14 December 2022
Why a Risk Register is key to Private Family Office Security.

Private Family Offices are corporate entities with a personal touch.
They also have a complex menu of risks that all must be managed to ensure success and succession.
The complex menu of risks that a Private Family Office (PFO) is unique to each family, based on their own strategies and structure. Most PFOs will have the benefit of advisers, hopefully including a security advisor.
The role of a security advisor often only extends to the physical and cyber risks that are apparent, with elements of travel included.
The role of a PFO Security Advisor should extend far beyond Executive Protection and must be an intrinsic and equal part of the team of advisors.
In today’s fast moving and interconnected world, there is always a potential problem on the horizon, the Ukraine being a prime example with China being one to watch.
A PFO’s investment strategy may be the role of the financial officer, however the Security Advisor can add value when they can provide intelligence on the geopolitical landscape and the individuals involved.
The ability to monitor current and impending risks is a key part of ensuring the family’s succession is ensured.
The challenge is how this is managed and recorded.
The Risk Register is the answer.
A risk register is a live risk management tool used to collect potential risk events, organise them by risk categories, and assign responsibility to who will own them. It also serves as a place to include additional information about each risk, like the nature of the risk and how it will be handled.
There are four steps to its success:
1) Identify the risks
2) Analyse the risks:
a) The likelihood of it happening (probability).
b) How much of a problem it would be if it happened (impact).
3) Plan the risk response
4) Control risks, allocating resources and ownership.
Within the register, emerging or potential risks can be recorded together with who owns that risk, the plan to mitigate and the costs involved.
Once the risks are mitigated, they can be removed, with new ones being added, ensuring that nothing is missed, the appropriate resources are allocated with a timeline of response to report back to the board.