As family offices continue to evolve and adjust to dynamic market and world conditions, they must take into account four key risks. World events, such as Russia/Ukraine crisis and the effects of the ongoing pandemic will continue to influence family office risk mitigation and they won’t be the last global events that family offices will need to address. The desire to reduce costs and risks, remain hypermobile and virtualize of services, and optimize productivity of the family office will be competing factors with which they will have to contend.
- Cyber issues – for those family offices that have done little to prepare and protect their information technology (IT), sensitive information, and online presence, the Russia/Ukraine crisis could prove a turning point as indirect (and possibly direct) cyber-attacks are a strong possibility were Russia to invade. Historically Russia has executed cyber-attacks relative to their military or para-military actions, specifically as it pertains to the Ukraine. Their use of surrogate criminal or other non-state actors to execute their cyber strategy is common knowledge and has spilled over onto the world stage in the past. Family offices that do not have a cyber protection strategy for their assets and operations may find themselves losing assets, weathering a unwanted disruption in IT and finance operations, and ill prepared to recover.
Solution: Conduct a cyber assessment and technology review of business operations, financial services, and key locations (principal homes and family office HQ). A third party review of the current cyber risk state, and an assessment of what it will take to move them to a desired end state of greater security should be conducted at once. Only then will family offices truly know what they don’t know about their cyber risk.
- Unprotected virtualized services – as family offices seek to reduce costs and overhead, some are considering moving to a more convenient model of outsourced “virtual” services for certain aspects of the family office (e.g. financial, philanthropic, travel, insurance, etc.). While the advantages appear obvious the downside may be significant. No one will protect your assets as well as you would. Outsourced services are not as incentivized for security spend as it increases their costs making them less attractive vendors. If their IT and cyber security is not up to par with industry standards family offices can find themselves operating with unseen vulnerabilities and at far greater risk than they would have had if they had managed it themselves. The cost of recovering from a breach from a third party will greatly eclipse the cost of being proactive and avoiding the problem from the beginning. Own the risk management of all your family office services, and avoid the undesired outcomes with unprotected virtualized services.
Solution: Thoroughly vet all virtualized services, focusing specifically on the security that is built into their apparatus. Ask informed questions about protection of data while at rest, during transactions, and once archived. Who has access and where is it stored? What insurance, guarantees, or other protections are inherent in their software to protect your information? How will they handle a breach or other cyber incident? And, if uncomfortable with the subject matter – bring in a trusted third party to help understand what is protected and what is not.
- Travel – the world remains a challenging place to navigate with economic and geopolitical conflicts, as well as the ongoing pandemic upheaval of travel. Families move around the planet in a hypermobile fashion with perpetual connectivity and private aviation. Family offices need to regularly pay attention to disruptions, and employ capabilities to manage their tactical challenges of moving around the globe safely. Risk increases as families move from one environment to another – this affects both cyber and physical risks. As families move from the New York to Buenos Aires, from Paris to Cape Town, or LA to Beijing – the family’s assets (people, information, and reputation) will find themselves in new threat environments and the principals’ risk relative to the new environments must be properly managed. Many family offices believe the support ends once the private jet is arranged, the vehicles ready to receive on the far end to take them to their other home. The reality is preparations must be made across the risk spectrum on every trip, for every threat… cyber, medical, natural disaster, pandemic disruption, and physical threats from criminals.
Solution: Ensure the risk surrounding your principals’ travels is fully understood and addressed. Each trip is different, every family is unique, and most threats and hazards are not obvious. Find ways to increase conversations around mythbusting of family objections to travel security issues – “No one really knows who I am” or “I’m not really that wealthy” or “I’m flying private so I’m safe” are common myths that families put up to avoid truly managing their risk, and the cost and intrusion that can come with those efforts. Move the conversation to preventive efforts, avoiding problems and include where possible both principals/parents as they will likely have differing perceptions of how to manage risk.
- Lack of situational awareness of threats and risk – family offices need to partner with a company that can provide them a degree of situational awareness as it pertains to all of their assets. Many family offices own or control (in part of in total) a group of companies that helped them build and continue to maintain their wealth. The adversaries are always gathering information, monitoring for opportunities, and pouncing on those that present themselves as an easy, wealthy target. Why wouldn’t family offices expend a similar resource effort to be fully aware of the threats and vulnerabilities that their family enterprise faces? They need to monitor supply chain, cyber, online privacy, and geopolitical issues relative to their assets. The family office should deploy an analytical capability to monitor all of those assets for risks that might disrupt or pose an existential threat to their entire network of companies to their brand or family legacy.
Solution: Increase the protective surveillance and threat monitoring of all the family office assets. For large portfolios that include additional companies, ask yourself if those companies are really able to monitor risk on their own – or is a more effective method to engage a third party company to provide a 30,000 foot level overview of risk for all the assets of the family. This keeps costs down at the company level, and helps the owners’ visibility into the real risks and enable risk management – providing an opportunity for cultural leadership from the top but within the brand, the legacy, and across the broader family enterprise. As a practical matter this will help the family office identify problems before they fully manifest, and tackle them before they can have a negative impact.
Family offices should get ahead of the problem, pay attention to these four key risks, apply the solutions and your family office will be less vulnerable and more productive.