Each of BonsAI's 12 governance domains has a dedicated governance function. It knows your organisation's policies for that domain, monitors relevant developments, thinks continuously, and supports your people through every discussion and decision they make — grounded in your own governance. Click any domain to expand it. Each domain also has four sub-domains — more specific governance areas that can be activated independently.
Governs how the organisation identifies, assesses, and responds to risk and compliance obligations. Covers regulatory interpretation, internal policy conflicts, audit readiness, and third-party risk.
Most relevant to
Chief Risk OfficerChief Compliance OfficerHead of Internal AuditGeneral CounselCOO
How work gets done inside this domain
›"Does this new regulation apply to our product line, and what changes are required?"
›"We have a conflict between our regional and global policies. Which takes precedence?"
›"Are we audit-ready on this process, and what documentation gaps exist?"
›"This new vendor handles personal data. What risk assessment is required before we proceed?"
Governs how the organisation evaluates, approves, and manages capital decisions — from business cases and budget commitments to M&A screening and investment trade-offs.
Most relevant to
CFOHead of StrategyChief Investment OfficerBoard Audit & Risk CommitteeCOO
How work gets done inside this domain
›"This business case projects a 3-year payback. Does it meet our investment governance threshold?"
›"We are screening an acquisition target. What governance criteria apply before due diligence?"
›"This project delivers strong short-term returns but depresses margins for 18 months. How does our governance treat this trade-off?"
›"The financial assumptions in this forecast are optimistic. What does our governance require for stress testing?"
Governs procurement and sourcing decisions — including supplier selection, contract risk, ethical sourcing obligations, supply chain resilience, and ESG requirements in the value chain.
Most relevant to
Chief Procurement OfficerHead of Supply ChainCOOChief Sustainability OfficerCFO
How work gets done inside this domain
›"We are considering a sole-source contract with this supplier. Does this create concentration risk?"
›"This supplier is in a high-risk region for labour standards. What does our ethical sourcing policy require?"
›"We can reduce cost by 15% by consolidating to one supplier. What does our resilience policy say?"
›"This supplier has not disclosed their Scope 3 emissions. What are our obligations?"
Governs decisions about entering new markets, launching in new geographies, or expanding the organisation's operational footprint — including geopolitical risk, licensing, and social licence considerations.
Most relevant to
CEOChief Strategy OfficerGeneral CounselChief Risk OfficerHead of Business Development
How work gets done inside this domain
›"We are evaluating market entry into this jurisdiction. What regulatory requirements must we meet?"
›"Our expansion plan requires a local JV partner. What governance criteria apply to selecting one?"
›"There is significant geopolitical instability in this market. How does our governance treat country risk?"
›"We need social licence to operate in this community. What does our governance require before engagement?"
Governs how the organisation manages its sustainability commitments — including decarbonisation targets, climate risk exposure, sustainability reporting obligations, and greenwashing risk.
Most relevant to
Chief Sustainability OfficerCFOBoardHead of Investor RelationsChief Risk Officer
How work gets done inside this domain
›"We are planning a new facility. Does this align with our decarbonisation pathway commitments?"
›"We want to make a net zero claim in our marketing. What does our governance require before we can?"
›"What physical climate risks apply to our operations in this region?"
›"Our sustainability report is due. What are our disclosure obligations?"
Governs product and service decisions — including product safety, portfolio prioritisation, innovation trade-offs, pricing conduct, and lifecycle impact.
Most relevant to
Chief Product OfficerCMOCFOHead of R&DGeneral Counsel
How work gets done inside this domain
›"We are launching a product in a regulated category. What safety governance applies before go-to-market?"
›"This product generates strong margins but creates significant end-of-life waste. What does our lifecycle governance require?"
›"We are considering a pricing increase. What does our market conduct governance say?"
›"This new feature accelerates time to market but skips a compliance step. What does our governance allow?"
Governs how the organisation uses data, deploys AI, and adopts new technology — including AI model accountability, data privacy, automation risk, and vendor AI dependency.
Most relevant to
CIOCTOChief Data OfficerData Protection OfficerGeneral Counsel
How work gets done inside this domain
›"We are deploying an AI model to assist with credit decisions. What does our AI accountability governance require?"
›"This new vendor will process personal data on our behalf. What does our privacy governance require before we sign?"
›"We are automating this approval process. What human-in-the-loop requirements apply?"
›"We are becoming dependent on a single AI vendor for a critical function. What does our governance say?"
Governs how the organisation identifies, manages, and contains legal risk — including contractual liability, intellectual property, dispute resolution, and cross-border legal exposure.
Most relevant to
General CounselChief Legal OfficerCompany SecretaryCFOChief Risk Officer
How work gets done inside this domain
›"This contract contains an unlimited liability clause. Does this fall within our contractual risk governance?"
›"A third party is using technology that appears to infringe our IP. What does our governance require before we respond?"
›"We have received a dispute notice. What is our settlement authority and escalation path?"
›"We are entering a commercial arrangement in a jurisdiction with a different legal system. What cross-border risk governance applies?"
Governs decisions that affect the workforce — including restructuring, talent allocation, DEI commitments, and labour relations. Ensures people decisions reflect legal obligations and ethical commitments simultaneously.
Most relevant to
CHROCOOGeneral CounselCEOHead of Talent
How work gets done inside this domain
›"We are proposing a restructure that affects 60 people across three countries. What governance steps are required before announcement?"
›"This promotion decision has been challenged on DEI grounds. What does our governance require in terms of review?"
›"We are reallocating talent from one division to another. What governance applies?"
›"We are entering union negotiations in a new jurisdiction. What does our labour relations governance require?"
Governs how the organisation responds to crises, operational incidents, and requests for exceptions to normal governance rules — ensuring emergency decisions are still made within a defined framework.
Most relevant to
COOCROCEOGeneral CounselHead of Operations
How work gets done inside this domain
›"We have a product safety incident. What are our immediate notification and response obligations?"
›"A team needs an exception to our procurement policy for an urgent need. What is the approval path?"
›"We are in a crisis that may require deviating from normal governance. What does our exception governance allow?"
›"We have resolved an incident. What does our governance require for post-incident documentation and review?"
Governs what the organisation says publicly — marketing claims, media statements, social media, regulatory disclosures, and external commitments. Ensures communications reflect what the organisation can actually substantiate.
Most relevant to
CMOHead of CommunicationsGeneral CounselCEOChief Compliance Officer
How work gets done inside this domain
›"We are planning a performance claim in this campaign. What substantiation does our governance require?"
›"We need to make a public statement about an ongoing legal matter. What does our communications governance require?"
›"Our social media team wants to respond to a negative story. What approval process applies?"
›"We are making a public commitment about a future target. What does our governance require before we can claim this?"
Governs how the organisation enters, manages, and exits strategic partnerships, platform relationships, and ecosystem commitments — ensuring partnership decisions align with long-term strategic intent and risk appetite.
Most relevant to
CEOChief Strategy OfficerHead of Business DevelopmentGeneral CounselCFO
How work gets done inside this domain
›"We are evaluating a partnership that could create exclusivity obligations. What does our governance require before we sign?"
›"A current partner is underperforming. What does our governance require before we consider exiting?"
›"We are being approached to join an industry consortium. What governance criteria apply?"
›"This partnership creates dependency on a single external platform for a critical capability. How does our governance treat this?"
Sub-domains: expanding continuously
Each of the 12 domains currently includes four sub-domains — more specific governance areas that can be activated independently as a distinct governance function — by role, topic, or work context. For example, activating Regulatory Change Interpretation as a distinct function within the broader Enterprise Risk & Compliance domain. Across all 12 domains, BonsAI currently covers 48 sub-domains — with more being developed on an ongoing basis. If you have a specific governance area not yet covered, contact us — new sub-domains can be prioritised based on client need.
