulnerability emerges. Nobody truly knows who is running the machine, and few can explain its decisions.
In traditional governance, the chain of liability is clear. If a financial officer misreports figures, an audit trail exposes the error. If an HR manager discriminates, clear legal remedies exist. But, what happens when a self-learning algorithm miscalculates corporate data or perpetuates bias? Accountability instantly vanishes into a black box of complex neural networks.
Technology has fundamentally outpaced traditional corporate oversight. When an algorithm fails, pointing fingers at a software vendor is no longer an option. To bridge this dangerous gap, modern enterprises require a completely new executive archetype tasked with drawing the operational boundaries: the Corporate AI Governance Officer (AIGO).
DRIVING RISK UNDERGROUND
Executive boards and C-suite leaders routinely treat artificial intelligence (AI) as either a standard, localised IT upgrade or a catastrophic threat to be managed with broad, sweeping prohibitions. Many organisations responded to the initial rise of consumer generative tools by issuing blanket bans on public large language models (LLMs), fearing data leaks, regulatory non-compliance, and intellectual property exposure.
This reactive approach represents a fundamental failure of contemporary corporate governance. Prohibiting these tools does not stop employees from utilising them; it merely drives the technology underground, creating a highly precarious operational environment known as ‘Shadow AI’.
To meet demanding deadlines, employees secretly copy sensitive corporate data, proprietary source code, or protected customer information into public third-party web interfaces to complete tasks more quickly. True governance does not rely on unenforceable bans that stifle productivity and cause employee alienation. It requires active, risk-tiered acceptable use policies that distinguish between low-risk administrative assistance and high-risk operations involving proprietary data or automated decision-making. Managing this boundary is not a passive IT support function; it is a core fiduciary responsibility that belongs under dedicated executive oversight.
The Jamaica Data Protection Act (JDPA) 2020 became fully operational on December 1, 2023, forcing local organisations to completely reshape how they collect, store, and process personal information. The act introduced the mandatory role of the Data Protection Officer (DPO), an independent internal auditor tasked with ensuring compliance, protecting data subject rights, and reporting data breaches within a strict 72-hour window to the Office of the Information Commissioner (OIC).
Corporate Jamaica is now facing an identical inflection point with AI. The national regulatory environment is moving exceptionally quickly. Following the publication of the National AI Task Force Report, the government issued an urgent directive instructing the task force to advance national AI literacy and establish robust frameworks for data sovereignty, ethics, and accountability. A comprehensive national AI policy and an accompanying legislative framework are actively being drafted to govern how automated systems interact with society.
Relying solely on an existing DPO to manage AI risk, however, is a dangerous miscalculation. The JDPA governs data privacy; it does not govern algorithmic behaviour or automated choices. An enterprise can process data in a manner that is perfectly compliant with the JDPA yet still deploy an AI model that exhibits severe algorithmic bias during automated recruitment, exposes the firm to massive global copyright liabilities, or misallocates corporate capital based on flawed data logic.
– JDPA mandate: Governed by the DPO; focuses strictly on data at rest and user privacy compliance.
– Algorithmic governance: Governed by the AIGO; focuses on data in motion, model boundaries, and autonomous decisions.
WHERE LIABILITY LANDS
The operational risks for local enterprises are concrete, especially within Jamaica’s high-volume BPO and financial sectors. As companies deploy automated bots to screen job applicants or evaluate consumer creditworthiness, a critical question emerges: If a third-party platform systematically discriminates based on historical data patterns, who carries the legal liability? Local firms cannot simply blame external software vendors; corporate boards remain ultimately responsible for their digital agents.
Furthermore, auditing self-learning models under current compliance standards is an operational nightmare. If an algorithm leaks data or relies on unvetted pathways, trace-auditing the failure becomes virtually impossible without pre-established guardrails. Companies are actively buying commercial software with hidden, built-in AI modules. Without an exhaustive procurement framework, local firms are systematically importing unmanaged risks directly into their core digital infrastructure.
The era of treating AI as an IT novelty is over. As national policy moves toward formal legislative guardrails, forward-thinking Jamaican executives must take immediate action to secure their operations.
First, establish an AI Governance Committee. Appoint a cross-functional team combining legal counsel, risk management, and IT to map every instance where automated software touches business logic. Second, formally designate an AI Governance Lead. This leader must vet third-party procurement and ensure a human being remains firmly in the loop for critical operational decisions. Finally, transition from bans to guardrails by replacing outdated prohibition policies with role-based AI literacy training.
Building a sustainable digital economy requires structural oversight. Corporate Jamaica must step up, define its algorithmic boundaries, and decide exactly who is auditing the machine, before an automated error determines the enterprise’s future.
Dr Tiou Clarke is a lecturer and researcher in the School of Business Administration at the University of Technology, Jamaica. Send feedback to tiouclarke.facilitator@gmail.com