Family Offices: Mitigating Risk And Safeguarding Wealth Part II

INTRODUCTION

"Family offices" — the firms responsible for overseeing the affairs and finances of the world's wealthiest families — managed a collective $5.5 trillion in 2024, with that number expected to rise to $9.5 trillion by 2030.¹

With cash, real estate, securities and other assets often spread across a complex web of trusts, partnerships and operating businesses, high-net-worth families face an increasing array of fraud risks posed by third parties and insiders. From embezzlement by insiders, to external fraud schemes perpetuated by investment and asset managers to cybersecurity threats, it is more important than ever for family offices to establish clear governance frameworks and internal controls to mitigate risk and safeguard wealth.

As detailed throughout this two-part series, common-sense, practical efforts to implement strong governance and fraud risk management can mitigate risks and position family offices to sustain and build their wealth over time.

This series is informed, in part, by our work to investigate, document and testify on a $45 million embezzlement scheme perpetuated by a longtime family office employee.

Read Part I of our series.²

PART I: GOVERNANCE

Clarity is at the heart of effective governance: clarity about roles, responsibilities and decision-making processes. A clear and well-crafted governance framework — if implemented effectively — can mitigate many forms of risk inherent to family offices, including those related to internal disputes, conflicts of interest and third parties.

But a static governance framework often proves insufficient for family offices dealing in multiple sectors, industries and geographies. Today, in an age where technological, regulatory and geopolitical landscapes change rapidly, family offices must periodically reassess their risk landscape and refine their governance framework — including policies, procedures and controls — to stay ahead of changing circumstances and ensure a balanced risk-management strategy.

Although nearly 85 percent of family offices report that they have established or are in the process of establishing clear processes and internal controls, only half have a governing board in place, and just over one third maintain a formal risk-management plan.2 While internal controls represent a critical tool through which families can prevent and detect risks (as discussed further in Part II), strong governance serves as the foundation upon which effective risk management is built.

Below, we define several best practices that family offices should consider with respect to governance, organization and risk management.

1. Family constitution and bylaws formalize the family's shared values and vision and define guidelines for leadership and dispute resolution. A clear constitution provides a framework for strategic decision-making and sets the tone for ethical and transparent conduct. These documents can help avoid a common scenario in which family members hold differing interpretations of governing documents or disagree on the direction of a family enterprise — a situation which, if left unchecked, can lead to disputes that damage relationships and the family's finances.
   
   
2. Defined roles and committees help establish oversight across core operating areas. For any such body (e.g., Treasury Committee, Investment Committee, Philanthropic Committee), the family office should define clear guidelines to ensure transparency and accountability with respect to activities that occur within the body's purview. This structure promotes checks and balances across the organization, helping to ensure that decision-making occurs within defined guardrails.
   
   
3. Periodic risk assessments provide family offices with an updated accounting of the risks inherent to their operations while also evaluating the effectiveness of policies, procedures and controls at mitigating those risks. Such assessments should periodically evaluate tax obligations, legal requirements and regulatory changes relevant to the industries and jurisdictions in which the family operates. They should also evaluate the organization's controls against fraud and assetmisappropriation risks, as described further in Part II of our series. Engaging an independent third party such as a forensic accountant or law firm to periodically conduct these assessments brings an objective view that helps evaluate the family office against industry best practices.
   
   
4. Agreed conflict-resolution channels define formal mediation and arbitration processes to address disputes that cannot be resolved internally. These processes, which should be memorialized within governance documents, support the timely resolution of internal conflicts that can otherwise inflame relationships and erode wealth through prolonged litigation.
   
   
5. Succession and leadership development, including financial-literacy programs and mentorship, create pathways for educating and empowering the next generation of family office leaders. In a recent JPMorgan study, nearly 70 percent of family offices counted succession planning among their top goals.3 Thoughtful and proactive succession planning ensures that future leaders are wellprepared, which in turn reduces transitional risks associated with leadership changes.
   
   
6. Cybersecurity and data protection represent critical areas that require diligent training and awareness campaigns — particularly for family offices engaging in cross-border business. A 2024 Wharton study identified cybersecurity risk as a top concern among family office respondents,4 and a similar study by JPMorgan found that nearly a quarter of family offices have been exposed to some form of cyber breach.5 Family offices should define policies and procedures, train employees and family members on best practices and implement technological safeguards to protect data. In the short term, family offices should ensure that less technologically savvy family members understand how to recognize and report common scams such as phishing and social engineering, which are designed to infiltrate and extract sensitive information through trickery.

PART II: Fraud Risk Management

Family offices juggle numerous responsibilities while managing substantial wealth. In some cases, as long as key activities such as investments and disbursements appear to continue without interruption, it can be tempting for family members to overlook or procrastinate on digging into what seem like minor gaps in governance, processes or controls.

Beyond the expectation to manage investments, a recent Citi survey found that more than half of family offices expect their head of family office to also play the role of risk manager.³ Tasked with developing and implementing investment strategy, coordinating various tasks and activities and overseeing a sustainable, multi-generational succession plan, fraud risk management can fall to lower priority on the family office head's ever-growing list of to-dos. But beyond the family office head — and even beyond other formal committees defined by governance documents — all family members should understand how to recognize and react to common fraud-related red flags.

Asset-misappropriation schemes, frequently perpetuated by insiders and employees in trusted positions, comprise nearly 90 percent of all reported fraud cases and often go undetected for a year, costing organizations an average of $100,000.⁴ Larger embezzlement and asset misappropriation cases, as reported publicly in media and by prosecutors, can last decades and erode tens of millions before detection.

Below, we define several best practices that family offices of any size — whether professionally managed or not — should consider to prevent and detect common fraud risks. We also describe the associated red flags and warning signs that your organization should recognize.

1. Maintain familiarity and visibility into core family accounts, including assets and investments — particularly when key finance and accounting operations are outsourced to third parties. Even though most family offices outsource core functions to external providers, a Dentons survey found that just over half feel their internal teams know the right questions to ask external advisors about risk management and mitigation.⁵
   
   All family members, regardless of whether they serve in a formal governance or leadership position, should be generally aware of the family office's financial position, including key asset classes and investments. Maintaining a general awareness of strategy, financial position and recurring transactions will help family members spot transactions that don't make sense or that warrant questions.
2. Family members should regularly reconcile key financial documents to source data, where available. As described in Part I of our series, family offices should define roles and committees that have responsibility for and access to key documents relevant to their positions. For example, a family's Treasury Committee should have direct access to bank and investment accounts. Upon receipt of periodic reports, such as bank statement balances or investment-performance summaries, the Committee should reconcile those amounts to primary source data to confirm accuracy.
   
   Fraudsters often lie and create excuses about why certain financial reports and documents are unavailable. Family members should consider trouble obtaining financial documents, unreasonable hurdles to primary-data access and evasive or inconsistent answers red flags that warrant further inquiry. Fraudsters also often attempt to consolidate access to and knowledge of primary data sources so that they are the single point-of-contact — another warning sign that likely warrants further scrutiny.
3. Segregation of duties, the concept of preventing one person from having end-to-end access and authority, is a critical preventive control that family offices should embed into key finance processes. For example, no one single individual should be responsible for drafting checks, signing checks, maintaining check registers, preparing trial balances and preparing financial statements. To do so would enable such an individual to theoretically commit fraud and avoid detection based purely on the fact that no one else has full visibility into what they're doing.
   
   Similarly, avoid designating a single individual as the sole point-of-contact with external parties such as banks, investment managers and accountants. When a single individual hoards access to key third parties, they can intercept and doctor key documents and communications.
   
   Establish dual-signature or dual-approval requirements for expenditures above a certain value threshold. The threshold above which such a control makes sense is an organization-specific decision that may vary based on the size of the family office, the nature of the expenditure and the family's risk tolerance. In any event, families should memorialize such thresholds within governing documents to ensure awareness by all stakeholders.
4. Periodically conduct an independent review of financial data.In addition to receiving regular reports and reconciling them to source data, family offices should periodically engage an independent party to review key financial data. Recognizing that not all organizations may need a full-fledged financial statement audit, family offices should embed some form of periodic financial review into their standard processes.
   
   Separately, to the extent that families identify red flags or warning signs that they are unable to remediate through periodic document review and reconciliation, they should consider requesting a confidential consultation with a forensic accounting firm or law firm to discuss their concerns and understand whether a targeted assessment of financial records and controls is necessary.
5. Require that key finance personnel take mandatory vacation. Fraudsters often work long hours and avoid taking vacation. They tend to be always available and, in doing so, attempt to hoard access to key information and prevent oversight of or interference with their scheme. By requiring mandatory vacation of key finance and administrative personnel, family office personnel have an opportunity to review key records in the absence of employees involved in underlying processes. This is a good time to review key records or conduct an independent review of financial data.
6. Perform due diligence on key third parties before engaging them. The family office should carefully screen third parties they intend to hire or engage to perform work on their behalf, particularly when such parties will perform key accounting or finance functions. The family office should assess the potential employee's character and trustworthiness, including whether they have any past fraud- or integrity-related convictions. For longtime employees or personnel who have access to higher-risk or more sensitive data and processes, consider some form of periodic diligence. A Denton's survey found that, although four of five family offices perform initial screening of staff, only 37 percent periodically reassess their risks.⁶
7. The family office should execute employment agreements with all employees that clearly set forth roles, responsibilities and compensation, including salary, benefits and any fixed or discretionary bonuses. In the event of employee embezzlement, a clear employment contract that defines compensation will help clarify that payments outside of normal payroll or bonuses were unauthorized.

Foootnotes

1. Deloitte Private, The Family Office Insights Series – Global Edition: Defining the Family Office Landscape, 2024, 5.

2. "Family Offices: Mitigating Risk and Safeguarding Wealth – Governance," Alvarez & Marsal, June 3, 2025, Family Offices: Governance to Abate Risk & Safeguard Wealth | Alvarez & Marsal | Management Consulting | Professional Services

3. Citi Private Bank, Global Family Office 2024 Survey Insights Report, 81, https://www.privatebank.citibank.com/insights/the-family-office-survey

4. Association of Certified Fraud Examiners, Report to the Nations: Occupational Fraud, 2024, https://legacy.acfe.com/report-to-the-nations/2024/

5. Dentons, The Evolving Risk Landscape for Family Offices, A Dentons Survey Report, 7, https://www.dentons.com/200ben/services-and-solutions/the-evolving-risk-landscape-for-family-offices-a-dentons-survey-report

6. Dentons, The Evolving Risk Landscape for Family Offices, A Dentons Survey Report, 6, https://www.dentons.com/en/services-and-solutions/the-evolving-risk-landscape-for-family-offices-a-dentons-survey-report

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.