Internal Threats Pose Underappreciated Risks to Family Offices

Material dangers are not getting the attention they should, according to the latest report by the law firm Dentons.

FO Internal Security

Bigstock photo

Not enough family offices are focused on internal risks that could upend their operations, according to a report by the law firm Dentons.

While family offices are zeroed in on mitigating investment risks and improving cybersecurity, risks stemming from their own team members could prove equally problematic.

Fifty-four percent of family offices surveyed by Dentons said that key-person turnover risk was their top internal threat, followed by cyber and data security (45 percent), attracting and retaining talent (38 percent), and privacy and breach of confidentiality (32 percent). Yet only 49 percent claimed to have robust employee retention programs to minimize turnover, and 44 percent have hired additional staff or improved information sharing and training to mitigate the key-person risk.

“Family offices face a toxic cocktail of known, existing threats and new, evolving dangers that they need to monitor and manage. The risk landscape is being fundamentally reshaped, and this necessitates new strategies adapted to new realities,” according the Dentons report.

For only the second time since 2020, Dentons surveyed 202 individuals working at or for family offices from 33 countries (49 percent were based in the United States). The majority worked for single-family offices. Respondents were responsible for a mix of wealth levels; 18 percent of family offices had less than $100 million in assets, 15 percent over $5 billion, and the others were spread across wealth segments between those.

Overall, family offices were more aware of things like investment, cybersecurity, and employee or insider risks in 2024 compared to 2020. Just 30 percent of respondents said they were underestimating risks this year compared to 42 percent in 2020. However, the percentage of family offices that reported having a “reactionary rather than preventative approach” increased from about 25 percent to 33 percent.

Beneficial owners are partly to blame. Risks aren’t a priority for some families; nearly one-third of survey respondents said a lack of family concern or awareness of risks was a key challenge. “This reflects wider deficiencies in the risk management culture that need to be addressed,” the Dentons report said.

Investment, legal and regulatory, and financial risks are what family offices surveyed by Denton are prioritizing. At least 60 percent of them said they were “very focused” on investment risks, 40 percent on legal and regulatory, and 30 percent on financial risk. About 40 percent also said they were doing a good job managing those threats.

Still, other dangers getting less attention could be nonetheless consequential. Cyber risks, operational risks, and reputational risks are “underdeveloped and underreported,” Denton says. “Inefficient processes, lack of adequate controls, and reliance on manual systems increase the potential for operational failures, errors, and fraud.” As an example, Denton pointed out that 19 percent of single-family offices have no risk management processes in place for reputation risks.

Geopolitical, developing technology, and environmental risks ranked even lower in terms of protocols, monitoring frequency and targeted improvement. Half of single-family offices said there are no risk management processes for climate change/natural disasters, geopolitical risks including wars and terrorism, and emerging technology risks such as artificial intelligence.

The older the family offices, the less prepared they are for geopolitical, technological, and environmental risks. Out of the offices established more than 10 years ago, 64 percent lack the processes to mitigate those risks compared to 38 percent of offices established in the past decade.

“With the multitude of risks facing family offices today, I believe family offices need to take a comprehensive holistic view toward risk management. This would include proactive monitoring, strategic planning, robust governance structures, cybersecurity measures, compliance protocols, and contingency planning for various scenarios. In doing this, family offices need to consider risks that arise from both internal and external threats. To properly address these risks all stakeholders should be involved in this process,” Rick Ross, a partner at Dentons, explained in the report.

The trends are also having an impact on firms like Denton. The law firm’s study found that 54 percent of family offices rely heavily on external legal support to prevent and manage detrimental things from happening. The majority (77 percent) of offices established during the past two years are particularly reliant on them. Single-family offices also lean on outside support more than multifamily offices (56 percent versus 45 percent), likely because they have more scale and share resources.