New trust mechanisms for businesses

Start adding items to your reading lists:
or
Save this item to:
This item has been saved to your reading list.

Over the past century, historical events, technological innovations and other developments have spurred the creation of mechanisms that advance or restore trust – among parties in a transaction and across society as a whole. These mechanisms are anchored by the basic principles of trust, from reciprocity following violations of trust to transparency and information during the rise of the digital age.

As trust continues to evolve, today’s challenging environment requires new trust mechanisms. A bitter presidential election last year has given way to uncertainty this year, with businesses watching for regulatory changes, economic shifts and other swings that could affect their operations.

New trust mechanisms that can help companies navigate this landscape include different versions of business practices, updated and refined for the current climate. They also include completely new instruments that can better establish and maintain trust amid a growing number of hazards.

Build trust by managing risk

Companies today have more information and data about their customers than ever, and their ecosystems can include hundreds or thousands of vendors and subcontractors. That means more potential for trust to be violated, and for those violations to affect a company’s financial performance.

Managing risk isn’t new for businesses. But instead of being a constant concern only for compliance officers, risk and its role in maintaining trust are now issues across a company – from the board of directors to the front lines. This is true both for high-profile threats, such as data breaches, product mishaps or environmental issues, and in day-to-day operations. That’s where companies can suffer smaller breakdowns but also find ways to improve transparency and trust among stakeholders.

Some level of risk-taking is necessary in almost any business. Today’s climate gives companies an opportunity to bolster trust through risk management frameworks that cover the enterprise while being agile and resilient. High-performing companies align risk management with strategic planning, and finding the right balance between agility and resilience can not only solidify trust but also boost profitability.

Trust across the network    

The proliferation of connections within companies’ ecosystems has elevated the need for third-party risk management and its importance for ensuring trust across their vendor networks. The advantages of outsourcing, such as lower costs and higher efficiency, may not mean much if there aren’t protections that maintain trust, such as reporting that provides transparency and mitigates risks of the unknown.

Involving third-party risk management in the development of a vendor relationship allows all parties to understand the expectations, paving the way for a smoother relationship in which controls are transparent and trusted. That confidence is crucial for executives, who realize that any breakdown in trust, regardless of its place in the vendor network, ultimately reflects on their company.

Analysis of both internal and external data can play a vital role in third-party risk management. While some companies remain challenged by the quality of their data, dashboards and visualization tools can pull from different data sets and unstructured data and connect useful information. That allows businesses to make faster, smarter decisions – whether it’s a healthcare company delivering better patient care or a bank accurately predicting where fraud might occur.

An updated framework

One mechanism that can help a business consider risk in developing its overall strategy – instead of evaluating risks after the strategy is set – is the recently updated framework from the Committee of Sponsoring Organizations of the Treadway Commission (COSO). In 2016, COSO’s integrated framework for enterprise risk management built on its previous guidance for compliance issues and IT risks by providing companies with principles to manage risk from strategy-setting through execution.

The draft COSO update shows how enterprise risk management can help a business define desired behaviors that embody its core values and attitudes toward risk – both vital to fostering trust among stakeholders. It also promotes the alignment of strategy and culture, seeking to avoid mismatches – for example, a conservative culture with a high-risk strategy – that could create rifts that endanger trust.

Company culture is often regarded as a soft issue, but its role in managing risk and maintaining trust has grown significantly. From employees to board members to customers to suppliers, stakeholders increasingly want to understand how business decisions are influenced by culture. They also want to know that the culture enables the open discussion of any issues that pose risks and could lead to trust breakdowns.

There’s a straight line from reducing risks to building trust to hitting performance and growth goals for the business. With its focus on strategy and culture in managing risk, the recent COSO update can be useful in cultivating trust from the top of an organization to the trenches.

Trust in the digital world

Without question, the digital era has transformed people’s lives – from banking to dating, shopping to schooling – and created more opportunities to build trust. It also has brought new urgency to the issue of trust in business.

In PwC’s 2017 CEO Survey, US executives overwhelmingly voiced concerns about the impact of cyber threats on company growth prospects; data privacy and cybersecurity breaches ranked as the top dangers to stakeholder trust in next few years. This anxiety isn’t surprising given the cost of data breaches – now an average of $4 million, according to a 2016 IBM Security report.

These threats are amplified as businesses become more interconnected and frequently store data beyond their office walls. Seeking lower costs, higher productivity and more convenience, companies continue to adopt cloud services. With digital platforms often serving as their front door, companies need to ensure that customers and employees trust those platforms to be secure and reliable.

Pursuing an ecosystem of expertise

Facing a stream of viruses, malware and other invasive programs, businesses recognize the value of collaboration against cyber threats. By trusting each other to fight a common enemy, companies hope to establish more confidence among various stakeholders.

Yet more collective action could protect companies and their customers. At a US Senate hearing in January 2017, top intelligence officials said cyber threats demand immediate attention from companies, which shouldn’t wait for government threat warnings.

One mechanism that can build trust is information sharing and analysis organizations (ISAOs) – voluntary groups that collect and analyze information about cyber threats. By quickly and widely sharing threat data, ISAOs aim to disrupt hackers and enable companies to efficiently manage the risk of breaches.

Information sharing on the rise

After President Obama launched the ISAO initiative in early 2015, work began on guidelines for creating successful hubs. Developed by industry stakeholders, the guidelines were published in September 2016 and provide concrete recommendations – including practical steps for ISAOs and details on what can be shared – that can help companies of all sizes effectively share up-to-date cybersecurity information.

Unlike most earlier information sharing groups, ISAOs aren’t tied to specific industries, instead sharing information among communities of interest. Being able to tap expertise and experiences across sectors can help companies find the best practices for improving cybersecurity. Ultimately, businesses could move from occasionally trading stories about breaches to proactively keeping the same threats from harming others – a new trust ecosystem.        

At the same time, companies continue to partner within their own industries. In 2016, many large US banks formed an alliance to trade information about digital threats and share model hacking scenarios, The Wall Street Journal reported. The initiative expands on existing information sharing with more sophisticated analysis and deeper collaboration among banks often targeted by hackers.

More trust in transactions

As information sharing among banks shows, financial services is an area where ensuring trust is paramount. After the financial crisis and Great Recession, public trust in banks trails many other industries. That standing wasn’t helped by headlines in 2016 about bank employees creating bogus accounts with fake email addresses.

In the past, a local banker may have personally known his neighbor and easily approved a simple credit agreement. Today’s financial value chains can involve dozens of parties, making transparency of information and trust in transactions critical. This is even more vital considering today’s uncertain regulatory outlook.

In PwC’s most recent Risk in Review annual study, financial services firms scored highest in risk resiliency and outpaced many other sectors in using data analytics. Within their current platforms, many banks continue to pursue additional data analysis to better understand their customers. At the same time, stronger risk management can reduce the potential for fraud and other breakdowns.

For instance, Service Organization Control (SOC) reports provide assurance over third party processes and functions – crucial in an industry where regulatory pressures and client confidentiality are top concerns. With the growing use of cloud-based solutions to store sensitive financial information, SOC 2 reports help increase transparency and build confidence by evaluating controls related to the security, availability and processing integrity of a system, as well as the confidentiality and privacy of the information processed by the system. 

A new way to secure and verify transactions

Beyond the above efforts, banks are exploring a recent innovation that can better protect and authenticate transactions. Blockchain is a distributed electronic ledger that uses peer-to-peer database technology to record transactions and contracts without a central bank or clearinghouse.

The most well-known use is bitcoin, a digital currency first used in 2009 and now accepted by more than 100,000 merchants worldwide. By storing data across its network, blockchain creates a decentralized system that’s harder for hackers to exploit and could allow parties who don’t know each other to have more confidence in a transaction.

Being able to better protect transactions is understandably appealing to financial institutions as they continue to fight cyber threats and comply with government regulations. There’s also the opportunity to simplify paper-heavy and logistically complicated systems. Given these prospects, many big banks over the past few years have started investing significant resources in blockchain – from pilot programs to prototypes to partnerships with technology companies.

These efforts are mostly in the early stages and not without risks, such as a lack of common standards and regulatory oversight, as well as other risks that may not emerge until the scale increases. Still, collaborative technologies such as blockchain could lower the cost of trust by improving business processes, potentially generating higher returns than traditional investments by banks. But they do require trust and new kinds of collaboration – with customers, vendors or even competitors.

Blockchain could narrow the trust gap

Blockchain’s potential as a trust mechanism could reach beyond banks, with other industries seeking a confidence boost from better protecting transactions and creating an indisputable, transparent audit trail. Because blockchain can record every stage of a transaction, it could potentially be used to secure and verify other types of transactions, such as escrow accounts, contracts, deeds, ratings and reviews, or even electoral systems.

In essence, blockchain may replace the traditional human third-party authentication by checking the identities and other facts needed to validate and complete a transaction, which would then be in a permanent record visible to all parties. This “virtual third party” may be considered more reliable and trustworthy because it’s not controlled by any one business, government agency or other organization.

The possibilities could extend to a wide range of sectors. Consider the shared ownership of such tangible assets as homes or cars. In health care, patient information could be encrypted and safely shared among multiple providers. And the potential for smart contracts raises the possibilities of autonomous commerce, government and even society. 

New trust mechanisms depend on collaboration

As the above mechanisms continue to evolve, their success in building trust depends on how well the invested parties collaborate with each other. Stronger risk frameworks, information sharing and analysis, and blockchain rely on a combination of transparency and common purpose in which all stakeholders must have confidence.

Despite an unsettled climate and unclear economic outlook, trust could flourish as adoption of these mechanisms increases and companies start to see a positive financial impact. Business growth, in turn, can put a company in a stronger position that could further build confidence among customers, employees, vendors, investors and others vital to its success.

Click here to download the PDF.

 

Contact us

Todd Bialick

Todd Bialick

Deputy Risk Assurance Leader, PwC US

Scott Greenfield

Scott Greenfield

Digital Risk Solutions Leader, PwC US

Follow us