Font, middle and back Office
The front office is literally the bank's interface with the market. The front office coordinates and handles all the needs of the bank and its clients with respect to hedging and financing.
- Investment, position management
- trading, arbitrage
Front-Office information systems :
- Electronic listing and trading systems
- Position-keeping systems often specialised for certain financial instruments (derivatives, fixed-income products, stock markets, etc.)
- Transverse systems: risk monitoring, liquidity forecasting
The middle office, located very close to the front office, ensures the control and processing of transactions.
The back office monitors the post-market processing of transactions: confirmation, payment, settlement and accounting.
On all levels, the efficiency of the information system is defined by its ability to process transactions automatically and in a secure manner: the byword is STP (Straight Through Processing): the transaction is processed straight through. In other words, the transaction is processed with little or no manual intervention.
Risk is any event that could prevent an organization from achieving its objectives or maximizing performance.
There is no financial or economic activity in general, without risk-taking. In the context of market activities, a distinction is made between the following categories of activities:
- Credit risk or counterparty risk: the risk that a third party does not fulfill its commitments: non-repayment of loans, or the risk of non-payment of amounts owed by internal customers (account customers) or external customers (market counterparties).
- Market risk: exposure of a portfolio to market fluctuations. Exposure to market risk exists when the bank has taken a short or long, buying or selling position on a given financial instrument.
- Finally, the implementation of the Basel agreements has put operational risk at the forefront: it is the risk that a human error, a malfunction (typically of information systems) or an external event disrupts the achievement of the bank's objectives.
Note: Contrary to what intuition would suggest, the assets of the company (banking or not) are what is at risk. The realisation of the risk reduces the value of these assets or prevents the company from meeting its "value creation" objectives.
The risk strategy involves several incremental steps.
First, assess the risk, which includes assessing the potential loss generated by the realisation of the risk, and secondly (something even more difficult) estimating the probability of the risk occurring.
Assessment methods vary according to the type of risk studied. To be relevant, the calculation of risk exposure must be done at different levels of aggregation (by portfolio, profit center, department, branch, etc.) up to the most global level of the bank.
The risk assessment must be carried out initially in absolute terms, without taking into account any preventive or corrective measures applied. It is very important to be able to assess the potential impact of the risk, as it will have to be weighed against the cost of future preventive or corrective measures. Cost-intensive measures to prevent low risk would not be rational.
Secondly, risk control consists of limiting exposure a priori by defining limits beyond which it is no longer possible to take a position without the authorization of a risk manager. This method is particularly used for credit risk control. It aims to avoid risk taking beyond an acceptable limit.
Hedging against risk consists of taking positions in financial instruments, often derivatives, the value of which varies inversely with the value of the assets exposed to risk. Hedging is therefore effective when the risk is realised in order to reduce its effects; if the risk is not realised, the hedge will only have generated a cost.
It is also possible to transfer the risk to a third party, either by subcontracting an activity or by taking out insurance.
Finally, the regulatory authorities, via the Basel agreements, require the institution to allocate a sufficient amount of equity capital to guarantee its solvency in the event the risks to which it is being exposed are being realised.
To be relevant, risk control must be comprehensive. The associated IT developments are therefore often complex "transversal" applications, often gathering information from all business centres.
Additionally, the risk control function must be performed within the institution by a separate department, usually reporting directly to senior management, and not to an operational department. Otherwise, the risk manager would be placed in a position of being judge and party. However, a good knowledge of the business lines is also necessary for the assessment of the risks involved, which is why some appointed risk managers can be relocated within each business line while still reporting to the central risk monitoring department.
- This sentence no longer appears on the site but is published here with the kind permission of the author, Glyn Holton.