What is the difference between a risk appetite statement and a risk limit?
A core Risk & Compliance interview question — asked in analyst and associate interviews across IB, PE, and the Big 4.
THE SHORT ANSWER
A risk appetite statement is a high-level, qualitative expression of the amount and type of risk an organization is willing to take to achieve its strategic objectives. For example, 'We will not tolerate any regulatory breaches.' A risk limit is a quantitative, granular threshold that operationalizes the risk appetite, such as a maximum VaR of $10 million or a maximum concentration limit to a single counterparty. Limits are specific, measurable, and monitored against actual exposures.
WHAT INTERVIEWERS LISTEN FOR
- ✓Risk appetite: high-level, qualitative, strategic
- ✓Risk limit: quantitative, granular, operational
- ✓Limits enforce appetite
- ✓Example: VaR limit vs. 'low risk' appetite
COMMON MISTAKES
- ✗Treating them as interchangeable
- ✗Describing limits as qualitative
Reading isn't the same as answering under pressure.
Interviewers don't hand you the model answer — you deliver yours on a clock. Practice this and 1,000+ questions with AI feedback on every answer.
RELATED QUESTIONS
- Explain the COSO ERM framework.
- Explain risk appetite versus risk tolerance.
- What is the primary purpose of the ICAAP under Basel?
- Explain the three lines of defense model and its role in risk management.
- What is the purpose of the ICAAP under Basel?
- What is the difference between the LCR and the NSFR, and what does each one protect against?