How can companies build trust in AI?

AI is already creating measurable value for Australian businesses – from reducing scams and fraud to improving customer experiences and freeing employees to focus on higher value tasks. But as the technology evolves from prompt‑based tools to more autonomous agents, the expectations of boards, regulators and customers are changing.

“Building and deploying an AI system doesn’t automatically add value to the organisation,” says Brad Daffy, Partner, AI & Automation, KPMG Australia. “That comes down to three things. One, can you actually go live with the system – will it get through all your checks, testing and sign-offs? Two, will it be accepted by boards and regulators? And three, will customers actually use it, because that’s when the benefits are realised. 

“That’s why responsible, well-governed AI matters – it builds the foundation of trust that ultimately creates value.” 

It’s a challenge underlined by the data. Research from KPMG and the University of Melbourne reveals Australians are apprehensive about AI, with just 36% willing to trust AI, while 78% are concerned about negative outcomes. For organisations investing in AI at scale, building and maintaining trust depends on getting governance and transparency right.

“AI is evolving rapidly, and it’s critical for leaders to understand how Australians feel about the technology’s use and, in turn, be transparent about how it is being used,” says Ranil Boteju, Chief AI Officer, CommBank.

Recognising stakeholder interest in how it is adopting AI, CommBank was the first Australian bank to release a detailed report outlining how it has implemented AI, its responsible AI governance framework and practical application examples across its operations. 

“Operating in a highly regulated industry, CBA’s existing risk management frameworks are essential to how the bank manages AI risk,” Boteju says. "We have six guiding principles we refer to throughout the lifecycle of an AI project: fairness, transparency, privacy and data protection, accountability, reliability and security, as well as environmental and social.

"These principles help guide the application and development of existing policies, frameworks and resources to support our people in the responsible ideation and management of AI systems. This helps us develop AI solutions that genuinely benefit our customers and communities," - Ranil Boteju, Chief AI Officer, CommBank

Navigating a changing environment

If responsible governance is the foundation for scaling AI responsibly, the shift to agentic AI is raising the bar.

Daffy points out that when tools like ChatGPT and Copilot first emerged, they were almost entirely driven by human prompts. Now, organisations are shifting towards agentic AI – systems that can operate with far more autonomy by planning tasks, making decisions and working out the steps that lead to a goal. 

This shift has intensified concerns about the so-called black-box problem, where an AI system’s internal decision-making process is hidden or opaque. This makes it difficult to understand or verify how it reached a particular outcome.

“We’re investing in technologies that give us better visibility into how AI systems make decisions,” says Lisa Green, Data & AI Strategy and Architecture Executive, Telstra. “When working at scale, good governance relies on the right tools, as well as human oversight. We’re working closely with our SaaS partners to make sure a similar level of transparency is built into their solutions.”

Building trust through transparency and accountability 

Explainability is only part of the equation. For Daffy's third test – whether customers will actually use AI – organisations also need to demonstrate that data is handled responsibly.

“They want to know what’s happening to their data – how it’s being used, whether it’s being shared and whether it’s being used to train AI systems or models that might affect them in some way,” says Daffy.

Telstra has found that customers are more likely to trust the process when they can clearly see what happens to their data. This aligns with KPMG’s research, which shows that the right assurance mechanisms can significantly increase consumer confidence.

“For example, giving people the opportunity to opt out of having their data used, allowing for human intervention, being accountable, having the right monitoring in place and providing appropriate training for employees are all things organisations can do to increase transparency,” says Daffy.  

Green predicts that contestability will soon become a more common issue.

“Existing regulatory approaches are beginning to address automated decision making,” she says. “Looking ahead, as people become more familiar with AI, we’re likely to see growing expectations for transparency and the ability to better understand and interact with AI-supported decisions.”

"Looking ahead, as people become more familiar with AI, we’re likely to see growing expectations for transparency and the ability to better understand and interact with AI-supported decisions.” – Lisa Green, Data & AI Strategy and Architecture Executive, Telstra

Responsible AI reaches beyond reliability, safety, privacy, protection and security to more human challenges.

“Employees and consumers want to know how AI is addressing issues such as human rights, bias and discrimination,” says Green. “As we sit on the UNESCO Business Council for ethical AI, we also advocate for this in Australia and globally.”

Boteju agrees, adding that Australia’s AI Ethics Principles, published in 2019, should be a north star for businesses as they develop and implement AI.

“We all want to use AI that is safe, reliable and fair,” he says. “When organisations produce AI tools that meet these ethical requirements, we start to build broad public trust in a technology which can benefit the whole economy through productivity and efficiency gains.”

This is why CommBank's governance framework embeds these principles at every stage of the AI lifecycle – from design through deployment to ongoing monitoring – ensuring accountability is practical, not just aspirational.

Putting governance into practice

Transparency and accountability set the direction but realising value requires the organisational structures to back them up. This is where Daffy's first two tests come into focus: can a system get through all the checks, testing and sign-offs, and will it be accepted by boards and regulators?

"AI is much more than a matter of technology, it requires organisation-wide strategy and priority," says Daffy. "We developed a framework anchored by three principles – being values driven, human centric and trustworthy. This directly informs how we make decisions around building, buying and using AI.

"We have mobilised a Trusted AI Council consisting of senior leaders and an external member, which oversees our use of AI. We have implemented an AI management system, and we're proud to be the first professional services firm in the world and the first company in Australia to achieve ISO 42001 certification for responsible governance of our AI management system."

Telstra operates under a clear and structured risk delegation framework. Every use case has a named owner, and all new models, systems, or significant changes are reviewed by the AI Risk and Oversight Committee. Higher-risk or strategically significant initiatives are escalated to the Data and AI Council and, where required, to senior executives for final approval.

“The AI Risk and Oversight Committee includes professionals from many different domains," says Green. “No single person can be an authority on every aspect of AI, so drawing on diverse perspectives is essential. That breadth of expertise consistently leads to higher-quality outcomes, because the right questions are being asked at the right time in the development lifecycle.”

As with any other technology, CommBank’s AI systems are guided by the Group AI Policy and Code of Conduct.

“These policies support our approach to safeguarding personal information, meeting our regulatory obligations, protecting against cyber risk and keeping our customers and systems safe, stable and resilient,” Boteju said. 

In addition, third parties who assist CommBank with AI development and management are subject to engagement and onboarding processes that help identify and manage any risks they may introduce.

The bank is also cognisant of the environmental impacts of using AI and is monitoring and managing the risks that arise from this. CommBank purchases renewable energy to 100% match the electricity use of its Australian operations. It is actively working with third-party AI providers to understand their strategies to source renewable or low-emissions electricity and, where available, their water-related commitments.

Daffy stresses that responsible use of AI and sound AI governance should not be seen as hurdles.

"Together, they scale value and build confidence," he says. "I think it’s important for organisations to focus on achieving a balance between risk and innovation, having the right controls and guardrails in place and seeing how to apply those within their organisation. They must also be able to demonstrate that they’re doing what they say they’re doing.

"Some organisations are doing a really good job of communicating how they're using AI and how they’re testing and monitoring their AI systems to ensure they’re operating in line with their AI principles. I think that’s a powerful new level of transparency."

Investing in capability

Governance frameworks and transparency measures create the conditions for value – but none of it works without people who are confident and capable in applying them.

“You need to bring in the right mix of experienced talent, while also continuously investing in keeping those skills current,” says Green. 

In response, Telstra established the Data and AI Academy, an internal learning program designed to uplift capability across the entire workforce in data, analytics, and artificial intelligence. The academy provides structured learning pathways tailored to different roles and has already supported tens of thousands of employees. It also empowers teams to confidently and responsibly apply AI in their day-to-day work, including through no- and low-code tools aligned to their roles, helping embed data and AI capability at scale.

CommBank has also rolled out group-wide online learning alongside AI tools, to help ensure its employees are confident using AI responsibly.

“More than 30,000 of our people have engaged with our learning series,” says Boteju. “In addition, more than 300 of our senior leaders have been trained through a specially developed AI for leadership program. 

“AI permeates every level of the bank, so everyone needs to be informed and confident, whether they are using the AI tools to support customers or weighing in on risks and governance.”

“It’s also vital that employees can trust the tools they’re using,” says Green. “Beyond ethical considerations, they want to feel confident that they’re doing the right thing, producing good results and creating value.” 

Like Telstra and CommBank, KPMG is focusing on building capability.  

“We’ve launched a firm-wide AI training academy and incorporated AI training into our mandatory learning,” says Daffy. “Training not only helps those who are using AI in an organisation, but also those who are responsible for building it and governing AI – even boards for the role they play in oversight.

“We have also been leveraging our own learnings to help our clients get to a similar place quickly by putting their own AI governance models in place.”

“We have also been leveraging our own learnings to help our clients get to a similar place quickly by putting their own AI governance models in place.” – Brad Daffy, Partner, AI & Automation, KPMG Australia

A common goal

With the right governance, transparency and capability in place, organisations can move from managing risk to realising the full value of AI – completing the journey Daffy outlined at the start.

Boteju says that transparency was a driver to create and share the bank’s own approach to adopting AI. Apart from giving customers an insight into the organisation’s AI governance and management framework, the report is also helpful to other Australian businesses wanting to implement AI responsibly.

"When businesses commit to responsible AI, the benefits extend well beyond their own operations," he says. "We share customers and communities, so the more organisations that lead with transparency and accountability, the stronger the foundation of trust becomes for everyone."

"We share customers and communities, so the more organisations that lead with transparency and accountability, the stronger the foundation of trust becomes for everyone." – Ranil Boteju, Chief AI Officer, CommBank

A shortened version of this article was originally published in the Australian Financial Review.