Manage your risk

In times when seemingly impossible things are happening all too often, a family must place a high priority on ensuring the resilience and management of both their financial and non-financial risk – and have an appropriate resource allocation to mitigate such risk.

As a non-financial risk management advisory firm, AGP employs current and former chief advisors to some of the world’s most prominent family offices. As Shanley explains, “We work with our clients both in Australia and internationally to define what they wish to protect, and then we develop strategies around the preservation of their non-financial assets.”

Holistic family office risk plans provide – by design – multilayered, non-intrusive paths to provide security and safety to family members and office staff, as well as intergenerational resilience.

Over time, risk levels move up and down, so understanding where a family is at any given point is critical to the maintenance of a robust risk management plan. For this reason, the plan needs to be dynamic and not just a document that sits in a drawer: “The global and local environment must be continuously monitored for early warning signs,’ says Shanley.

“The desired outcome is maintaining a high level of risk coverage and contingency opportunities while ensuring the least amount of intrusion into the family’s lifestyle and routine.”

Round-the-clock services

One of the main ways AGP ensures such close monitoring is under one of their retainer arrangements, whereby they are on standby 24/7 to help families identify and manage non-financial risk. The duration and range of services encompassed by the retainer will vary according to the family’s needs and complexity. Still, the core services include one-on-one, direct communication with a senior AGP executive who communicates directly with the family, as well as the chief executive of the family office, as and when needed.

A Risk Review Session, where a senior AGP executive guides the family through a review of the family’s non-financial risks, revolves around the following five pillars.

• • Cybersecurity, digital and technology covers cybersecurity, networking and cloud best practices, and the general internet of things across all platforms in residences, offices, yachts, aviation and hotels. It also includes social media (both family and staff), network penetration testing, dark web and open-source monitoring, network security assessments, cyber incident response, mobile, network and cloud design and installation.
  • Personal and physical security refers to the structure, design and equipment used to secure people and places. It includes designing and installing security systems (cameras, alarms and access control) for houses, offices, yachts, aircraft and other assets, as well as technical surveillance countermeasures such as safe room design and installation, specialised vehicles, evacuation plans, physical security assessments and private investigators.
  • Travel covers secure car and driver services, executive protection services, pre-travel security and threat assessments, medical support and evacuation plans, special events, and location briefings, as well as training in situational awareness, safe travel practices and surviving kidnappings.
  • Medical includes training for the family and staff. Medical assessments, planning, reports and recommendations on travel destinations and family holidays are also included.
  • General covers risks posed by insiders trusted by the family. Media-related risk, kidnap risk and response, corporate espionage risk, consequential investment-related risk, including to family reputation, are also covered. This category involves issues that are more personal, for example, reputation management, family emergencies, response to public relations incidents, training (self-defence, resilience, canine security), as well as locating and vetting specialists in various professions.

The next step is to develop a non-financial risk management plan that addresses the items prioritised in the initial risk review session. A senior AGP executive is on standby 24/7 to advise the family on specific issues.

Collective understanding

AGP’s Advisory Board meets monthly to discuss emerging non-financial risks to families as well as best-practice solutions, and a senior AGP executive regularly updates the family on developments. If a family needs to engage a specialist technical expert vendor, AGP can recommend one or more AGP-approved vendors.

Shanley explains, “We work with the family to understand the areas where they are exposed to significant risk. We often find that the family principal assumes data security is covered by their office technology staff or outsourced IT provider – in almost all cases, it isn’t. We often get called in to fix issues after the fact, which is possible, but certainly not advisable.”

One of the other essential points Shanley makes is that this is a family-wide issue.

Therefore, a collective understanding of the risks involved is needed, which requires direction and authority from the principal of the family to implement structure.

“Working through the implications of a family’s current exposure, I often see light-bulb moments occurring as clients realise these topics are highly relevant to them. Once they are made fully aware of the risk to the family as a whole, the principal acts,” says Shanley.

Cyber shift

As attackers find it increasingly challenging to get into large corporations, intelligence experts and research groups are seeing cybercriminals make a definite shift toward targeting ultra-high net worth families and individuals, as well as their estates and businesses.

Research conducted by UK-based Campden Wealth, which provides intelligence for family businesses and offices internationally, found that 28 percent of the UHNW families reported having been the victim of one or more cyber attacks.

According to Rebecca Gooch – Campden Wealth’s director of research – phishing was the most common type of attack, followed by ransomware, malware infections, and social engineering. She outlines that UHNW individuals are targeted in a variety of ways, including via their operating businesses, family offices, and through the family members themselves.

More than half the attacks were viewed as malicious, and nearly one-third came from an inside threat, such as an employee intentionally leaking confidential information. Around one in ten was deemed accidental.

Gooch says, “The impact of these attacks is notable –more than a quarter of family offices and family businesses surveyed lost revenue; one-fifth had their private or confidential information lost or exposed; and 15 percent suffered either blackmail or a ransom situation, or had a loss or delay in their company’s activity.”

Safe and sure

It is worth noting too that while the focus is often on the financial loss involved in an event, it’s usually what comes after the event that is more disruptive to the family unit. Ongoing court cases, media exposure, reputation damage, a rise in the family’s public profile and occasionally conflict within the family leadership team all take their toll.

Just a brief internet search reveals several recent high-profile cases where UHNW individuals’ exposure was heavily exploited, including the theft of £50m worth of jewellery at Tamara Ecclestone’s Kensington residence in London. Documents showing drawings of each room were available to view on a council website after the couple submitted a planning application to renovate the £70m home, which enabled the thieves to access the floor plans before the burglary.

This is just one example, but in such uniquely challenging and uncertain times, it clearly makes sense to minimise risk – and stress – and be in full control of your finances and assets, as well as your family’s safety and security. As 2020 keeps reminding us, in almost all risk categories, it is not a case of if, but when. Therefore, it makes sense to talk to a specialist before you ever need to.

accordantglobal.com