Preventing Family Office Payment Fraud

Preventing family office payment fraud is a key area of concern for investors. And, protecting investors from payment fraud is a key service of many family offices. This post describes some of the ways family offices are the target of payments fraud and strategies to combat those threats effectively.

Imagine this, a wealthy investor commits to investing in a new venture capital fund. They fill out all the documents, and following approval, the first capital call is received. The notice arrives from the fund’s administrator, so the investor logs in, saves the notice, and processes the payment. Soon, the investor receives a statement showing the investment amount, and everything seems clear.

A few months later, a new capital call is received. This time, the capital call comes from an e-mail of the fund administrator with an attachment. Before sending the payment, the investor’s family office calls their account representative at the fund and is shocked to learn the latest capital call was a phishing e-mail and a scam.

Understanding Family Office Payment Fraud

For active family offices, phishing is a constant threat. And, this type of payment fraud is something all family offices need to be aware of and take precautions to protect investors from. Here are some general tips for family offices to prevent payments fraud:

Confirm Legitimacy with a Phone Call

A simple phone call confirmation can break many phishing schemes. Before making any payment based on email instructions, a quick call to the fund administrator or fund manager can verify the authenticity of the request. Don’t let them call you. You must call them with the contact information you have on file (not found in the latest e-mail correspondence).

Don’t Pass Sensitive Information Over Email

Avoid sending sensitive information over email whenever possible. If information must be passed over email, encrypt the attachments and establish a secure process for determining the related passwords.

Use Two-Factor Authentication and Segregate Duties

Segregation of duties between initiators and approvers of transactions is a key element to prevent payments fraud. In addition, implementing two-factor authentication adds an extra layer of security by requiring multiple steps to authorize transactions.

Break The Chain

Avoid using the same platform to share both sides of sensitive information, such as logins and usernames. When sharing information or making confirmations, use different platforms for each part. For example, share a username on one platform and the password on another (like phone call, then secure messaging app). Or, better yet, use a password app or encrypted file on a shared drive that is never passed outside. Never reply to emails or phone calls with requested information directly; instead, provide it via a shared drive or alternative secure method.

Use Portals, Not Attachments

Whenever possible, avoid using email to share documents. Instead, use secure portals and shared drives where access can be audited and delegated. This reduces the risk of phishing attacks and unauthorized access.

Improve Your Due Diligence Process

Many family offices facilitate investments in private investment funds. These private equity and venture capital funds often make capital calls requiring periodic large-value payments. Before investing in such funds, include a requirement in your due diligence process to vet the fund’s administrator. Ensuring the fund administrator is reputable reduces the risk of fraud from this source and helps screen out unsuitable investment funds. All quality investment funds use administrators where documents are posted to portals.

Require Principal Approval

Even though family office investors want to delegate the administration of their financial life to a team, they are usually still willing to approve large-value payments. This can be done easily using private banking. Family office staff can initiate payment either online or with their private banking representatives, and the private banker can either call the client directly to receive approval or have the client log into the banking portal to approve the payment.

Avoid e-mail Links

Don’t ever click a link in an e-mail received to log into any account. Instead, login from with web addresses from your own records. Phishing scams use this method to gain your common usernames and passwords and then use those in a variety of ways.

Conduct Regular Reviews

Part of robust reporting involves making information verifiable to those with authority. To catch unauthorized payments, create a reporting process that keeps track of expenses and payments, allowing for regular evaluations.

Preventing Family Office Payment Fraud

Preventing payment fraud in family offices requires vigilance, robust processes, and regular reviews. By implementing these strategies, family offices can protect their investors and maintain the integrity of their financial operations.

Take Action Today! To protect your wealth from payment fraud, consider performing a thorough review of your cash management process, implementing monitoring controls, and conducting training sessions on fraud detection. For expert assistance, contact us here.