Between Guardrails and Algorithms: How Malaysian Enterprises are Learning to Live with AI
TL;DR
AI is no longer experimental. It is being embedded into core operations across banking, insurance, and industrial sectors, but with a more cautious and controlled approach.
Malaysian enterprises want to move fast with AI, but are increasingly challenged by questions of accountability when systems act autonomously.
Governance is evolving from centralised oversight to shared responsibility, with business units taking a more active role in scaling and managing AI.
The biggest gap lies in execution, ensuring policies, controls, and awareness are consistently applied across users, systems, and increasingly autonomous AI environments.
AI has quickly become a marker of competitiveness, efficiency, and modernity. But it is also becoming a marker of exposure. In the rush to deploy, organisations are finding that reputation now travels in two directions: innovation on one side, and compliance risk on the other.
Last Wednesday, AIBP, together with Terminal 3 and SoftScheck, brought enterprise leaders together to discuss a key challenge: how to adopt AI without losing control, and how to clearly define responsibility in systems that evolve faster than the rules governing them.
This tension is unfolding in the shadow of real-world consequences where governance gaps are measured not in policy papers, but in penalties, reputational risk, and regulatory intervention. In Malaysia, for instance, cases such as enforcement actions involving major financial institutions including widely reported fines reaching RM1 billion have sharpened attention on what “responsible AI” and data governance actually mean when oversight fails at scale.
According to the AIBP Innovation Survey 2025/26, data privacy and security, regulatory and compliance challenges, and ethical considerations around responsible AI emerged as the top concerns linked to AI disruption, signalling that the region’s AI agenda is being shaped as much by constraint as by ambition.
AI Reputation Race: The rise of the cautious enterprise
Most Malaysian enterprises are institutionalising AI, but they are doing so with the caution of organisations that have learned how quickly scale can outpace control.
At Standard Chartered, AI adoption is approached with deliberate intent, knowing where it genuinely adds value, and where restraint is equally important. Ajith Aravindakshan, Global Category Manager – TTO & ITPS, highlighted the importance of responsible scaling, particularly in an environment where sensitive data and regulated decision-making leave little room for ambiguity.
Rather than treating AI as a standalone rollout, the bank is building a roadmap that spans multiple functions, ensuring adoption is both scalable and contained.
At OCBC Bank, the model is different in structure but similar in intent. Hwang Huong Ket, Vice President for Operational Excellence and AI governance, described a deliberately cross-functional approach, with operations, data, and customer experience working in tandem.
Governance sets direction, but execution is distributed. As initiatives mature, responsibility shifts outward rather than upward, moving from central coordination to embedded ownership within business units.
Hwang Huong Ket shared that different departments take responsibility for driving and scaling AI within their own domains. Yet each Independent department is highly collaborative where every function has a role to play in building and scaling AI capability across the bank.
The Accountability Tightrope: When Everyone Wants Speed, but No One Wants Liability
If there was a single refrain throughout the discussion, it was this: everyone wants AI acceleration, but no one wants AI liability.
In sectors like insurance, AI is a deployed system embedded in day-to-day decision-making.
At Berjaya Sompo Insurance Berhad, Tricia Appaduray, Chief Compliance & Sustainability Officer, described how AI is already supporting both customer-facing and internal workflows from chatbots to claims processing and underwriting.
“We use AI-powered tools and chatbots to support customers when they have queries or need assistance with claims, they can go through our chatbot, which helps guide them through the process.”, shared Tricia.
As these systems take on more responsibility, the conversation shifts from adoption to accountability. The efficiencies are clear, but so are the trade-offs: privacy, confidentiality, and the gradual erosion of clearly defined human decision boundaries in processes once fully governed by people.
This is where the paradox becomes structural: as AI systems begin to act, responsibility for their actions becomes harder to pinpoint when things go wrong.
Natasshia Nicole Lau, Regional Director for Southeast Asia and Australia & New Zealand at Terminal 3, framed this as a challenge of continuity Governance, which she notes that, cannot end once systems go live.
“What we focus on is how to ensure AI is deployed securely and responsibly. That means making sure the right people are accessing the right systems, and that controls are in place throughout the lifecycle of deployment.”, Natasshia explains.
A key shift she highlighted is the rise of AI agents: systems capable of acting with a degree of autonomy. The challenge then becomes how to govern them after deployment, ensuring they remain aligned with intent, policy, and compliance.
This is where complexity deepens: post-deployment control is no longer static. AI agents do not always stay within defined KPI boundaries unless actively managed, creating new forms of operational and compliance risk.
Across Asia, this is compounded by regulatory fragmentation, where different jurisdictions move at different speeds, producing a patchwork of rules enterprises must navigate simultaneously.
At its core, the governance challenge is about sustaining alignment across multiple environments without drift into unintended risk.
Beyond the Firewall: When AI Moves from Systems to the Shopfloor
Outside financial services, the same tensions are playing out in more industrial form.
At PETRONAS, AI adoption is increasingly embedded in enterprise and operational systems, particularly in predictive maintenance, upstream optimisation, and digital asset management.
While the objectives differ from banking, the governance challenge remains familiar: how to scale AI across complex, distributed operations without losing control at the edge.
In large industrial environments spanning geographies and operational contexts, AI systems are being deployed to interpret real-time data from equipment and production systems.
This challenge is echoed by Abu Hassan Ismail of SoftScheck APAC, who sees the issue most clearly at implementation level. Even where governance frameworks exist, enforcement at the edge remains uneven.
“When we do ISO audits, we still find many breaches in compliance at the end-user level. The awareness of risk in AI technology has not been distributed across the organisation.”, Abu said.
He pointed to cases where unauthorised AI tools were installed on enterprise workstations, creating compliance failures significant enough to impact certification outcomes. In the rush to govern systems, organisations are still struggling to govern usage.
Governance Without Finish Lines: Building Control for Systems That Don’t Stand Still
Enterprises are building policies, committees, and oversight layers at speed but AI systems evolve faster than these structures can stabilise. The result is a widening distance between what is written in governance frameworks and what is actually happening inside operational environments.
The real challenge is no longer whether organisations have AI governance in place, but whether that governance can survive contact with scale.
Because the same systems designed to increase speed and efficiency are also expanding the surface area of risk. And while frameworks continue to multiply, enforcement still depends on something less systematised: organisational discipline, behavioural consistency, and accountability at the edges where policy meets practice.
Is governance the new driver of customer trust?
We're gathering real-world case studies on Customer Growth, through the lens of governance and trust, exploring acquisition, engagement, and lifetime value in today's competitive landscape. If this is your space, we'd love to hear from you. Register your interest to join the survey and help shape the agenda for our 53d Conference & Exhibition.
