What is a Risk Appetite Framework (RAF) and how does a bank's risk appetite statement work?
I'm studying Foundations of Risk Management for FRM Part I. The material mentions Risk Appetite Frameworks extensively, but I'm confused about how a bank translates a qualitative board statement into quantitative limits that actually constrain business decisions.
A Risk Appetite Framework (RAF) is the organizational structure through which a bank defines, communicates, and monitors the amount and types of risk it is willing to accept in pursuit of its strategic objectives.
The RAF Hierarchy:
Key Definitions:
- Risk capacity — The maximum risk the bank could absorb before becoming non-viable (function of capital, liquidity, and earnings)
- Risk appetite — The risk the board chooses to take, always below capacity
- Risk limits — Specific quantitative boundaries allocated to business units
- Risk tolerance — Acceptable variance around targets (e.g., VaR can fluctuate ±10% before escalation)
Example — Westbridge Capital Group (hypothetical):
Risk Appetite Statement (qualitative):
"Westbridge targets a moderate risk profile, prioritizing stable earnings and strong capital adequacy. We accept credit and market risks within our core competencies. We have zero tolerance for compliance breaches and reputational damage."
Translated into quantitative metrics:
| Metric | Appetite | Limit | Capacity |
|---|---|---|---|
| CET1 ratio | > 12% | Minimum 10.5% | 8% (regulatory floor) |
| Total VaR (99%, 1-day) | < $80M | Hard limit $100M | $150M (capital exhaustion) |
| Expected credit losses / revenue | < 15% | Max 20% | 35% |
| Liquidity coverage ratio | > 130% | Minimum 110% | 100% (regulatory) |
| Operational risk losses / revenue | < 2% | Max 3% | 5% |
How It Flows to Business Lines:
The $80M firm-wide VaR appetite gets allocated:
- Trading desk: $45M VaR limit
- Treasury/ALM: $25M VaR limit
- Reserve buffer: $10M
Each desk further allocates to individual traders, creating a cascading limit structure that connects the board's strategic intent to daily risk-taking decisions.
Common RAF failures:
- Appetite is set too vaguely ("moderate risk") without quantitative translation
- Limits exist but aren't actively monitored or enforced
- No feedback loop — breaches don't result in consequences or appetite revision
- Risk appetite doesn't align with the business strategy
For more on governance and risk frameworks, explore our FRM Part I course on AcadiFi.
Master Part I with our FRM Course
64 lessons · 120+ hours· Expert instruction
Related Questions
How exactly do futures margin calls work, and what happens if I can't meet one?
How do you calculate the settlement amount on a Forward Rate Agreement (FRA)?
When should I use Monte Carlo simulation instead of parametric VaR, and how does it actually work?
Parametric VaR vs. Historical Simulation VaR — when does each method fail?
What are the core components of an Enterprise Risk Management (ERM) framework, and how does it differ from siloed risk management?
Join the Discussion
Ask questions and get expert answers.