Answers / Risk & Compliance

Explain risk appetite versus risk tolerance.

A core Risk & Compliance interview question — asked in analyst and associate interviews across IB, PE, and the Big 4.

THE SHORT ANSWER

Risk appetite is the board-level, mostly qualitative statement of how much and what types of risk the organization is willing to take in pursuit of its strategy — the high-level 'how far we'll go'. Risk tolerance (often expressed as risk limits) translates that appetite into specific, quantified operational boundaries per risk category — e.g., NPL ratio ≤ 3%, a VaR limit, a single-name concentration cap, a minimum liquidity buffer. So appetite is strategic and directional; tolerance/limits are the measurable thresholds that operationalize it and that the first line actually manages against, with breaches escalated. The chain runs appetite → tolerance/limits → monitoring/KRIs → escalation. The common confusion is conflating the two: a risk appetite statement without quantified limits is unactionable, and limits without a clear appetite are arbitrary. Both must link back to strategy and be reviewed as conditions change.

WHAT INTERVIEWERS LISTEN FOR

  • Appetite: board-level, qualitative, strategic 'how much risk'
  • Tolerance/limits: quantified operational thresholds per risk type
  • Chain: appetite → limits → monitoring/KRIs → escalation
  • Appetite without limits is unactionable; limits without appetite arbitrary

COMMON MISTAKES

  • Conflating appetite and tolerance
  • Appetite statement with no quantified limits
  • Limits not linked to strategy/appetite

Reading isn't the same as answering under pressure.

Interviewers don't hand you the model answer — you deliver yours on a clock. Practice this and 1,000+ questions with AI feedback on every answer.

TRY QUICKFIRE →Or train full Risk & Compliance case simulations →

RELATED QUESTIONS