Family Office Vendor Selection and Evaluation Framework

Why vendor selection deserves a governance framework of its own

Family offices spend considerable effort selecting investment managers but apply surprisingly little rigor to the operational and advisory vendors that underpin daily functions. According to a 2023 survey by the Global Family Office Report, 61% of single-family offices had no formal written process for evaluating new service providers, and only 34% conducted structured reference checks before signing multi-year agreements. The consequences are predictable: entrenched relationships that outlive their usefulness, contract terms negotiated under time pressure, and data held hostage by vendors whose departure would trigger operational paralysis. A governance framework for vendor selection is not bureaucratic overhead — it is risk management.

The vendor universe a family office must navigate is broader than commonly acknowledged. It spans investment reporting, consolidated accounting, tax compliance (including FATCA, CRS, and increasingly BEPS Pillar Two country-by-country obligations), custody, legal, family governance advisory, cybersecurity, and insurance. Each category carries distinct evaluation criteria, fee structures, and contractual risks. Applying a single generic procurement process across all categories produces poor outcomes; the framework must be modular.

Building the buying-decision RACI

Before issuing a single request for proposal, the family office must establish who is Responsible, Accountable, Consulted, and Informed for the vendor selection decision. This sounds elementary, but in practice the RACI frequently collapses because the principal family member is nominally Accountable but operationally absent, the CFO is Responsible but lacks authority to eliminate candidates, and external advisors are Consulted but have undisclosed relationships with the vendors being evaluated. The resulting process is slow, political, and vulnerable to vendor capture.

Best practice assigns a single Accountable party — typically the Chief Operating Officer or a designated family governance committee — with explicit authority to make the final selection. The Responsible party, usually a senior staff member, manages the process timeline and documentation. Consulted parties must disclose conflicts of interest in writing before participating: this is particularly important when engaging an existing advisor to help select a new one in the same functional category. Informed parties, including the principal family, receive structured updates at defined decision gates rather than continuous access, which tends to destabilize evaluation criteria mid-process.

The most expensive vendor selection mistake is not choosing the wrong vendor — it is beginning the process without clear accountability and then compromising on criteria to reach a conclusion.

Structuring the RFP across three phases

Phase one: capability screening

The initial RFP document should be lean — no more than 15 to 20 questions — and designed primarily to eliminate candidates who cannot meet threshold requirements. These thresholds vary by vendor category but typically include minimum assets under administration or advisory (for reporting and custody vendors), jurisdiction-specific licensing (particularly relevant for investment advisors operating across EU member states under MiFID II, or discretionary managers subject to AIFMD), professional indemnity insurance minimums, and references from comparable family office clients by asset complexity, not just asset size. Sending a 60-question RFP to eight vendors simultaneously signals that the family office has not done preliminary filtering and will produce a volume of responses that no small internal team can meaningfully evaluate.

Phase two: technical due diligence

The three to four vendors who pass phase one should receive a substantially more detailed questionnaire covering their operational controls, data security practices, sub-contractor and outsourcing arrangements, regulatory examination history, staff turnover rates, and succession plans for key relationship personnel. Staff turnover is a materially under-examined variable: a 2022 analysis by Campden Research found that family offices cited relationship continuity as their primary dissatisfaction with accountants and tax advisors, yet fewer than 20% asked prospective vendors about partner or senior manager retention rates during due diligence. Vendors should be asked to provide audited financial statements or, at minimum, a letter from their auditor confirming going-concern status for engagements that would represent more than 5% of the vendor's revenue from a single client — a threshold at which dependency risk runs in both directions.

For vendors handling consolidated reporting or multi-jurisdictional tax compliance, technical due diligence must include a data architecture review. The family office should understand precisely where data is stored (country of domicile matters under GDPR and Swiss Federal Act on Data Protection), what encryption standards are applied, and crucially, in what format data can be extracted upon contract termination. Vendors who cannot provide a clear answer to the last question should be eliminated at this stage.

Phase three: commercial negotiation

Only two vendors should advance to commercial negotiation. Running a genuine competitive process through to the final stage requires that both candidates believe they are in contention — a dynamic that disciplines pricing and contractual terms. It also creates the basis for a backup relationship if the primary vendor fails to deliver in the first 12 months. Fee transparency is the primary objective of phase three: flat retainers, time-and-materials arrangements, and basis-point fees on assets all have different incentive structures, and the family office should model total cost of ownership over a five-year horizon under pessimistic assumptions about scope expansion.

Conducting reference checks that actually inform the decision

Most vendor reference checks are performative. The family office accepts three contacts provided by the vendor, conducts brief phone calls, and records positive responses as validation. This process is designed to confirm a decision already made, not to test it. A more rigorous approach requires four specific adjustments.

First, ask references for references. A client who has been working with a vendor for seven years can often identify two or three other clients they know personally; these secondary contacts, unfiltered by the vendor, tend to offer materially different assessments. Second, request at least one reference from a client who departed — either by asking the vendor directly (declining to provide one is itself informative) or by researching industry networks. Third, conduct reference calls without the vendor present and ask specifically about service degradation over time, staff turnover on the account, and how the vendor responded to errors. Fourth, for tax and legal advisors, ask about regulatory examination outcomes directly: a tax advisor whose work has repeatedly drawn adjustments from HMRC, the IRS, or Swiss cantonal authorities represents a different risk profile than one whose work stands.

Vendors curate their reference lists. The family office must treat a curated list as the starting point of reference due diligence, not the conclusion of it.

Contract terms that families regularly miss

Data portability and exit provisions

The single most important contract term in any reporting, accounting, or custody agreement is data portability upon termination. The contract should specify the format in which data will be delivered, the timeframe (30 to 60 days is reasonable; 180 days is a de facto lock-in), any fees associated with data extraction, and the standard to which historical data will be cleaned before delivery. Absent these provisions, the family office has no contractual basis for demanding usable data from a departing vendor, a situation that has cost several European family offices six to twelve months of operational disruption. This clause should be reviewed by independent legal counsel, not the vendor's standard form.

Termination-for-convenience clauses

Many professional service agreements presented to family offices include termination provisions only for cause — meaning documented material breach, insolvency, or regulatory action. A termination-for-convenience clause, typically exercisable with 90 to 120 days' notice, gives the family office flexibility to exit a deteriorating relationship without litigation. Vendors will resist this provision, particularly for implementation-heavy engagements where they carry upfront costs; a reasonable compromise is a bilateral convenience termination right that does not activate until 12 to 18 months post-implementation.

Audit rights and sub-processor disclosure

For vendors handling sensitive financial data, the contract should grant the family office (or its designated third party) the right to audit the vendor's controls annually, consistent with SOC 2 Type II or ISAE 3402 standards. Sub-processor disclosure — a requirement embedded in GDPR Article 28 — should be extended to all service agreements regardless of whether data subject to EU regulation is involved, because it reveals the full vendor dependency chain. A reporting vendor whose core processing is outsourced to a sub-contractor in a jurisdiction with weak data protection law represents a governance risk that the contract must address explicitly.

Service level agreements with defined remedies

SLAs in family office vendor contracts are frequently aspirational rather than contractual — they describe desired service levels without specifying financial remedies for breach. A robust SLA should define response times for critical issues (same business day for reporting failures; 48 hours for general queries), uptime commitments with measurement methodology, and fee credits or right-to-cure periods tied to specific metrics. For tax compliance vendors, consider attaching SLAs to filing deadlines, particularly for multi-jurisdictional structures with cascading IRS, HMRC, or BVI filing obligations.

Ongoing vendor governance after selection

Vendor selection is a point-in-time decision; vendor governance is continuous. Family offices that invest in the selection process but then manage vendor relationships entirely through informal contact lose the value of their initial diligence within two to three years, as staff changes on both sides erode institutional knowledge of agreed terms and original service expectations. An annual vendor scorecard — evaluating responsiveness, accuracy, proactive communication, staff continuity, and regulatory compliance — provides a structured mechanism for identifying deterioration before it becomes acute. For critical vendors, the scorecard review should involve both the internal team and the principal family, with a documented outcome and a defined escalation path if performance falls below threshold.

Concentration risk deserves explicit attention in ongoing governance. A family office that relies on a single vendor for consolidated reporting, custody reconciliation, and tax data aggregation has created a single point of failure with no operational redundancy. The governance framework should define maximum concentration limits — for instance, no single vendor responsible for more than two of the five core operational functions — and review compliance with those limits at least annually. Regulatory developments, including the expanding scope of BEPS Pillar Two compliance requirements for families with operating company structures across multiple jurisdictions, are adding functional demands that incumbent vendors may not be equipped to meet, making periodic competitive re-evaluation not merely prudent but operationally necessary.