The limits and risks of risk limits

Limit frameworks are fundamental tools for risk management

A Limit Framework is a set of policies used by financial institutions (or other firms that actively assume quantifiable risks) to govern in a quantitative manner the maximum risk exposure permitted for an individual, trading desk, business line etc.

Why do we need limit frameworks? A limit framework is expressing in concrete terms the Risk Appetite of an institution to assume certain risks. The operational assumption is that staying within the risk limits defined by the framework is consistent with the degree of risk the firm is willing to accept while pursuing its business model. Limit frameworks offer the necessary flexibility demanded both by risk takers (the persons within the firm that undertake or underwrite risky projects) and the variable market environment with its ever evolving set of risks and opportunities.

Limit frameworks are not easy to get right

There are many pathologies associated with inadequate limit frameworks. The following table aims to enumerate common pitfalls, their impact and possible remedies

Pathology Impact Remedy
Non-existent or incomplete limit framework, either because risk is not been recognized, it is not considered material or is being resisted Poor overall risk management as both risk appetite and current amount of risk taking are not transparent Design, implement and use on on-going basis a suitable limit framework
The limit framework is miscalibrated. E.g. Too restrictive or too loose versus the risk appetite Loss of confidence in overall coherency of management, potential buildup of risk Ongoing monitoring of the framework and market conditions and timely adjustments
The limit framework is hard to use. The risk metrics used for limit setting are not easy to understand, interpret or apply Possibility of unintentional errors, inefficiency Where possible use proxy metrics that capture the essence of the risk appetite statement while still easy to work with
The limit framework is internally or externally inconsistent. E.g., Limits do not aggregate intuitively, do not much with other internal or external constraints (regulatory capital, stress testing etc) Loss of confidence in overall coherency of management, potential buildup of risk Use (as much as possible) a common measure of risk
The limit framework is too volatile. Excess variability of limits over time Loss of confidence in overall coherency of management, potential buildup of risk Adopt a hierarchical framework where higher levels are reflecting long term risk appetite (and should thus be less volatile)
The limit framework is not risk sensitive. E.g., poor selection of metrics, proxies or risk models Potential buildup of risk Where possible, backtest limit frameworks over time to verify sensitivity
The limits become the targets Anchoring bias and potential blindness to actual risks Clear description of limit nature (e.g. soft or hard limits). Review of utilization patterns over time.
Limit breaches are not enforced Loss of confidence in management. Potential buildup of risk Clear description of limit nature (e.g. soft or hard limits). Auditing of the framework performance by separate unit