Family Office
Boston Private Shows Family Offices How To Manage Cyber-Risks More Effectively
A White Paper from the US-based firm charts the risks and challenges for family offices in handling cybersecurity, problems with social media, rogue employees and other features of the modern age.
Boston Private, the US wealth management, trust and banking services firm, says it is taking the mystery out of risk management in a white paper aimed at family offices that face a number of challenges such as cybercriminals.
At a time when digital and physical risks to wealthy people and their advisors are all too real, the firm wants to guide action with a paper called Demystifying Risk Management For Family Offices.
“Family offices are a generally underserved segment of the financial services industry, especially so when it comes to risk management,” Edward V Marshall, managing director at Boston Private and author of the white paper, said. “There is a lack of available literature, data and discussion around the operating threats that family offices face. This white paper intends to start the conversation.” Marshall is a leader within the firm’s family office practice.
The paper examines threats including cybersecurity breaches; identify theft schemes against prominent people, fraud carried out by unvetted “insiders” of a firm, and exploitation of social media accounts. It recommends ways of improving risk management, starting by addressing some of the biases that family offices can be prone to. Boston Private is also creating risk management benchmarks for family offices, and will roll out guidance later this year, it said in a statement.
Concerns about big attacks on financial and other institutions have grown in recent years, prompted by major incidents at firms such as JP Morgan, Equifax, Capital One, Yahoo!, the UK's National Health Service, Germany's state-run railroad network, the US Internal Revenue Service, and others. With family offices collectively overseeing billions of dollars in assets, they're a natural target. (See some stories here and here.)
Awareness is growing around certain issues, but there is a lot of work to be done, Marshall said.
Family offices can underestimate what can go wrong, he said, giving examples such as human resources vulnerabilities, fraud, identity theft, lawsuits, regulatory matters, rogue staff, etc.
“People don’t know where to go [for advice and help] and where to start,” Marshall said.
Another concern is that family offices, precisely because they tend to be discreet institutions that avoid the public eye, may mistakenly think they are below criminals’ radars. He warned: “the vast majority of cybersecurity issues are faced by small- and medium-sized enterprises”.
“The family office industry is developing and maturing…..for better and for worse. There is more awareness now about who they are, what they are, how they operate,” he continued.
People can increasingly check through certain tax records and other public sources of data to find out who owns what and where. Publicly available data is often the first avenue that criminals will exploit when they plan to exploit a family office. Family offices should first focus on training and educating staff members and family members, conducting comprehensive regular risk audits, before looking to sophisticated technological solutions, he said.
“In general, financial services firms and others marketing to family offices have heeded the call and had discussions about comprehensive risk management solutions. People understand there’s an issue and a lot of reporting comes out of that space,” said Marshall.
A problem is how risk management vendors and other service providers can connect with family officers. “Vendors struggle with how to connect with and serve family offices effectively, and many family offices aren’t equipped or prepared deal with all these issues. Family offices tend to have a reactionary mind-set….they are often focused on the immediate issues for a principal. Family office executives also struggle with underestimating threats because they mistakenly believe they are under the radar,” Marshall said.
One further problem is that the people in family offices don’t tend to be security professionals. “It is actually very rare for a family office to in-source a security professional. It’s a very expensive proposition, especially when you consider all of the other items a family office is responsible for,” Marshall added.
The white paper sets a path forward for family office executives to evaluate risk at their own organizations, and outlines Boston Private’s intent to create risk management benchmarking for family offices based on proprietary data analysis. The research report and benchmarking guidance will be released later in 2020.