Board AI Governance Readiness Programme | Nexora Tech – Aparna Kumar

Is Your Board Ready
to Govern AI?

A structured six-month advisory programme equipping Indian and multinational boards with the governance architecture, accountability structures, and regulatory readiness to govern artificial intelligence — with evidence.

Book a Discovery Call View The Programme →
The Governance Challenge

Boards are accountable for AI they cannot see, and held responsible for controls that do not yet exist

AI is making consequential decisions across credit, fraud detection, customer service, and operations. Your board is accountable for these decisions — to your regulator, your auditor, your institutional investors. But the governance architecture to discharge that accountability has not been built.

This is not negligence. The frameworks are new. The regulatory expectations are hardening faster than boards can respond. The programme exists to close that gap — systematically, with evidence, in six months.

No named AI Risk Owner

Governance accountability for AI is disputed or absent. No one has a board-endorsed mandate to own it.

No enterprise AI inventory

Management cannot confirm what AI systems are in production, who owns them, or what risk they carry.

No regulatory evidence trail

When your regulator asks for AI governance documentation — EU AI Act, SEBI LODR, RBI — your board cannot produce it.

₹35M
EU AI Act maximum fine for prohibited AI practices — 7% of global turnover for the largest violations
2025
EU AI Act enforcement began February 2025. DPDP Act 2023 accountability obligations are already active
6 months
From first board briefing to a complete, audit-ready governance architecture — with independent assurance
The 6-Month Programme

Governance architecture built with your board — phase by phase

Each month delivers a specific, named governance outcome. Nothing generic. Everything calibrated to your organisation's AI systems, your regulatory exposure, and your board's specific governance context. Led personally by Aparna Kumar.

Month 1 · Foundation

AI Literacy & Inventory

  • Board AI Literacy Briefing — all directors
  • AI Risk Owner chartered and board-approved
  • Enterprise AI Inventory initiated
✓ Deliverable: AI Risk Owner Charter
Month 2 · Classify

Risk & Appetite

  • AI Inventory complete — all systems named and owned
  • AI Risk Classification Framework adopted
  • Board AI Risk Appetite Statement approved
✓ Deliverable: Risk Appetite Statement
Month 3 · Govern

Governance Framework

  • NIST AI RMF-aligned governance reporting live
  • Vendor due diligence protocol for GPAI providers
  • Agent permissions policy for autonomous AI
✓ Deliverable: First Risk Committee AI Report
Month 4 · Test

Security & Testing

  • Prompt injection & adversarial testing on GenAI
  • Kill-switch runbooks documented and rehearsed
  • Deepfake detection protocol deployed
✓ Deliverable: Adversarial Test Results Report
Month 5 · Monitor

Monitor & Resilience

  • Drift and bias monitoring dashboards live
  • AI Incident Taxonomy and escalation tiers
  • AI-specific resilience tabletop exercise
✓ Deliverable: AI Incident Taxonomy
Month 6 · Assure

Assurance & Readiness

  • Internal Audit AI Coverage Plan endorsed
  • EU AI Act gap assessment with remediation roadmap
  • Board AI Dashboard — standing governance agenda item
✓ Deliverable: Board AI Dashboard
Aparna Kumar

Aparna Kumar — Former CIO, State Bank of India & HSBC

Founder, Nexora Tech & Aparna Tech Trends

Led Personally By

Practitioner depth that no advisory firm can replicate

Aparna Kumar is not an AI governance consultant who studied the frameworks. She built AI governance from inside two of the world's most regulated financial institutions — as CIO of State Bank of India and HSBC— under actual regulatory scrutiny, with consequences.

Chief Information Officer — State Bank of India (2022–2024) Led the world's first at-scale CBDC deployment during India's G20 presidency. Governed AI across India's largest bank.
Chief Information Officer — HSBC(2019–2022) Led DORA global implementation. Directed analysis of 1,500+ applications for India's data localisation regulations.
PGPMAX (MBA) — Indian School of Business Executive programmes at Wharton, Kellogg, and IIM Ahmedabad. 30+ years CIO leadership across private and public banking.
View Brochure →
Designed For

Boards where AI governance is a live obligation, not a future consideration

BFSI Institutions

Banks, NBFCs, and insurance companies subject to RBI AI guidance, SEBI scrutiny, and regulatory examination of credit AI and fraud detection systems.

BSE / NSE Listed Companies

Listed entities with SEBI LODR Risk Management Committee obligations that now encompass AI risk oversight — and institutional investors asking governance questions.

India-Headquartered Multinationals

Organisations with EU-facing products, EU resident data, or multinational AI deployments creating EU AI Act extraterritorial exposure alongside DPDP Act obligations.

Healthcare & Pharma

Hospitals, diagnostics firms, and pharmaceutical companies deploying clinical AI — where patient safety obligations, DPDP Act health data provisions, and EU AI Act high-risk classification converge.

Boards Facing Regulatory Examination

Organisations that have received AI-related examination findings, regulatory enquiries, or investor governance questionnaires — and need to build the evidence trail urgently.

GenAI-at-Scale Deployers

Organisations deploying GenAI in customer-facing or operational roles without the governance architecture to oversee hallucination, adversarial exposure, or agentic AI risk.

What You Hold at Month 6

Eight governance outcomes. Every one audit-ready.

Board AI Literacy

All directors briefed and able to independently challenge management AI assertions

Named AI Risk Owner

Accountability chartered, board-endorsed, and operationally live

Enterprise AI Inventory

Every material AI system visible, classified, and named-owned

Board Risk Appetite

AI Risk Appetite Statement board-approved and measured quarterly

Adversarial Resilience

GenAI systems tested, vulnerabilities remediated, kill-switches rehearsed

Real-Time Monitoring

Drift, bias, and hallucination dashboards operational for production AI

Independent Assurance

Internal Audit AI Coverage Plan endorsed by Audit Committee

Regulatory Readiness

EU AI Act gap assessment complete — SEBI, RBI, DPDP Act obligations mapped

Programme Delivery Team

Practitioner depth at every layer of the engagement

Every client engagement is led personally by Aparna Kumar and supported by a multi-disciplinary team of domain experts. Each member brings demonstrated practitioner credentials — not advisory theory — ensuring every phase of the programme is delivered at board level.

Aparna Kumar

Aparna Kumar

Programme Lead · Founder, Nexora Tech & Aparna Tech Trends

  • Former CIO — State Bank of India
  • Former CIO — HSBC
  • 30+ years CIO leadership
  • ISB PGPMAX · Wharton · Kellogg · IIM-A
  • LinkedIn Top Leadership Voice

Programme Lead — Every board session, every discovery call

Aparna Kumar is one of India's most respected technology leaders, bringing 30+ years of CIO experience across India's largest public-sector bank and one of the world's leading multinational financial institutions. As CIO of State Bank of India, she led the world's first at-scale CBDC deployment during India's G20 presidency. As Country CIO of HSBC, she directed the analysis and remediation of 1,500+ applications under India's data localisation regulations and participated in the global implementation of DORA.

Aparna built AI governance under actual regulatory scrutiny — in production, at enterprise scale, with consequences. The Board AI Governance Readiness Programme embodies that practitioner experience, not advisory theory. Every board session, CXO conversation, and discovery call is led personally by Aparna. That commitment is non-delegable.

CBDC World-First · SBI G20 DORA Implementation · HSBC 1,500+ Apps Reviewed GenAI Governance EU AI Act · SEBI LODR · RBI · DPDP Act
Sudip kumar

Sudiip Kumar

Senior Advisor · AI/ML Technology & Global Enterprise Delivery

  • 30+ years AI/ML technology leadership
  • 2,750+ global enterprise clients
  • 350+ languages · multilingual AI
  • MBA(ISB, Hyderabad) CFA(USA)

AI/ML Engineering & Global Technology Delivery

A distinguished technology leader with over 30 years of experience building and scaling enterprise AI/ML platforms at global scale. Most notably, led the end-to-end development of an AI/ML-based Translation Management Platform — a multilingual AI infrastructure now serving more than 2,750 global enterprise customers across 350+ languages, spanning financial services, healthcare, legal, technology, and government sectors.

Within the Nexora programme, this advisor contributes specialist expertise to the AI architecture assessment, GenAI deployment evaluation, and vendor due diligence phases — bringing a proven track record of building AI products that operate reliably under the exacting governance, compliance, and quality standards of global enterprise environments.

AI/ML Platform Architecture Translation Mgmt Platform · 2,750+ Clients 350+ Languages · Multilingual AI NLP · Transformer Models Enterprise AI Governance AI Vendor Due Diligence

Engagement Delivery Lead

Programme Execution · Working Group Facilitation

  • 8–12 years enterprise risk & IT governance
  • CISA / CRISC / CISSP
  • Big Four / Tier 1 consulting background
  • NIST AI RMF · SEBI · RBI · DPDP Act

Operational backbone of every programme engagement

With 8–12 years in enterprise risk, IT governance, or compliance advisory, the Engagement Delivery Lead runs all monthly working group sessions, owns the evidence documentation trail, and manages client relationships between Nexors's board touchpoints. This professional operates with the regulatory depth to independently facilitate NIST AI RMF sessions, vendor due diligence workshops, and adversarial testing coordination — ensuring quality in every deliverable before it reaches the client.

Working Group Facilitation NIST AI RMF AI Inventory & Risk Classification SEBI LODR · RBI · DPDP Act Evidence Architecture

Governance Analyst

Governance Documentation · Regulatory Research

  • 3–5 years compliance / legal / consulting
  • Primary regulatory research depth
  • Board-quality writing & documentation
  • EUR-Lex · RBI · SEBI · MeitY sources

Documentation and research engine of the programme

The Governance Analyst designs, populates, and maintains every governance deliverable across — AI Inventories, Risk Appetite Statements, NIST AI RMF reports, EU AI Act gap assessments, and Board AI Dashboards. With 3–5 years in compliance, legal advisory, or management consulting, this professional translates complex regulatory obligations into precise, board-readable documentation and produces the quarterly Regulatory Horizon Scan covering EU AI Act, DPDP Act 2023, SEBI LODR, and RBI AI guidance developments.

AI Inventory Design NIST AI RMF Reporting EU AI Act Gap Assessment Regulatory Intelligence Board-Quality Documentation

AI Security Specialist

Adversarial Testing · GenAI Resilience (Contracted per Engagement)

  • Hands-on LLM security & red team
  • OSCP / CEH / GPEN certified
  • OWASP Top 10 for LLM Applications
  • Regulated BFSI & healthcare environments

Month 4 adversarial testing on live GenAI systems

Engaged from Month 4, the AI Security Specialist conducts prompt injection and adversarial testing on the client's live GenAI systems, executes structured red team exercises, validates that kill-switch runbooks work as documented (not just that they exist), and designs deepfake detection protocols for senior leadership impersonation scenarios. All findings are delivered in a written Adversarial Test Results report — severity-rated, OWASP LLM Top 10 aligned, and structured for board reporting and regulatory audit review.

Prompt Injection Testing LLM Red Team Exercises Kill-Switch Validation Deepfake Detection OWASP LLM Top 10

BD & Operations Associate

Pipeline Management · Marketing Operations

  • 3–5 years professional services BD
  • CRM · outreach sequence management
  • Board-level correspondence quality
  • Big Four / law firm background preferred

Keeps the engagement running with clients

The BD & Operations Associate ensures a high-touch client relationship. He manages client discussions, proposal customisation, quarterly regulatory scan distribution, and private briefing event logistics — maintaining the precision and tone required for board-level advisory practice.

Pipeline & CRM Management Outreach Sequence Execution LinkedIn Content Scheduling Proposal Coordination Regulatory Scan Distribution
Common Questions

Questions boards ask before engaging

An audit identifies gaps and produces a report. This programme builds the governance architecture that closes them — and builds it with your board, not for them. At the end of six months, an auditor asking about your AI governance posture gets evidence, not a remediation plan.
The full board is present for three touchpoints over six months: the Month 1 literacy briefing (90 minutes), and two subsequent formal presentations. Total board time: approximately 4–6 hours. The working group — three to five members from Risk, Technology, Legal, and Internal Audit — commits approximately 4–6 hours per month.
It may — the EU AI Act has extraterritorial reach. If your organisation places AI systems on the EU market, or if the output of your AI systems is used in the EU — including processing EU residents' data — you may be in scope. Indian banks with EU depositors, ITES companies with EU-facing products, and pharmaceutical companies with EU clinical AI are among those frequently in scope. A formal applicability assessment is included in Month 6.
Frequently. Most organisations have pieces — a policy, a vendor checklist, an AI section in the risk register. What is almost always missing is the connected architecture: named accountability, measured risk appetite, independent assurance, and a board-level oversight cadence. We begin with a rapid maturity assessment and design a modular engagement that builds on what exists, typically reducing the engagement to three or four months.
Yes. The Board AI Literacy Briefing is a standalone 90-minute session available as an entry point. A Modular Engagement selects specific phases based on your highest-priority governance gaps. A Regulatory Gap Assessment is available for organisations facing a specific EU AI Act or DPDP Act deadline. All entry-point fees are creditable against the full programme if you proceed.
No — it complements them. This programme builds the governance architecture that satisfies legal and audit obligations. Your legal counsel determines what the law requires; we build the structures that demonstrate compliance in practice. Many of our engagements run alongside existing Big Four or law firm advisory relationships. We strongly recommend that clients engage qualified legal counsel for formal regulatory opinions.

The boards that act now will
not look back

Book a 30-minute discovery call with Aparna Kumar. Not a sales meeting — a direct conversation about where your board is on AI governance and what the most immediate priorities are. No obligation.

Book a Discovery Call →
sales@nexoratechsolutions.com +91-8799918172 LinkedIn
×

Download Programme

×

Download Programme