The Defuse Podcast – Family Office Risk Management with Edward V Marshall

Show Notes

The Defuse Podcast – Family Office Risk Management with Edward V Marshall

From December 2023 to January 2024, Dentons, led by Edward Marshall, surveyed over 200 family office respondents from 33 countries worldwide, comparing the findings to the earlier research published in 2020. This survey went further than before by examining various types of family offices based on region, net worth, organisation, and maturity.

Participants included family members, C-suite executives, investment professionals, and other family office staff, providing a comprehensive overview of how family offices manage risk in their operations and investments.
This podcast discussed the findings of that survey with Edward. We delve deeper into the reasons behind the findings, how the identified gaps and vulnerabilities can be mitigated, and the challenges that Family Offices experience when seeking security providers.

Download the Dentons report here:
https://www.dentons.com/en/services-and-solutions/the-evolving-risk-landscape-for-family-offices-a-dentons-survey-report

Edward’s Bio:
Edward V. Marshall is the Global Head of the Dentons Family Office and High Net
Worth (DFO) sector. Edward is a family office insider and a renowned family office
researcher, advisor, and author. He is regarded as a thought leader in the family office space, distinguished by his service to complex families worldwide.  He is also a risk and threat management specialist, working with families to reduce their cyber, physical, financial, operational, and reputational risk profiles.

DFO is a global cross-practice group that services the firm’s clients, who are family
businesses, investors, family offices, or high-net-worth individuals. The team works closely with families considering a family office, families with an existing family office, and advisors to families. The group curates a program of insights, advice, and connections to advise the firm’s clients and relationships across the globe.
Before joining Dentons, Edward held leading family office roles at Credit Suisse, Citibank, and Boston Private (now Silicon Valley Bank). He joined Credit Suisse from Booz Allen Hamilton, where he was an engagement manager in their Organization and Strategy practice.

Edward is a core member and senior advisor to the UHNW Institute. This think tank
organisation supports family offices and UHNW individuals by promoting best practices, professional development, and positive change in the family office and family wealth field. Edward is a board member at the Defense Intelligence Memorial Foundation (DIMF), a non-profit focused on providing full scholarships to the families of Defense Intelligence officers killed in the line of duty. He is also an advisory board member for Americas Warrior Partnership (AWP), a non-profit based in Detroit that focuses on reducing veteran suicide.

Before AWP, Edward was a board member and treasurer at Nonprofit Enterprise at Work (NEW), a capacity-building non-profit in Detroit focused on improving the impact and performance of fellow nonprofit organisations.
Edward earned his MBA from New York University’s Leonard N. Stern School of Business and a BS in human biology from Michigan State University. He is also a guest lecturer on family office and wealth management at New York University’s Stern School of Business.

https://www.linkedin.com/in/edward-v-marshall/

Chapters

• 0:01: Risk Management in Family Offices
• 9:56: Comprehensive Approach to Family Office Risk
• 15:55: Navigating Risk and Security Challenges
• 23:09: Insider Threat and Staff Turnover
• 30:28: Monitoring Employee Behavior in Family Offices
• 45:18: Geopolitical Risk in Family Offices
• 53:55: Valuable Risk Report for Families

Transcript

Speaker 1: 0:01

Welcome to the Diffuse podcast with host Philip Grindel, ceo and founder of Diffuse a global threat and intelligence'm delighted to welcome my guest, edward Marshall.

Speaker 2: 0:11

Eddie who has for a long time been a real champion but a real expert also in the risk management area of family offices. I'll just read out briefly some of his bio. I won't read it all out because it's extensive and everything in it is relevant, so I will post it. But Eddie is a family office insider and a renowned family office researcher, advisor and author. He is regarded as a thought leader in this space, distinguished by his service to complex families around the world. He's also a risk and threat management specialist, working with families to reduce their cyber, physical, financial, operational and reputational risk profiles.

Speaker 2: 1:16

He's the global head of the Denton's family office and high net work sector. He also does a huge amount of work within the veteran community in the US, doing some really really positive work there around helping veterans to gravitate towards various industries and then obviously looking and reducing suicide rates and all sorts of things. So some hugely impactful work there in the veteran community, which is huge credit to you. But, of course, also some massive issues around the risk management. And we got involved, eddie, because I read your report a few years ago around the risk landscape to the family office world and we had a conversation and you said hold your horses because a new one is coming out and we've now got the up-to-date one, which so the first one was 2020. This is the most recent one, so you know what prompted the update.

Speaker 3: 2:13

Well, Philip, thanks again for having me on and you know you're absolutely right in terms of the evolving nature of how families are looking at risk, and I think it was a very different time four years ago, as you can imagine.

Speaker 3: 2:29

It was the beginning of the pandemic and what we were all thinking at that time and how things have changed and evolved on many different fronts.

Speaker 3: 2:41

You know it's a very simple example of that being the prevalence of remote work and all the different things that come from that. Notice in this report there are perennial issues, certainly things around insider threats and awareness of insider threat potential and ways to combat it, as well as the ability for families to think about other risks outside of what gets the most amount of headlines. I think we talk about cybersecurity quite often in this space, but there's all these different domains and you talk about this as well with the work that you do with family offices. You have to think more broadly about this and be more attuned to the fact that all of these different risk factors are interconnected, and even more so with the advent of all the wonderful technology that makes our lives easier but also, you know, gives us more potential for downside and and bad things to happen so just just to kind of set the context then, how wide a survey is this?

Speaker 3: 4:04

We surveyed over 200 family offices.

Speaker 3: 4:07

Geographically the dispersion was pretty wide.

Speaker 3: 4:15

I mean, we had very good representation in North America and Europe and Asia.

Speaker 3: 4:22

And the other elements of it is we look at demographics more deeply than just geography and broke things down by level of net worth, the maturity of the family office, how long they've been in existence and other areas from that. And we find that that's a very important thing, because comparing a family that has $250 million in net worth in Chicago can be very different than comparing a family and all the attributes that's worth a billion dollars sitting in London, commonalities, and certainly there's going to be some things that you can you conclusions that you can draw if you put all of the information together. But I think what was interesting from this one and the previous survey that we did on direct investing it was, you know, we broke things down by demographics and I think that's that's helpful to the reader and, ultimately, the people that are helping these families, working with with these families, but the families themselves, to give them something actionable because they can have a better understanding of okay, well, this kind of fits into the bucket that I see myself in, or I am myself personally.

Speaker 2: 5:36

And has there been a change in that four-year period then on the level of wealth within family offices?

Speaker 3: 5:44

within family offices. Well, I don't have those statistics in my head right now, but I can tell you that there's some good groups that do produce those statistics, wealthx being one of them. In the past you've seen KGAR growth of wealth around the world growing in many places, in particular, high growth in Asia, some stagnation of wealth within the family office base in Latin America. But when you look at the overall numbers, if you're looking at the totality of net worth, if you're looking at the totality of net worth, you're talking about $15 to $17 trillion of net worth that's controlled by these family offices around the world, and I think what often goes perhaps missed or isn't really talked about too much is the level of philanthropic work and good work that many of these families actually do and contribute to.

Speaker 2: 6:47

It's not just about hugely wealthy people having great lifestyles. They do an amazing amount of good work, and I'm conscious that's not necessarily part of the report, but your knowledge of this sector, would that be accurate to say?

Speaker 3: 7:00

Yes, certainly, philanthropic giving is a large portion of what a lot of these families do, whether it's part of their family office or something that they do individually.

Speaker 3: 7:13

But there's also the entrepreneurship and investments that they'll make in growing companies and just their general activities.

Speaker 3: 7:24

But you know what? It's hard to define a family office and you could put a room of 10 people and ask them what a family office is and you'll probably get 11 to 15 different opinions of what actually defines a family office. But their activities can be different. It could be a family that's just doing investments or is heavily involved in investments. It could be different kinds of investing that they do, whether they're taking direct private equity positions in companies or they're doing sort of a public market securities portfolio and trading, or that could be a passive activity and the bulk of what the family office is concerned with is supporting the family operations and there's an operating company that's attached to them. I think we have to remember that one of the reasons that people put these structures and strategies I tend to think of it as more of a methodology and a strategy than a thing but they put it together for convenience, and part of that convenience also lies in some of the issues that we see around risk and risk management for families.

Speaker 2: 8:44

So let's get into that then, because there's kind of if we go through the sort of key findings as an initial starting point and perhaps we'll see where we go in terms of how the conversation, how the conversation goes from there and whether we, you know, we kind of get deeper into certain areas. But the one thing that really jumps out at me and it's something that I definitely see, but it was interesting to see it written down was this reactionary mindset that highlights complacent risk management cultures.

Speaker 3: 9:18

Yeah, it is a. It's certainly if you've worked in a family office or you work with family offices, I think one of the issues that you'll see is that the very nature of them. You often feel like you're a firefighter. You're jumping from one issue to another and it's not surprising that security might not be one of those issues that gets the most amount of attention, and I think it's also partially to the fact of the nature of family offices themselves. I think if you just look at wealth, you look at the Willie Sutton effect, you know why do you rob banks? Because that's where the money is.

Speaker 3: 9:56

I think that's very myopic in terms of a family office. There's other issues there that are part of it. One is just a lack of understanding of what the actual risks that are out there, because certain risks get more attention, more focus. There's a graph in the report that I thought was particularly interesting is, as the data came out on um, how much focus versus how developed you are on that focus. It's page 10 and the uh page 10 in the graph and it it really um. It really shows that there's a huge amount of focus on investment risks and it's a very well developed risk management program. But there are other factors, such as health and wellness, insider threat, talent management, geopolitical risks that are just not getting the same amount of attention and I think that that's a factor that you have to take in consideration if you're working with families on these issues or you're the family themselves.

Speaker 3: 11:03

A lot of times a family office will. They've got a smaller staff and they've that staff has an incredible amount of access to information and things that they're doing. That's very sensitive for the family, but that's it's not a large, it's disproportionate, just sort of the access that you have at a large operating company at a similar level of access. That plays into some things. There's some inadequate resourcing. If you're focusing on how much somebody can spend on security, for example, if a family is working with you or other security professionals, if they're going to bring you in-house, there's a tremendous amount of cost that has to be thought of. And how do you think of that? How do you disperse that cost and the relative value of what's there versus other functions that they have to do Pay bills, pay lawyers, tax compliance, all these other issues that are very front and center.

Speaker 3: 12:06

As part of it and going back to what we talked about before is there's an inherent focus of you're creating this family office structure to give you convenience on convenience and efficiency and getting things done versus effective security. You see sometimes and many times that security gets the shorter end of the stick there and it gets less attention to it because of the focus. It's something that I think is a per's, a perennial issue, and it's a challenging one, and people just have to have an understanding of what's out there. And then the other factor, too, is this notion of benchmarks. How do you find good data of what people should be looking at? And there are many other great surveys out on family offices that provide these types of benchmarking information across human capital and other areas. That's data that families are very interested in because it helps them make those decisions and at least inform a direction that they want to go.

Speaker 2: 13:19

So I guess that's when you look at that chart I mean the focus chart you refer to. It is a very wide span of different subtopics, which go from investment and financial risk right down to climate change, and I don't suppose any one organisation would cover all of those risks. So therefore that adds complexity around. Well, who do I work with to manage my risk portfolio? And some of these certainly you know you would. It's such an interesting chart because not everyone would put those in the category of risk management from a security perspective. You know, the geopolitical ones, yeah, ok, we get that. But climate change, not everyone would see that as a security risk issue, but it clearly is because it's impacting the world and therefore many of their investments and all the various different things. So that's such an important chart there, I think, and I think it highlights those complexities of all the different issues they have to think about and conjure and and then find people to help them deal with.

Speaker 2: 14:33

I know one of the other areas that the report touches on is around the use of technology and maybe the overuse or over reliance on technology, and and again, an interesting one, because I think that's a very common factor and what I see very often is tech companies moving into the security world to provide solutions, not with any security expertise or experience, but they're coming from a tech background and so they're selling you what they want you to have rather than necessarily what that you need. You know, this is another complex area for family offices around managing the level of technology that they can trust. So where do they find the data? How do they know how you know what works, what doesn't work? How do they know where to put their money?

Speaker 3: 15:27

works, what doesn't work? How do they know where to put their their, their money? Yeah, I think this also goes to one of those factors of uh that we talked about before, of how do you know what good looks like in this space as? Well as others, right there's many different areas that a family needs to be thinking about as they're, as they're doing.

Speaker 3: 15:40

They're, uh, fulfilling the operations and supporting the family because, at the end of the day, all of these activities we're trying to improve the quality of life for the family in and of itself. But I think the challenge too is that family offices is an attractive market segment for a lot of vendors and suppliers and consultants and advisors, and bankers and investors, all these different areas, because they do command that amount of wealth. They use it very differently but they, they do have that command of wealth and the issue that you'll see a lot of families complain about is that, because they are an attractive client segment, oftentimes people will delve into scope creep and that they'll say, of course, as you mentioned, nobody could do all of these things. It's impossible. It really isn't. It takes somebody to help the family and to help any kind of organization that's looking at risk management issues, to help the family and to help any kind of organization that's looking at risk management issues, to help navigate them and to find them. But nobody can do all of these things in one spot, nor should they being cognizant of what those risks are. I think are critical. But going back to the factor of the nature of the wealth and the scope creep is that oftentimes if you're speaking to somebody who's worth $500 million and you're doing X for that particular family and they say, can you do Y, it's a very tempting thing to say that, yes, of course we can do Y. And that's where you start to run into a lot of issues for families on all the different things that they're doing around security and risk is are you actually operating in an area that you understand?

Speaker 3: 17:31

And technology is one of those things where I think that, um, the development of technology for family offices can be seen as a. It's a wonderful thing, right. It enables a lot of different operations for the family that it has to do as its core functions. Right, you have to breathe, you have to pay your taxes, you have to pay bills and get bookkeeping and accounting and all these things right. Um, you know sort of maslow's hierarchy of needs, types of types, issues.

Speaker 3: 18:03

But to think that there's going to be a silver bullet to support on technology for any kind of operation with the family office, let alone security for a family office or security for a large organization, I think it sets you up for some distress and potential scope creep that we talked about before. It's not, but that doesn't mean that it's all bad. I don't want to sound like everything is bad in this area. There's some great pieces of technology that families implement and some very smart groups that are doing great work in the space around that, but no matter what the technology is, there's no family office in the box around risk and security for families when it comes to technology. That's a challenge, because who wouldn't want an easy button when you're looking?

Speaker 2: 19:02

at this and it goes towards the point you made around convenience. They want that convenience, so therefore they may be looking for something that isn't actually there. Very true, and I guess there must be security companies or professionals out there that are purporting to be that silver bullet which adds a complexity to the argument, because if you're not in certain industries it's difficult to understand and to be able to identify good from bad. I wouldn't have a clue if I was looking at the financial world, because I'm not from that world. I wouldn't necessarily really know how do I benchmark the best financial companies to work with? So it must be quite difficult for them then to also think about okay, I need security expertise. I know from this report what kind of the areas I need to look at, but how do I know who's good?

Speaker 3: 20:02

And that must be a real challenge for them. I mean, just look at the term cybersecurity, you know you hear somebody say, well, we need better cybersecurity, or we need cybersecurity. What do you actually mean? I mean that word has so many different connotations and important areas around context of what are you doing? Are you on the defensive side, are you looking at devices, or are you looking at information security policies, or are you threat hunting or you threat hunting? I mean, there's so many different areas. It's such a deep space that it can be very challenging to understand.

Speaker 3: 20:42

And if you just say we do cybersecurity or this organization does cybersecurity, well, it goes back to the whole notion of finding some sort of technology issue. That's there. And again, when you, when you get these families, there's a bit of a notion of survivorship bias that comes from these, these types of areas that you know. If it, if it hasn't happened yet and we've had success yet, why should we be even thinking about this particular area? Um, and that that cognitive bias plays, you know, affects all of us. It doesn't matter who we are and that. But I think that is one that you can see play out, um, of when people are thinking about if they have a limited amount of resources, because all of these things are trade-offs. How much should we putting towards risk, what risks as part of it?

Speaker 3: 21:34

And I think that chart that we talked about it's a great one on tradeoffs and how families are thinking about what's important to them. You see tradeoffs on due diligence and getting awareness of who the employees are within a family office. The previous report that we did four years ago, we found that 80% of family offices were very good at doing an initial background check when then somebody came in, but that same 80% of family offices never had any kind of ongoing monitoring or checking or re-evaluation of those individuals, and the numbers are a little bit better in this year's report, but it's not a dramatic shift and I think you'll continue to see those issues around and continue to grow for family offices as they're thinking about things like insider threat, um, and they're looking at all these different trade-offs that they have to be thinking about when they're applying their resources towards risk management and, and I think you know you touched on insider threat there, which is another fascinating subject because again a bit like cyber, what do you mean by insider threat?

Speaker 2: 22:48

you know, you've got the, you've got the cyber insider threat piece, which is all around the technical elements and the kind of malicious actors. And then we move to the employees and what have you? Where we look at the, the negligent insider threat piece, where people are doing things because they don't really care or because they're not really cognizant of what they're doing. I know you touched very much on one of the causes of staff turnover which I found really interesting was this connection to, in some areas, a lack of training and development. You know, I'd have thought, you know family offices world, I'd have thought that's a place where people would enjoy working, because it must be a great atmosphere, great environment, the rewards must be good, must be a great deal of loyalty within those organisations. But what the report seems to suggest is the training and development element is something that people feel they're missing. Is that a correct interpretation?

Speaker 3: 23:48

I think part of it is also how working in a family office goes about. That creates this. It's not like joining a large financial institution or another big manufacturing conglomerate, where there's an orderly path from entry-level employee to potentially management and beyond employee to potentially management and beyond. Family offices tend to be smaller outfits and development of career paths for individuals if they're working as an analyst or an entry level or mid-career professional. To go anywhere higher can be a challenge and that leads to some turnover issues as part of it. Some people just love where they are. It doesn't matter if they're in a family office or they're working in a retail company. If they love where they are, they're going to stay in that position. Family offices have this nature where not only do you have to have the functional capability and the expertise to work in that role, you also have to fit with the family, because it's such a small environment, it's such a small footprint of people that you're working with that that fit is such a big, big issue. So if you get, if both of those things are lined up your functional expertise, your fit, the family's in the right position, the right need to go, do that, then there's certainly a desire for the family to, you know, to minimize turnover, because it is. It takes a long time to get to trust somebody on that particular issue because of the outside access and proximity that you have to the family, and that proximity to the family also changes, uh, the nature of the person in the role and the turnover that you see there. And I think there's a tremendous amount of opportunity for families to both improve morale but also improve, uh, overall risk and security postures if they're doing training and professional education and risk management certainly one of those areas that's required.

Speaker 3: 25:59

And can we do something other than the boring? Watch a video, click through the video, answer the questions at the end of it that are not very challenging to do, approach, which is more of a compliance approach, a check the box approach. And can you make it more interesting? And there's lots of great companies that are doing that kind of work where they're simulating attacks. They can bring in a family and do a tabletop exercise and get them to understand, like, okay, here are five scenarios that we thought of randomly. Let's see how we would prepare and what our action plans are. I don't think many people had a pandemic action plan in 2019, but certainly the number is it's a non-zero number in 2024 of how you're dealing with that and I think that anticipation of what these risks can be in the future and bringing the family office together because of a couple different factors, but one is it's becoming more open as to what these roles are.

Speaker 3: 27:18

There's professional recruiters. In this space. People have a better understanding of the human capital nature, what people should be paid, how they should be paid. The level of wealth is increasing. All of these different factors that are coming about that make it more attractive as a place to work. And families are looking at different types of skill sets. They're bringing in people that you know the traditional person who was your former CFO or your general counsel who came into your family office. There's more diversity around what types of backgrounds people are bringing in. So now that you have a larger pool of people that are very interested in this space, the talent becomes more valuable and switching costs go down for these individuals and professionals in the space.

Speaker 3: 28:10

To move to another family, oftentimes a family will say we want you to have experience of working with families before you work with our family, because there's just something different about working with families. That's often a phrase you'll hear. Well, now people have the ability to go and move and work in a different family office. Well, now people have the ability to go and move and work in a different family office, and that just creates a potential for a problem around that. But I totally agree with you and your comments around insider threat.

Speaker 3: 28:41

To go back to that, it's one that we have to think about not just from a digital perspective, but also how are we looking at from a strategy world? How are we identifying actors, whether they're malicious actors or they're unintentional actors within the, within the, within the family or within the organization or all the organizations affiliated with that particular family office, which can be many and inside of their threat can't feel as if you've developed an intelligence agency to spy on your staff. That's never going to work and people will feel terrible in those types of situations and that will lead to more issues around turnover. And it doesn't have to be a hugely expensive endeavor Policies, training all these different areas, the preventative medicine, just like in the medical world, can be much less expensive than remediation around these issues. How are you looking at your insider threat policies and how are you developing that ongoing monitoring of people and bringing and making it feel as if this is the culture of the family office.

Speaker 3: 30:05

This is a great thing. We should be proud that we were taking these types of risks seriously, and it can be something that you can taking these types of risks seriously and, and um, it can be something that you can use as a recruiting tool, saying this is the culture that we have within this family office. You know, we're we're privacy focused, we're um, we have an understanding of all the threats and risks and issues that are there, but, but that gives us the opportunities to do the good things. That the family is focused on, the philanthropy, the the investing and focusing on taking care of the family and improving the quality of their life lack, albeit increasing, but the lack of ongoing monitoring for want of a better word of employees.

Speaker 2: 30:57

Because, to your point, well, monitoring can be as simple as actually caring about the employees and noticing when their behaviour is changing. So somebody's behaviour is changing, well, are they going through a difficult period with a divorce or a childcare issue, or something which you know could become an insider threat issue if not managed? So, rather than necessarily employing hugely technical solutions, it's about ensuring that you know the management structure and the supervisory structures and the care structures around those are implemented, so that we do identify these changes in behavior and and and recognize what that can mean well, I I agree with you.

Speaker 3: 31:38

I mean pattern recognition of what this should look like I think we should have. It's okay that people don't have a. You know they're not reading long documents on insider threat profiles and what people should be thinking about the typical behaviors of an insider threat. I mean we shouldn't expect people to understand all of those indicia. How do you notice that, while protecting the employee's rights and legal and staying within legal bounds is also another area, too, that families have to be very careful with, because employment law varies so much by different jurisdiction what you can ask, what you can't ask about an employee, about references, and how you do that. And even doing the background checks. They have to be compliant depending on your jurisdiction. It's very different in terms of doing background checks in different states within the United States of what you're allowed to ask, how you're allowed to ask things and looking from that, and I think you have to be very careful, if you're that family office, that you're not just winging it when it comes to these opportunities and these requirements that you have around security and risk, because it's a challenge and just right-sizing budgets and understanding what do you need If you've got a cybersecurity hammer.

Speaker 3: 33:08

The whole world looks like cybersecurity nails. If you're an armed executive protection agent, the whole world looks like cybersecurity nails. If you're an armed executive protection agent, the whole world looks like you need armed executive protection all the time. Well, are you taking an actual risk-based approach to all of these issues? Are you looking at the type of risk and the vulnerability that's there, the probability that that risk will occur and the potential impact for that family? And all of these issues can be dynamic, whether that's legal risk or thinking about geopolitical risk around trade compliance or whatever it might be for a family that's got complex operations around the world, and I think if people are doing some of the things that you quite often write about is being very proactive about that you can make a big difference on a limited and a more efficient basis of the resources that you have to put to this, put to these issues and I think that goes towards having a proper professional risk and threat assessment, which, of course, are two different things.

Speaker 2: 34:15

But then go to highlight where those vulnerabilities are for those families, in what priorities, the likelihood of those issues, because we can all say, yep, you'd be much safer if you had fully armed protection around you and residential security, et cetera, et cetera. But do you actually need that? I mean, you know realistically is cetera, but do you actually need that? I mean you know realistically, is that? And also, do you actually want that? Is that going to? Do you understand the impact that has on your family? So we need to, we need to be, as you say, much more kind of intelligence led around.

Speaker 2: 34:43

Okay, let's look at where we are here. What are the issues here that you're facing and what are you not thinking about? Perhaps Because the here that you're facing and what are you not thinking about? Perhaps because the obvious ones are very often physical and cyber and what have you. But there are lots of others. You touch on reputational very much in this and I think you know that means different things to different people, and in multi-generational family offices where you've got the younger generation who may be far more liberal with what they're sharing and far more liberal in terms of their use of the internet, etc. Compared to the older generation who you know, who were very private and and what have you. That's going to present hugely different risks to different people within that family. Um, so how do you manage that?

Speaker 3: 35:22

I mean that's, that's a real challenge, I would think I think it goes back to what you talked about before in terms of being able to do a comprehensive analysis and understand where things around are and building in that gap analysis and using the results of that gap analysis. Every you know. Whether you're doing it yearly, every two to three years, whatever you know, periodicity is important to the family, is important to the family. But sharing those results and saying, hey, we're not saying you can't have a cell phone and you've got to start using a late 90s Nokia telephone, understand that there's different issues and settings and things that you can do to improve where you are. Just looking at these devices. There's so many small things that you can do that. Just decrease your footprint, just have an awareness. Even if you think that you're posting something online, it's innocuous, it's private, all these different issues, you're leaving a trail of breadcrumbs. Now maybe that's not as important. Comes Now, maybe that's not as important, but maybe it is because you run into another factor A lot of these families think that nobody knows who we are.

Speaker 3: 36:42

We're so off the radar for a variety of reasons. But the reality is there's so much information out there. If you, if you have a um, a simple, you know your philanthropic work or your private foundation work. There's, there's compliance forms in the united states that are public information, that allow people to piece things together and have a better understanding of who you are, what your level of net worth is, and obviously that's going to make you a potential attractive target for scammers and for criminals looking to do that, in some cases, maybe even nation states, but that's probably going to be a lesser threat for a lot of these families, but it's not a non-zero. It's a non lesser threat for a lot of these families, but it's not. It's not a non-zero, it's a. It's a non-zero threat for sure, um, but having an educating people and training them on that you can protect yourself in these areas and you can be smarter about it and still maintain the ability, uh, to have a um, you know, just a safer existence, I think is a great thing.

Speaker 3: 37:56

On the other hand, you know there's a lot of technology and this goes back to our tools discussion. Before that proclaims to say we're going to look at your overall privacy footprint, and it becomes a kind of a crutch like, oh, we've worked with this service and all of a sudden we have a great awareness of what our threat profile is out there on the deep and dark web. Have a family explain to you what the dark web is. That's one instance. Again, it's this awareness in terminology. So that's one instance. Again, it's this awareness of terminology.

Speaker 3: 38:33

But there's a lot of different investigative tools that are out there. Nothing is perfect. Everything depends on the person that's actually sitting behind the computer with the piece of paper and a pencil in their hand. You know, working through that issue, you could put an amazing analyst with with very few tools, next to somebody who's got multiple, multiple subscriptions to all of these wonderful security vendors, but they're they're green in the space. I'm going to go with the person who's got the experience and less fancy tools to be able to get the job done. It's no different than if you're trying to do Julia Child's cookbook or you're trying to paint something beautiful If you have paints in front of you on a canvas. It really depends on the person that's actually doing the work and I think that's a big factor that families should be thinking about.

Speaker 2: 39:40

Whenever you do these scrapings or tech assessments, five minutes later they're out of date in real terms. So it can give you a false sense of security. If you're not careful. In that, someone said to you no, you're all clear. Well, that's why you need to have kind of ongoing monitoring or ongoing analysis, because actually, things change and, and you know, data has been published every day about you. It's being leaked and uh, and so that's one thing. You know. Kids are are taking selfies every day. What's in the background of the selfie is that is that giving away, you know, a piece of artwork you've got in your home, or your tail number of your flight or something.

Speaker 2: 40:22

So it's a constant process which is partly educational for for all the different generations, but it goes back also, I think, to the integrity of the, the people that are working with family offices around. Do you really care about the family you're working with? Or are you just into sort of sales figures? And you know, we've signed up another family and and we've implemented our and we're, all you know, ready to go. And you know, we both know, and I certainly know from my experiences family offices in some respects are like honeypots.

Speaker 2: 40:56

People think because they're wealthy? They are, you know, they're an attractive customer, but the reason they're wealthy partly is because they manage their wealth properly, so they're not going to just throw it around everywhere, they're going to look and scrutinize around. Well, are you actually providing the service you say you are, and can I, can I, work with you? Are you somebody that that is going to provide me a good value and actually look after our family? Um, and I would certainly say, anyone who is, who works in this industry or within family offices, you know, needs to read this document. The one, the one issue that that struck me is and we touched on it a moment ago is that physical security is not really mentioned, particularly in the report. Why is that?

Speaker 3: 41:39

well, I think, uh, physical security you know we did touch on it at a couple different places and focus on it and I think it's certainly security operations and how people are looking at physical security, both when they're at home, at their could be multiple residences, could be the place of employment or traveling for you know, traveling to work in austere environments, for work or for pleasure, really goes down to having somebody that can do the physical security evaluation. But that's a very expensive proposition for these families to think about, because if they're going to hire an inside person to do physical security or have that expertise, because it's a very complex discipline of doing physical security, it's not just something that you can sort of understand and implement it just like. Imagine somebody saying they, they dabble in cyber security. It's the same thing there you have to have people that are trained and there's different types of training and different types of expertise and backgrounds that make sense. For for this area again, it comes down to discerning what, what, what, what does good look like in physical security and how do you bring an outside consultant to support on those areas and for many families that's the right decision. It's much more efficient. That group is looking at physical security threats across multiple organizations, multiple families and bringing you the best of breed of what's there.

Speaker 3: 43:29

And it comes to that ever-present notion that families have to think about is that tradeoff around insourcing and outsourcing. Insourcing gives you some great advantages, Outsourcing gives you some great advantages. Nothing is better. It just has to fit into what that particular family is looking for and makes sense for them, and I think there are increasingly smart and capable groups out there speaking on this issue of how to do security operations for a family, how to audit the security operations for a family and physical security operations for a family make sure that they're done properly.

Speaker 3: 44:17

And I think that's an area and I know you've touched on this in other podcasts that you've done too, and I too, and I I think it's a. It's an, it's an area that I think a lot of people have to take very seriously. The world is a very dynamic place. It's certainly getting interesting in many good and many bad ways for families, whether it's their business operations or their family's need for movement around the world, and I think you've got to have somebody that has the expertise and the right kind of expertise in that area for their family to be secure.

Speaker 2: 44:55

So you've touched there on geopolitics. I think in terms of what's going on in the world, it would be remiss of us not to talk about that before we finish, because the world is in a very difficult place Politically. Around the world we've got huge change going on, with lots of elections, and you know France only overnight have kind of called a snap election because a huge shift towards the right. So how does geopolitics? How does that create a risk for family offices?

Speaker 3: 45:24

Well, it could be on a number of fronts. Um, it could be if they have got business dealings in that part of the world, or their, their, their operating companies or their investments are operating in that world and they've got to think about, um, how that affects them. That that's a very easy way, but look at just the issues around sanctions and trade compliance that came up in a big way after February 22 and Russia's illegal invasion of Ukraine. You know that sparked a whole new discussion around those issues that people have to be cognizant of and have the right expertise. That's looking at that, because that is also an area where it's very dangerous for people to dabble and dabble in expertise in that particular field, and I think that's another area that can play very big for them. And issues around geopolitics can also mean issues around regulation.

Speaker 3: 46:30

There were several instances in the last 10 years a little bit longer than 10 years, let's say, last 15 years in the United States where there was increased scrutiny around family offices and you typically get them at inflection points of economic crises in the United States Of reducing the in a sense would be reduction of privacy for these individuals. The regulators see it in a different light, but the families saw it in the light of where they would have privacy reduction and you have to stay smart about them. But I think one of the things that families will struggle with is creating industry groups, as you would. Let's say you're in the automotive industry. There's automotive industry groups that are there to gather information about what policymakers are thinking and doing and having that voice with the lawmaker and the political folks. Families don't do that very often. There's one or two groups in the United States that kind of work in that area, but it's not a very organized group. There's a lot of that around family business, family-owned businesses. There's a tremendous amount of advocacy that gets done on that part, but not so much for family offices. It tends to be very reactionary. There's a lot of different factors for that. I mean the privacy issues that families have, the fact that families are very different, the fact that you see, if you work with family offices they tend to be very resource constrained. So this is just looked upon as like we'll react to this when it's necessary, but that can be a challenge for them too.

Speaker 3: 48:18

But privacy is one of those areas that also can come up around geopolitical changes. I think of it as either a privacy or a privacy depression, depending on my mood or if I've had my coffee that morning. That's happening around globally. We are in a deficit, despite regulatory matters and legal frameworks and other issues supporting of privacy the right to be forgotten, gdpr it's a hodgepodge of privacy laws around the world. And what can people do with their data? I mean, even within the United States, privacy laws vary by state and can dramatically be different of what's out there. And when you consider what people are willing to give up in terms of their identity and their privacy to get a free service, imagine what we're willing to give up in terms of our privacy to go get a free email address. It's astonishing. And if you translated that into other areas that we talked about around legal or physical risk I think people wouldn't wouldn't think about, wouldn't think about making those trade-offs in a million years.

Speaker 2: 49:30

But around digital issues, uh, we see that play out and I think that that's another issue that can be a second order effect of a lot of geopolitical uh issues that you see around the world and just being smart about that and so, geopolitically though you you presumably I mean you know we started the discussion by and we touched in there about being quite reactionary but but what you probably need in an, in an era where reputation is so, so connected now to wealth and everything else and all the issues there is, you're going to need some degree of horizon scanning, because, although things happen very quickly, we need to be looking at what's going on in the world, politically, etc.

Speaker 2: 50:16

So that we can look at the investments that we're doing, look at the partnerships and people we're working with, because, of course, overnight things can change and the people you're working with, the places you're investing in, the products you're investing in, can all of a sudden pose huge reputational issues if you're not horizon scanning and not being proactive. And that reactive mentality can be you know, must be must be seen as a potential counterproductive and a costly strategy.

Speaker 3: 50:50

Yeah, but I think we talked about this before and I think you mentioned it as well. This doesn't have to be. This can be a very resource efficient process. It just has to be done and it has to be planned for. It's much easier to do the preventative issues. It's much easier to think about supply chain risk and counterparty evaluation before you know. In a proactive stance, that is, to react to something that that happened, that you don't have control over, that happened in a third jurisdiction that you're, that you're investing or dealing with or have interest in. And I think that's an important factor for these families is to not think that this has to be a costly factor. It has to be overly complex, that you're going to have to take away my phone and I'm going to have to communicate through written word, but it's also having a plan when something goes bad and practicing plans around crisis management, whether that crisis is something small or something major.

Speaker 3: 51:57

And I always give families a very simple five question crisis framework because it's it's easy to remember. You know when people I'm sure you get this question what vpn should I use? What software should I use? What this should I use? I said the one that you're actually going to use tends to be a very good, very good choice the one that you're actually going to implement, because you can have the world's greatest password manager. But if you can't remember your password or all these different, or you only use it sporadically and you go back to old habits, it doesn't matter. But when I say for a crisis management framework, the same thing, keep it simple.

Speaker 3: 52:38

Ask yourself five questions. When something goes wrong, who am I? What's my mission, what have I lost, what do I have yet to lose and who am I? What's my mission? What have I lost, what do I have yet to lose and what am I missing? And you can use these questions for your family when something goes wrong with different family office employees part of these table talk exercise that you're doing internally, or bringing outside consultants with different expertise in there, or if it's something broader, but just having those opportunities and using that, because oftentimes you want to get the family together to talk about different factors and maybe it's a very heavy numbers and returns and investment focus meeting. Focusing on these types of issues and exercises goes back to the conversation we had earlier about training and education. It doesn't have to be overbearing to be effective, and the world is not full of doom and gloom. There's lots of there's lots of ways that you can be effective. There's risk everywhere. There's risk crossing the street, but that doesn't mean that we have to sit in our homes.

Speaker 2: 53:50

Wonderful. I think that's the perfect place to end the conversation. Thank you, eddie, so much. I will implore again, as a final one, that everyone should get a copy of this report. It will certainly be on the link in the notes, because I think it's one of the most valuable documents, uh, and I'm sure you'll do it again in another couple of years when, when things change again, um, as they will. But, eddie, for now, thank you so much for being a guest on this podcast well.

Speaker 3: 54:18

Thank you, philip, and thank you for putting this together. I think it's an invaluable resource resource for families and companies that are looking at their risk profile, and it's great that you have been doing this, and I really appreciate your time and hope everything is well, thank you.

Speaker 1: 54:38

Thank you for listening to the Diffuse podcast with host Philip Rendell, CEO and founder of Diffuse. Please rate, review and subscribe on your favorite podcasting platforms.