What are the key components of a risk appetite statement and how does it differ from risk tolerance and risk capacity?

A Risk Appetite Statement (RAS) is a formal board-level document that articulates the types and aggregate level of risk a firm is willing to accept in pursuit of its strategic objectives. It's one of the most important governance documents in modern risk management.

The Hierarchy: Capacity → Appetite → Tolerance → Limits

Practical Distinctions:

Components of a Good RAS:

1. Qualitative Statement — 'We accept moderate credit risk in investment-grade lending but avoid speculative-grade concentrated exposures.'
2. Quantitative Metrics — Maximum VaR, loss tolerance as percentage of capital, target credit rating, minimum liquidity buffers
3. Risk Types Covered — Credit, market, operational, liquidity, reputational, strategic
4. Linkage to Strategy — Explains why the firm accepts certain risks (e.g., 'we accept emerging market FX risk because our growth strategy targets Southeast Asian corporate lending')
5. Escalation Procedures — What happens when metrics breach appetite levels
6. Board Approval and Review Cycle — Annual review with interim updates for material changes

Why the RAS Matters for FRM:

The RAS connects risk management to governance. Without it, risk limits are set in a vacuum — traders might operate within their VaR limits while the aggregate firm exposure exceeds what the board intended. The RAS ensures top-down alignment from strategic objectives to trading desk limits.

Exam Tip: FRM I questions often test whether you can distinguish between capacity, appetite, and tolerance, and identify which governance body (board vs management vs risk committee) is responsible for setting each.

Explore risk governance frameworks in our FRM study resources.