Family offices and advisors must help high-net-worth clients by assessing and addressing vulnerabilities
A new white paper from Citi Private Bank shares valuable insights on how wealthy families and their family offices can be protected from increasingly prevalent threats to their privacy.
“Many times, our clients’ daily activities can make them vulnerable to privacy breaches,” said Edward Marshall, director of the Global Family Office Group at Citi Private Bank. “We aim to provide family offices with simple but meaningful precautionary measures to address these risks and avoid reputational impacts.”
While news of high-profile hacks and breaches has put digital privacy in the spotlight, the report identifies five primary dimensions of privacy for family offices:
- Physical - includes security of properties and facilities
- Financial - includes information on assets, liabilities, and investments;
- Commercial - includes operating company interests
- Digital – includes online assets and digital activity
- Social – includes information on family, friends, and associates
“These dimensions are increasingly becoming more intertwined as our lives become more digitalized,” the report said. Noting the role family offices can play in privacy protection, it recommended a three-step framework to help embed that into their organizational design.
First, there has to be an understanding of the family’s current privacy levels through a privacy audit. Potential breaches have to be anticipated by mapping each person, asset, and activity that is connected to the family. Information on these risks should be aggregated not just from what’s online, but also consider public records and databases that can be cross-referenced.
“Within reason, this audit should also be extended to cover a principal’s children as they are more likely to post pictures and information on social media channels,” the report said.
Next, each potential risk uncovered by the audit should be assessed. The likelihood of a resulting breach — which can ebb and flow based on different events and circumstances — must be evaluated based on three principal considerations:
- Proximity – how close a family and its family office is to the potential risk
- Track record – the potential risk to or from a particular family member or family office employee given their history (e.g., criminal record, past ethical breaches)
- Prevailing wind – the sensitivity of the threat topic and general societal attitude and wider context (e.g., potential claims of discrimination based on leaked emails)
Finally, the family office must take steps to act on the results. Mitigating any identified risks can be done through pre-emptive briefings with family office staff and non-disclosure agreements. Younger members of a family may also need to be informed in an age-appropriate manner so that they can understand and appreciate any required changes in their behaviour.
The report also encouraged the use of small steps such as strengthening privacy settings, employing password managers, unsubscribing from mailing lists, and removing electronic devices from ssnsitive meetings.
Follow WP on Facebook, LinkedIn and Twitter
Related stories:
Pot exchange accused of "disturbing" breach of privacy
Why cyber security is a solid investment theme