Introduction to risk management
The risk and threat landscape for family offices continues to evolve and present new challenges. COVID-19 created new risk issues for families to consider and manage; however, a pandemic is only one dimension of the increasingly complex threats that family offices face.
While some family offices were prepared to deal with this health crisis, no family was completely immune from the shock to the global economic system and the operational problems that soon followed. Many family offices were forced to go all or partially virtual in short order.
The evolving landscape of family office risk and threat management system breaches has made the task much harder. Moreover, the understandable desire by family office professionals to be accommodating of requests by principals and family members, coupled with the broad access they have to sensitive information, exposes this group to unique problems.
Today, we’ll examine the developing areas of risk faced by family offices. A detailed discussion regarding solutions to these issues can be found in my book, The Family Office, A Comprehensive Guide for Advisers, Practitioners, and Students.
Due to the growing levels of publicity and the inability of families to truly be off the grid, high-net-worth families are increasingly challenged by physical and cybersecurity issues.1
In the family office context, effective risk assessment begins with the identification of key business processes and patterns of life (figure 7.2), as well as how these factors change, then seek to determine the consequences that may result from those risks. Threats from physical and cyber sources typically include the items listed in table 7.1.
Figure 7.2 Types of risk. Source: Chad Sweet, “Family Office Risk Management Practices,” The Chertoff Group, 2019.
Source: Chad Sweet, “Family Office Risk Management Practices,” The Chertoff Group, 2019.
Family offices are particularly attractive cyber targets because of the significant financial assets they manage and their interconnectivity with the underlying family-owned business as well as the personal activities of the family.
A successful intrusion into family office or business information technology (IT) systems may put sensitive information at risk, damage family reputations, disrupt family business operations, undermine wealth preservation and allow surveillance of a family member for follow-on threat objectives. Cyber threats include the compromise of sensitive data, stolen credentials, disclosure of personal and/or location-specific information, denial of service attacks with the potential to inhibit operations or allow ransomware attacks.
High-net-worth families are also facing increasingly complex security risks amid the rise of social media. Information derived from social media is often sufficient to permit a malicious actor to steal identities, and perpetrators may use accidentally leaked or voluntarily provided personal information for extortion.
Also, malicious actors often use “patterns of life” information obtained via social media to engage in theft, burglary or other physical attacks.
Cyber threat assessment
Threat assessments leveraging open-source and proprietary information and intelligence sources—included as part of a physical threat assessment—can yield insightful information on threat actors. However, it is common for family offices to underappreciate the intent of threat actors to target the high-net-worth individuals as well as family office employees and household staff. More robust threat discovery efforts as part of an overall cybersecurity strategy can help raise awareness of threat activity and inform decision-making.
Healthcare has become an increasingly important component of family life organization for affluent families.2 Family offices are often charged with managing the healthcare needs of their principals and family members. Within the context of how quickly healthcare is changing, and in turn how quickly the health status of the family members can change, it is no wonder that family offices view the healthcare responsibility with some trepidation.
It is certainly no secret that affluent individuals and their families routinely seek the finest physicians and healthcare facilities. Despite any initial apprehension, an effective family office can be of great value to both the principal and their family.
Insuring against risks
One of the more important responsibilities for a family office is determining, mitigating and insuring the family against the risks that naturally come with substantial wealth. These include protecting the value of various assets, reducing health and safety risks related to travel, limiting exposures to cybercrime and protecting the family’s reputation and privacy.
It is a best practice for a family office staff member to be designated a risk manager who will spend time periodically assessing a family’s areas of risk exposure to determine ways to mitigate or insure against these risks and work with outside consultants to obtain and structure appropriate solutions.
Types of insurable risks
Generally, these risks can be identified based on three broad categories (table 7.2).
Obtaining legal advice
As is the case with any sophisticated business enterprise, a family office will have a variety of legal needs during its operations and will need a wide range of specific legal expertise.3 The legal services required by the family office includes the following:
Structure and organization
Determining how ongoing expenses will be funded over time
Structuring optimal hiring and compensation guidelines for executives and staff members
Addressing governance and succession planning processes
Ensuring compliance with applicable legal and regulatory requirements
Establishing investment management processes to review and manage investment portfolios and documents
Reviewing technology requirements
Managing financial risks and insurance needs
Coordinating with security advisers to identify and address family, home, travel and cyber risks
Tax planning on transactional and estate planning levels
Structuring the family’s philanthropic objectives
As I’d mentioned earlier, this material is an excerpt from The Family Office, A Comprehensive Guide for Advisers, Practitioners, and Students. Now available where books are sold.
Adapted from The Family Office by William I. Woodson and Edward V. Marshall. Copyright (c) 2021 Rybat Advisors, LLC. Used by arrangement with the Publisher. All rights reserved.
Our experienced family office team can provide the resources and expertise needed to effectively address the issues and challenges you face. For more information regarding our capabilities, visit our family office services webpage today.
1 The authors would like to thank Chad Sweet of the Chertoff Group for his contributions to this chapter. Chad Sweet, “Family Office Risk Management Practices,” (unpublished manuscript, October 1, 2020), typescript.
2 The authors would like to thank John Prufeta of Medical Excellence International for his contributions to this chapter. John Prufeta, “Healthcare Advisory and Advocacy,” (unpublished manuscript, August 15, 2020), typescript.
3 The authors would like to thank Michael Gray of Neal, Gerber & Eisenberg, LLP, for his contributions to this chapter. Michael B. Gray, “Legal Services,” (unpublished manuscript, January 30, 2021), typescript.