Building a Case for Digital Trust

Ask my grandparents, parents or myself what made us credit union members, and we might sum it up as “trust”—trust the CU would do right by us. Ask any CEO how critical trust is to the credit union’s survival and you will hear “essential” or “critical.” Ask then how the CU deploys "digital trust” in strategic planning, and you’re likely to get a questioning look.

First, let’s define what exactly we mean by “digital trust.” According to ISACA, digital trust is:

Confidence in the integrity of the relationships, interactions and transactions among providers and consumers within an associated digital ecosystem. This includes the ability of people, organizations, processes, information, and technology to create and maintain trustworthy digital systems.

A few things to notice in the above definition:

• The emphasis is on interactions and relationships, not on (the use of) a technology. It’s about a code of ethics (transparency, accountability, fidelity) rather than a codicil of security standards.
• The approach is holistic and considers multiple aspects and groups, both internal (staff-management, employee-employee, management-board) and external (CU-suppliers, vendors-CU, members-CU, CU-community).
• It considers multiple aspects of operations, including, product quality, service reliability, branding and data ethics.

OK. So how do we build and create a credit union where digital trust is a part of our DNA? Let’s look at seven areas helpful in building trusted digital interactions.

7 Considerations for Building Digital Trust

First, we need to examine our credit union and what we see as important in our relationships with others. Do we make building and maintaining trust a priority? When business decisions are contemplated, do we first ask whether this will enhance trust and confidence in the CU? When we look at our policies, do we think about whether they embrace and generate trust?

Second, we need to understand our relationships, our interactions and the role and significance of trust within them. My need to trust the credit union is correctly processing an ATM withdrawal is much different than it is when completing a mortgage loan.

Third, we need to assess and monitor our progress and processes. We must avoid allowing digital trust to become another checkbox on our to-do list (i.e., once-and-done). If we want to build a digitally trusted credit union, we need to make it one of our strategic objectives and build out initiatives and projects to bring that trusted CU into being. We need to regularly query and assess how stakeholders view the trustworthiness of the CU (both internally and externally). A robust audit and assurance program to assess how well we’re performing can be key here.

Fourth, we need to communicate—trustfully. This is a bit more difficult than that simple sentence would make it seem. The CU must clearly outline both its expectations and intentions internally and externally on how digital trust will be achieved.

Fifth, the credit union must be prepared to respond truthfully and respectfully when incidents occur that impact trust. Bad things happen. When they do, the CU must have methods in-place to respond quickly and transparently, showing concern and respect for those affected.

Sixth, we truly earn trust with others when we are able not just to meet their expectations but exceed them. Rather than seeing our obligations as (just) what we do, we need to see them as the minimum we need to do.

Seventh and finally, we need to look at and consider the multiple areas within the CU that enable and build up trust in digital interactions:

• Principles, policies and frameworks—As we utilize various frameworks and write policies, do we consider and make digital trust an integral component?
• Processes—Processes are how work gets done. Do we regularly review our processes from the “trust” perspective?
• Organizational structures—Do our organizational structures (positions, groups, departments, committees, hierarchy, etc.) enhance the creation of trust?
• Culture, ethics and behavior—In many instances culture can be a stronger force in creating behavior than policy. Do we recognize and promote trustworthy behaviors and actions in our personnel?
• Information—Beyond just securing and utilizing information in a trustworthy manner, do we examine and ensure the information itself is trustworthy?
• Services, infrastructure and applications—Similar to information, do we ensure our information and technology systems are used and interact with each other in a manner building and enhancing trust?
• People, skills and competencies—As we look at the people in our credit union responsible for building and maintaining digital trust, do we ensure they receive the training needed to design, build and maintain trustworthy relationships between themselves, our members, suppliers and other CU stakeholders?

There is a very good chance you, the readers of this article, are in some way involved in a digital transformation initiative at your credit union. In looking over the projects and process changes the CU is working on related to digital transformation, it is worth taking the time to consider to what degree the CU is examining and including the above ideas on digital trust. As the credit union looks to automate and deploy technology solutions, is it also looking to enhance the confidence and trust in those solutions? When looking at interactions and relationships between the CU, its members and involved vendors, is your CU asking, “Are we placing confidence, fidelity, transparency, security and certainty (i.e., trust) at the center of those interactions?”

Jim Benlein, CISA, CISM, CRISC, owns KGS Consulting, LLC, Silverdale, Washington, and offers insights to credit unions on information technology governance, information security, and technology risk management. He also serves as a volunteer committee member at a local small CU.