Risk Management Framework – Limits & Control Process

5 mins read

Risk models only have value if they are used effectively in combination with limit management and control process. While a control function requires and relies on reports, the key is not the generation of quantitative numbers, formatted in ten different variation and cuts, it is the interpretation and application of that analysis that matters. The objective of a risk function is to not just gather data, run reports, submit and analyze them, it is to ensure that unpleasant surprises and their impact is limited. While you can’t control the timing and magnitude of such surprises, a well managed and well run risk function can help manage expectations as well as plan ahead for unexpected shocks.

Limits play a major role in achieving that objective. But where do you start when you first review limits. How do you decide what is acceptable and what is not.

Ideally, the limit setting process should be based on the following core principles.

  • Before limit setting, a review of what is considered prudent risk and a review of normal business threshold for key risk measures should be completed. This sets the baseline level for limit calculations.
  • Limits should be risk based, i.e. the measurement of limit utilization should be directly proportional to the amount of risk taken.
  • Limits should be fungible at lower levels. The trader should be allowed to take risks to exploit the best opportunities available without being too tightly bound by complex rigid multi layered limit system. Similarly, a senior trader should be allowed to move limits from one subordinate desk to another.
  • Both hard and soft limits need to be set. If the limit is hard then traders know that they will be disciplined or fired for violating the limit. If the limit is soft a violation simply leads to documentation, exception reporting and a conversation where the trader is advised to reduce the position.
  • If a portfolio is to be managed within a given set of limits, it should not be possible for changes in another portfolio to cause the limits for the former portfolio to be broken.

The Limit framework relies on both operational (stop loss, action trigger) and transactional (position, dealer, desk, product) limits. We take a look at both Operational (exception or management action) Limits

Operational limits are generally exception limits that require immediate management action or intervention when the limit is breached and generally lead to a partial reduction or a closeout of the offending transaction.

Capital Loss & Stop loss limits

Stop loss limits act as a safety valve in case something starts to go wrong. Stop loss limits state that specified action must take place if the loss exceeds a threshold amount. Tight stop loss limits reduce the maximum possible loss and therefore reduce the capital required for the business. However, if the limits are too tight they reduce the trader’s ability to make a profit.

The first step in setting stop loss limits is to determine the appetite of the company regarding its risk tolerance. This translates to specifying the amount of capital that the company can afford to lose.

Besides stop loss limits discussed above the following limits should also be set:

Inventory age limits

Inventory age limits set the time for which any security is held without being sold. This is to prevent traders from sitting on illiquid positions or positions with an unrecognized loss. The time allowed will depend on the overall purpose of the desk. If the desk is expected to trade in and out of the position quickly, the limits will be on the order of days. If the desk is expected to use long-term strategies then the limit can be on the order of weeks or months.

Concentration limits

Concentration limits prevent traders from putting all the eggs in one basket. They ensure that the traders’ risk is not concentrated in one instrument or market. For example, the equity desk may be limited to a maximum of 3% in any one company. This may also be subject to a limit on the total percentage of that company’s equity that may be held.

Transaction Limits

While it is common to raise and approve exceptions to a transaction limit, a high frequency of such exceptions implies that the risk process and limit setting threshold need to be re-calibrated again. The calibration is required because either the market has moved to a different level of volatility and volume or the limits framework is out of touch or broken down and is no longer being taken seriously.

Exposure and sensitivity limits

Exposures limits are control limits that restrict the dollar amount that can be booked in a given day in any dealer, product, desk, tenor, risk combination.

Pre Settlement Risk (PSR) and Potential Future Exposure (PFE) Limits

PSR and PFE limits are product based counterparty limits that measure the worst case loss that is likely to occur if counterparties default prior to settlement of the transaction. The worst case loss calculation assumes an unfavorable price movement, a client default and the cost of recovering or squaring the transaction again from the open market.

For instruments that trade and are re-priced on a daily basis, PSR and PFE consider the interaction of credit risk (a counterparty default) and price risk (the risk that the market has moved against us).

For example what happens when a counterparty defaults on settlement when

  1. He has to deliver a bond that you have purchased and
    • bond prices have moved downwards
    • bond prices have moved upwards
  2. He has to take delivery of a bond that you have sold and
    • bond prices have moved downwards
    • bond prices have moved upwards
  3. He has to deliver Euros that we have purchased and
    • US$/Euro Exchange rate has appreciated in favor of Euro
    • US$/Euro Exchange rate has appreciated in favor of US$

Hierarchy of Limits

For monitoring market risk, the company will need to segment the overall investment portfolio. They may for instance segment the portfolio by product, then trading desk, then trades. For each segment of the portfolio, limits will be defined. Generally, limits increase as you move up in the hierarchy. For example, market risk hierarchy may be established as depicted below. A risk metric is selected (duration, VaR, etc) and risk limits are specified for each component of the hierarchy based on this metric.

Once limits are set, the reporting and exception review process kicks in. It gets triggered every time market conditions change, or a limit is breached on a target indicator or a pre-defined review period starts or ends.

Control Process 1

The next two diagrams do a quick walkthrough of the process

For the process to monitor and track target limits the reporting process needs to be set in such a fashion that early warning indicators, exception reports and management action triggers all get tracked and reported on a daily, weekly or monthly basis. Within these reports, it is important that exceptions are highlighted whenever they occur.

Control Process 2

What are these exceptions? There are three primary categories.

  1. A range breach where a metric being tracked suddenly jumps above or below a historical range or a barrier. These breaches can occur at single or multiple points.
  2. Volatility breach where there is a sudden increase or decrease in underlying volatility.
  3. A systemic degradation where values for the metric being monitored fall below historical thresholds and stay there.
Risk Framework 1

Good reporting systems make it easier to highlight exceptions when they occur rather than hide them in the volume of data and reports that are being produced.


It is time to revisit the first image we presented when we started. The right risk management mindset is not driven by a single moving part. As we have seen above, it is driven by eight inter-related elements. For it to work, they all need to come together and work. If you get just one of these elements right (data or model or policy or process or limits or control) and miss the others, the approach will fail. This course is based on the material presented in earlier editions of Pakistan Risk Review, the soon to be released Understanding Commodity Risk textbook and the work done by Alchemy Technologies in the region in the area of financial risk management and Basel II reporting for the banking industry in Pakistan and the Middle East. It presents an extension of well accepted risk models in the financial services space to the risk management needs of the oil, gas and petrochemical industry in the region.

Comments are closed.