A Crisis Management Framework for Family Offices

A family office exists, at its core, to protect and steward wealth across generations. That mission is tested not in ordinary quarters but in moments of acute disruption, when decisions must be made quickly, under incomplete information, with consequences that can compound for years. Yet fewer than half of single-family offices maintain a written crisis management framework, according to surveys conducted by family office associations in Europe and North America over the 2021 to 2023 period. The absence is not a product of negligence so much as optimism: crises feel remote until they arrive.

This article presents a structured, operational framework built around five crisis archetypes that are specific to the family office context. For each, it addresses the playbook structure, the decision rights that must be pre-assigned, and the escalation paths that keep a crisis from widening. The framework is designed to be adapted, not adopted wholesale; every office has a different principal family, legal structure, and staff configuration. What is non-negotiable is that the work is done in advance.

The five crisis archetypes

Family offices do not face the same crisis landscape as corporations. They lack a communications department, a legal team on salary, or a board with independent directors to absorb institutional pressure. What they do have is concentrated exposure, both financial and personal, to the principal family. That concentration shapes the crisis map.

Principal health emergency

The incapacitation, serious illness, or death of the principal or a key family member triggers immediate questions about investment authority, signatory rights, estate mechanics, and family communication. This is simultaneously a legal crisis, an operational crisis, and an emotional one. The playbook must pre-identify who holds durable power of attorney, which accounts require dual signatories, and what the notification sequence is for advisors, trustees, and counterparties. Many family offices treat succession planning as a five-year horizon project; the health emergency playbook treats it as a 48-hour operational problem.

Market dislocation

Rapid drawdowns exceeding 15 to 20 percent in liquid portfolios, margin calls on leveraged positions, or a liquidity freeze in private market fund structures each demand a coordinated financial response. The 2020 March liquidity event saw bid-ask spreads on investment-grade credit widen by more than 200 basis points within days, catching offices that had not pre-established liquidation hierarchies. The playbook here defines which asset classes are liquidated first, what drawdown threshold triggers a principal-level review versus a CIO-level decision, and how currency hedges are managed under stress. Critically, it also defines what the office will not do under pressure, specifically, it should prohibit unilateral asset sales above a defined size without a documented two-person review.

Reputational and public-facing exposure

A family member's involvement in litigation, a leak of financial information, a social media event, or an association with a counterparty under regulatory scrutiny can create reputational pressure that is largely outside the office's control. The reputational playbook does not attempt to manage public opinion; it defines who speaks, who does not, and on what timeline. The default position for most family offices should be a single designated spokesperson (typically outside legal counsel) and a strict 24-hour internal review window before any statement is made. Absent that discipline, individual staff members fill the vacuum, often inconsistently.

Physical and cyber security incidents

Physical security incidents range from theft and residential intrusion to threats against family members traveling internationally. Cyber incidents include ransomware, business email compromise, and data exfiltration. The two categories share a playbook architecture: immediate containment, notification, and forensic preservation. A critical operational point is that the cyber incident playbook must not rely on the systems that may be compromised. Offline, printed protocols stored in a physically secure location are not an anachronism; they are the failsafe. Notification timelines under the EU's General Data Protection Regulation (GDPR) require breach reporting to the relevant supervisory authority within 72 hours where personal data is affected, a deadline that has no flexibility.

Regulatory and tax authority action

A regulatory inquiry, audit, or enforcement action from a tax authority, financial regulator, or exchange control body is a crisis that arrives in writing, usually with a response deadline. The playbook for this archetype is the most process-driven of the five. It must map the relevant regulatory frameworks, including FATCA and CRS reporting obligations, AIFMD compliance requirements for offices managing third-party assets, MiFID II conduct obligations where applicable, and BEPS Pillar Two implications for family offices with international holding structures. Each of these carries defined timelines. A CRS inquiry typically allows 30 days for a response; an HMRC Code of Practice 8 investigation or an IRS summons carries its own procedural clock. The playbook maps those clocks and assigns response ownership.

Decision rights: the architecture of authority

The single most common failure in family office crisis management is not the absence of a plan but the absence of pre-assigned authority. When a crisis arrives, the question of who can instruct a broker to liquidate a position, who can engage outside legal counsel, or who can release a statement to the media should already have a documented answer.

Decision rights in a crisis framework are best expressed as a simple matrix with three tiers. Tier one covers decisions that the Chief Operating Officer or office director can make autonomously, up to defined financial limits, typically in the range of engaging professional advisors up to a capped daily cost and authorizing liquidity moves below 2 percent of the liquid portfolio. Tier two requires principal or designated family trustee involvement: anything above those financial thresholds, any public statement, and any engagement with a regulator. Tier three, covering decisions such as activating estate documents, initiating legal proceedings, or authorizing a major asset disposal, requires documented family council sign-off, even if that sign-off is obtained remotely and asynchronously.

The function of a decision-rights matrix is not to slow the response. It is to prevent the response from being taken by someone who did not have authority, creating a second crisis on top of the first.

The matrix must also address what happens when the decision-holder is unavailable. A backup chain for each tier, pre-designated and communicated to all relevant parties, is not optional. In a health emergency, the very people at the top of the authority chain may be the subject of the crisis.

Escalation paths and the 90-minute window

Escalation thresholds are most useful when they are expressed in objective terms rather than qualitative ones. A threshold defined as "significant market volatility" is inoperable; a threshold defined as a 10 percent drawdown in the liquid portfolio within a five-trading-day window is actionable. Similarly, a reputational trigger might be defined as three or more media mentions referencing the family name in conjunction with a legal or regulatory term within a 24-hour period.

Once a threshold is crossed, the escalation path activates a war-room protocol. This protocol has four components. First, a fixed communication channel, established in advance and known to all crisis-team members, that does not depend on potentially compromised systems. Second, a defined quorum: the minimum number of people required to begin substantive crisis decision-making, typically the COO, legal counsel, and one family representative. Third, a 90-minute first-response window, meaning the crisis team has 90 minutes from activation to produce an initial situation assessment and a decision on immediate containment actions. Fourth, a documentation requirement: all decisions made in the first response window are recorded contemporaneously, with timestamps, for legal and governance purposes.

The 90-minute target is not arbitrary. It reflects the practical reality that most external counterparties, including media outlets, regulators, and financial counterparties, will form initial judgments within the first two to three hours of a crisis becoming visible. Silence is itself a signal. A structured first response, even one that simply acknowledges the situation and confirms that the office is assessing it, is materially better than no response.

Testing the framework: tabletop exercises

A written playbook that has never been tested is a hypothesis. Tabletop exercises, conducted at least once per year and ideally twice, convert the playbook from a document into muscle memory. A well-run tabletop exercise presents the team with a scenario, walks through the first 24 hours in real time, and surfaces the gaps: the notification number that is out of date, the backup signatory who was never formally designated, the liquidation hierarchy that assumes market liquidity that may not exist.

Scenarios should rotate across the five archetypes rather than defaulting to the archetype the team finds most comfortable. Most offices, if left to choose, will run market dislocation exercises because the team has financial expertise. Health emergency and cyber security scenarios are typically less comfortable and therefore more revealing. An external facilitator, usually a specialist in crisis management or a senior advisor from the office's legal or risk advisory network, adds objectivity that internal facilitators cannot provide.

Post-crisis review and playbook maintenance

The crisis management framework is a living document. After any activation, whether a full crisis or a near-miss that triggered the first escalation threshold, the team should complete a written lessons-learned report within 30 days. The report should address three questions: what the playbook said to do, what was actually done, and what the gap between those two reveals about the playbook's assumptions.

Playbooks should also be reviewed against changes in the office's legal and regulatory environment. A family office that expands its holding structure into a new jurisdiction, or that brings a new asset class into the portfolio, may face regulatory timelines or reporting obligations that the existing framework does not contemplate. BEPS Pillar Two, for example, introduces a global minimum tax rate of 15 percent for groups with revenues exceeding 750 million euros, with qualified domestic minimum top-up tax mechanics that vary by jurisdiction. An office operating through a multi-entity structure should verify that its regulatory crisis playbook reflects these obligations and the timelines associated with them.

The mark of a mature family office is not the absence of crises. It is the presence of a team that knows exactly what to do in the first 90 minutes of one.

Crisis management is not a compliance exercise. It is a governance commitment to the family's long-term interests, executed through preparation rather than reaction. The five archetypes, the decision-rights matrix, the escalation thresholds, the war-room protocol, and the annual tabletop exercise form a coherent whole. Each element depends on the others. A decision-rights matrix without escalation thresholds produces authority without trigger; escalation thresholds without a tested war-room protocol produce urgency without coordination. The framework functions because its parts are integrated, maintained, and understood by the people who will need to use it under conditions that are, by definition, adverse.