A Governance Imperative: Why Pension Funds Need a Dynamic AI Policy

By: Julie Reiser and Suzanne Dugan, Cohen Milstein

The rapid advancement of AI creates new fiduciary, operational, and governance risks for pension systems. Outright bans are not realistic. Developing a dynamic, principle-based AI governance is essential to protecting beneficiaries’ data, while safely streamlining efficiencies and enhancing returns.

Artificial Intelligence (AI) capability is advancing rapidly. As it improves, pension funds and their vendors are embedding AI into core investment and operational functions to enhance returns and improve efficiencies. AI tools now draft investment memoranda, summarize manager reports, model portfolio risk, analyze actuarial data, support benefits calculations, and automate member communications. Fund staff also use generative AI to accelerate research, interpret statutes, and draft internal documents.

Given these efficiencies, the question is no longer whether pension systems will use AI. It is how quickly they will establish AI governance and how often those policies should be reassessed. For pension fund leadership, AI is not simply a technology initiative. It is a fiduciary imperative.

If AI produces an incorrect benefits calculation, who catches it? If a model misinterprets statutory language governing eligibility or cost-of-living adjustments, who verifies the result? If staff upload confidential member data into a public AI tool, what are the privacy implications? If an investment decision is influenced by an AI-generated summary that omits key risk factors, how is that detected?

These risks are not theoretical. McKinsey reports that 88% of organizations now use AI in at least one business function, yet only about one-quarter have mature AI governance frameworks. That gap between adoption and oversight is particularly concerning for pension systems, which manage substantial assets and highly sensitive member data under strict fiduciary obligations.

AI Exposure Extends Beyond Investments

AI conversations often focus too narrowly on portfolio analytics. Pension system risk is far broader, extending across benefits administration, statutory compliance, data privacy and cybersecurity, investment oversight, board reporting and public disclosures. AI is already influencing each of these functions, and errors can go undetected and scale quickly.

Large language models can generate confident but inaccurate outputs that may oversimplify statutory language or summarize complex documents while missing material details. If not properly configured, they may also retain or expose sensitive data. In a pension system, such failures have tangible consequences: incorrect payments to beneficiaries, misstated disclosures, regulatory scrutiny, litigation exposure and reputational harm.

Fiduciary oversight requires understanding the tools that influence decisions, define boundaries of use, train personnel, and ensure vendor standards. Governance is not about slowing innovation; it is about preventing avoidable risk and demonstrating institutional oversight.

A “No AI” Policy Is Not a Solution

Refusing to adopt AI or discouraging its use is not effective oversight. Employees are already experimenting with AI tools. Research by Microsoft and LinkedIn found that 75% of knowledge workers use AI at work, and 78% of those users do so without employer approval, significantly increasing the risk that sensitive information will be shared with unvetted platforms.

Gartner projects that by 2030, 40% of enterprises will experience security or compliance incidents tied to unauthorized or “shadow AI” use. Prohibitions tend to drive usage underground rather than eliminate it. The absence of a policy does not prevent AI use; it prevents visibility into AI use. For pension funds, that visibility is essential.

AI Governance Is a Risk Management Function

An effective AI policy should answer three questions: Where is AI being used? What risks does that use create? Who is accountable for oversight?

Leading funds are beginning to evaluate AI use enterprise-wide and developing internal AI policies and governance frameworks. Essentially, AI deployment must be accompanied by institutional guardrails.

Pension system governance discussions should align with fiduciary duties: Is AI use consistent with statutory requirements? Are outputs verified before influencing decisions? Are member data protections clearly defined? Is the board receiving updates on AI initiatives and associated risks?

This requires acknowledging that AI is already embedded in work product and bringing it within formal oversight structures. In many cases, this also means engaging experienced governance and fiduciary advisors who understand both pension system operations and the legal obligations.

Practical First Steps

AI governance should be principle-based and dynamic. Initial steps include conducting an enterprise-wide inventory of AI use, clarifying privacy and confidentiality rules, establishing review protocols for AI-generated outputs and assigning executive-level accountability. Importantly, AI risk should be integrated into existing risk management and compliance structures rather than treated as a standalone initiative.

The technology sector’s mantra “move quickly and break things” is incompatible with the mission of pension systems. The retirement security of public employees depends on stability, accuracy, and trust.

Adopting a dynamic AI policy is not about resisting innovation. It is about protecting beneficiaries, preserving institutional credibility and ensuring that technological progress advances — rather than undermines — fiduciary duty.

About the authors: Julie Reiser, co-chair of Cohen Milstein’s Securities Litigation & Investor Protection practice, focuses on protecting the investment interests of public pension fund and Taft-Hartley pension funds.

Suzanne Dugan leads Cohen Milstein’s Ethics & Fiduciary Counseling practice, where she counsels pension funds on fiduciary responsibility, ethical duties, strategic governance, and compliance issues.