Trend 1: Family offices are particularly vulnerable to fraudsters – online and offline
The growing number of people involved in the world’s rapidly expanding crypto economy, combined with its increasingly decentralized structure, is presenting new opportunities for online criminals – and family offices are high on their target list, as the public nature of blockchain has allowed criminals to screen for and focus attacks, based on the size of wallets.
The UK’s National Crime Agency (NCA) lists the most common forms of cybercrimes as: hacking, including social media accounts and email passwords; phishing, which involves bogus emails asking for security information and personal details; malicious software, including ransomware; and distributed denial of service attacks against websites, often accompanied by extortion threats.
A significant majority of family offices surveyed by EY in 2021 had suffered a cyber breach as a result of these activities. It’s also alarming that an equally high number of respondents had no breach response plan in place. But more encouragingly, a growing number of family office clients are looking beyond the established priorities of structuring deals and confirming valuations. They are asking for support in reviewing the security credentials of any party involved in a deal before initiating transactions. In some cases, family offices are also seeking guidance on tracing stolen crypto assets.
As a minimum, family offices should undergo a formal risk assessment every year to assess fraud and risks, and ensure controls are in place to mitigate them. Importantly, a risk assessment should pay equal attention to online and offline fraud. This is because any gaps or weaknesses in online security infrastructures act as a gateway to traditional forms of fraud. That is because the emergence of the crypto economy has left in place the three factors that invariably lead to fraud: opportunity, motive and weak protection. The fraudsters’ tried and tested tactics of impersonation, misrepresentation and “smash and grab” are alive and well in both the online world and in the physical world.
Trend 2: Regulations governing cryptocurrencies are becoming increasingly heavy and complex
A key reason for the rise in fraud cases is weak regulation. The use of crypto assets has flourished in the form of a weakly regulated, decentralized form of finance. The lack of regulation also allowed the number of fraud cases to rise. But this is beginning to change. Although tighter checks and balances are welcome, changes to the regulatory landscape are imposing increasingly heavy burdens.
The requirements associated with Anti-Money Laundering (AML) and Know Your Client (KYC) regulations are placing particularly heavy procedural demands on family offices overseeing a portfolio of crypto assets, as well as the companies that hold these assets.
Regulators are starting to ask for increasingly extensive historical records on crypto assets. There is a general assumption among asset holders that these records are either stored on blockchain or within the cryptocurrency exchanges. But this is not always the case. Sometimes the historic information is difficult to extract. In other cases, it was never stored in the first place. Overall, the level of regulatory risk continues to rise. To complicate matters, there are significant inconsistencies between advanced and less advanced jurisdictions, where rogue traders are free to operate in unregulated environments.
This is having an impact on trading platforms. Recently, for example, some trading platforms have started to ask for higher levels of KYC information disclosure before allowing customers to remove any cap on withdrawals from their accounts.
The changing regulatory landscape is also having an impact on new relationships that family offices develop with advisors and banks. Family offices trying to open new accounts are advised to develop KYC packs that cover areas such as transaction histories, proof of ownership of their crypto assets, and a review of previous ownership of these assets.