Skip to content

Risk Policy

Governing Principles

  1. No trade without explicit thesis and quantified edge
  2. No exposure without portfolio context
  3. No scaling without validation
  4. No autonomy without hard kill-switches and auditability
  5. Risk is a governing function, not a support function

Mandatory Controls

Kill Switches

  • Daily loss limit — Hard stop when cumulative daily P&L exceeds threshold
  • Rolling drawdown — Hard stop when peak-to-trough drawdown exceeds maximum
  • Execution anomaly — Hard stop on severe fill/reconciliation discrepancies

Position Controls

  • Maximum position size (fraction of NAV per instrument)
  • Maximum strategy allocation caps
  • Concentration limits across correlated assets

Exposure Controls

  • Gross exposure ceiling (sum of all absolute position values / NAV)
  • Net exposure limits (long exposure - short exposure)
  • Leverage ceiling enforced before order submission

Liquidity Controls

  • Minimum liquidity score required for order approval
  • Liquidity-aware position sizing (reduce size in thin markets)

Auto-Deleveraging

  • Triggered when exposure or leverage exceed warning thresholds
  • Generates reduce-only orders to bring exposure within limits

Enforcement

The execution stack rejects any order that lacks a valid risk approval token generated by the centralized risk engine. The token is an HMAC-SHA256 signature over the order parameters with a 5-minute TTL.

Order → Risk Engine → [APPROVE + HMAC Token] → OMS → Exchange
                   → [REJECT + Reasons]      → Event Store

Configuration

Risk parameters are configured in config/risk.yaml:

risk:
  max_drawdown: 0.05          # 5% rolling drawdown limit
  max_leverage: 3.0           # 3x leverage ceiling
  max_position_weight: 0.10   # 10% of NAV per position
  max_gross_exposure: 1.5     # 150% gross exposure limit
  min_liquidity_score: 0.3    # Minimum liquidity for approval
  kill_switch_loss: 0.03      # 3% daily loss triggers kill switch

Monitoring

Risk events are: - Logged as structured JSON with severity levels (INFO, WARNING, CRITICAL) - Persisted to the EventStore for audit trail - Exposed as Prometheus metrics (ais_risk_rejections_total, ais_kill_switch_triggers_total) - Forwarded to Alertmanager for notification dispatch