I would really appreciate any comments/suggestions.
Your idea sounds pretty good, at least from Bitcoin point of view.
Since your customers are not tech people and it's risky to handle the private keys, they can clearly see their funds based on the address, on any block explorer. So you can handle the keys as you think it's best.
Because we talk about others' funds, a solution is 2-of-3 multisig, with key 1 at the owner, key 2 at you and key 3 in your testament. Or, if you are allowed to spend at any time, you can also have a copy of key 3.
Why 2 of 3 multi-sig? What benefit does that have over 2 of 2 multisig? That's just adding an extra layer of effort and complications. Who would be the 3rd co-sign? Its just adding more potential cost and complication. No?
The only benefit of using 2 or 3 that I can think of is in case my client loses his private key or seed words. But that would mean me being the custodian of the 3rd seed words or keys - which isn't problematic to store on a usb in a safety deposit box, but that would effectively give me full control over his wallet. probably not a major issue, but it's not ideal (perhaps)
In that instance, I might as well just hold his coin on a hardware wallet on his behalf. Which again isn't ideal longer term, if I start doing this for multiple clients I have, I will end up owning and looking after a dozen or so hardware wallets for clients - hastag nightmare