Travers Smith's Alternative Insights: Governing the huge potential of AI

Alternative Insights Summit 2026

We are hosting our fifth annual Alternative Insights Summit on 18 June. The day is a flagship, invitation only event for the alternative asset management industry which will this year explore the theme of "Disruptors and the disrupted".

Our summit is aimed at senior representatives from the alternative asset management industry. Spaces are limited, but if you would like to register your interest in attending, please get in touch.

Listen now or read the full briefing below

KEY INSIGHTS

Governance creates value: Effective AI governance is not a compliance exercise – for private capital firms, it is a discipline central to value creation, which can be applied as rigorously to their own operations as to their portfolio companies.

Humans must stay in control: An effective AI governance framework places human oversight and accountability at its core, with named individuals responsible, clear rules on data and tools, and meaningful review of every AI-generated output.

Nimbleness is now essential: As technology, regulation and use cases evolve rapidly, firms must continuously adapt their AI policies – and embed a culture that empowers, even requires, staff to use AI actively while remaining alert to its risks.

A regular briefing for the alternative asset management industry

Governance often gets a bad rap. Some business leaders think of it as bureaucracy, getting in the way of innovation and growth. A compliance exercise that delivers pages of policies and procedures – essential for mitigating risks but not adding much value.

That is not how private capital firms see it. For them, good corporate governance is a central part of the value creation story – and a discipline they apply rigorously when assessing and managing portfolio companies.

Most corporate governance frameworks place the board at the centre of this: tasked with setting overall strategy, determining company policies, and overseeing risk management – including digital risks. Understanding how technological change will affect strategy and its successful execution is therefore a business-critical core competency for the firm's leaders.

Most firms now have AI policies. But it is worth asking whether the firm's approach to AI – embedded in the policy, but also as experienced by those working there – establishes the framework and culture to take full advantage. Importantly, does the approach fit with the firm's mission and values, and does it build value for all stakeholders – especially LPs, who are increasingly asking questions.

What is clear is that an approach that focuses only on risks and rules will miss the mark. It could hold the firm and its portfolio companies back.

So, what does an effective AI governance strategy look like?

First, the firm should make sure responsibility sits at the very top – senior executives must own AI governance and have the competency to match. Accountability should sit with named individuals, not diffused across the organisation.

Second, the firm's own AI use needs a clear framework – with human oversight at its core. Firms should ideally have an approved list of AI tools, which can be tricky, given the sheer pace of change. In any case, the firm must have rules on how each model can be used, and what data can be fed into it. The governance framework should also include an efficient and well-understood process for approving new tools – so there is quick uptake of safe new technology, but very clear guardrails.

Data, IP and information security must be treated as governance issues, not just compliance ones. They are core to business strategy and risk management. The firm needs clear rules about what data can be fed into AI systems – and how confidentiality and data privacy are protected. Firms should satisfy themselves that AI systems are secure and that data inputted into them can be properly managed. IP ownership of AI-generated outputs remains an unresolved question in most jurisdictions. These are not technical issues to be handled solely by the IT or legal team – they go directly to the integrity and trustworthiness of the firm's operations, and should be governed accordingly.

"An approach that focuses only on risks and rules will miss the mark. It could hold the firm and its portfolio companies back."

Running through all of this is the clear message that AI is not a substitute for human judgement. AI-generated outputs – whether in investment analysis, client communications, or risk assessment – must always be subject to meaningful human review. As importantly, good record-keeping must allow the firm to demonstrate what went into an AI, what came out, and what assessment was made before that output was put to use.

Third, the firm must be nimble, adapting quickly to change. Existing policies should be reviewed regularly, as best practices evolve and use cases multiply, and as regulation – including the EU AI Act and FCA guidance – changes. Most firms will have data protection, outsourcing, conflicts, and risk management policies. Those policies apply to AI use whether they say so explicitly or not – but that is not enough. Adapting those policies so that they are fit for an AI-enabled environment is likely to be essential.

And, as every compliance professional knows, a policy that no-one reads is little better than not having one at all. So, a process that engages the whole organisation in the risks and opportunities of technology – empowering them to make active use, but conscious of the dangers – is now a key success factor. Many existing policies fail that test.

Fourth, some policies overlook indirect exposures to AI. Many suppliers and service providers embed AI in their products and services, and the firm's existing third-party risk management framework must be applied to those relationships. The firm first needs to understand how AI is used by those to whom it outsources tasks and, in some cases, may need to get directly involved in oversight.

Fifth, for private equity and venture capital firms, encouraging adoption of new technology is certainly a source of value creation. Partnerships with technology firms – like the recent joint venture between Anthropic, Blackstone, Hellman & Friedman and Goldman Sachs – will support that, but UK Private Capital research already shows that private equity sponsors prioritise AI adoption in their 100-day plan.

But that strength does also highlight the investor's responsibility to oversee how AI is developed and deployed in portfolio companies. A GP is almost uniquely placed to ensure that the well-documented risks of bias, discrimination and misinformation are properly controlled. In the future, these risks might come to define some private equity firms if misuse puts a company in breach of regulatory rules or societal norms. AI governance is therefore already a crucial part of due diligence and ongoing portfolio monitoring – carefully balanced against the liability risks of being too involved.

For a GP and for its portfolio companies, an AI governance framework is not a document to be written once and filed. It must be adapted continuously as the technology, the use cases, and the regulatory environment evolve. It must be at the core of the firm's outputs, understood and embraced by all staff.

For senior leaders in private markets, that is a familiar discipline – it is how they approach material risks and opportunity in the portfolio. Many are now treating AI as a special case, but applying the same underlying principles – governance that nurtures entrepreneurial ambition and rigour, but with full recognition of downside risks. That approach is likely to pay off.

Read Samuel Brewer Profile