Risk controls are the hard boundaries that automated strategies cannot override without explicit human approval. They cap exposure, halt trading after losses, and block orders that violate venue or portfolio rules. In bot infrastructure, risk is not an afterthought layered on signals—it is a parallel gate that every order must pass.
Position and exposure limits
Per-symbol caps prevent any single asset from dominating the portfolio. Notional limits, quantity limits, and percentage-of-equity limits each address different failure modes.
Gross and net exposure limits control total long minus short risk across the book. A strategy may be flat on direction yet heavily levered if gross limits are ignored.
Concentration limits restrict correlated clusters: multiple alt pairs driven by the same macro factor can breach intent even when each pair is individually within cap.
Limits should be enforced pre-trade with headroom for partial fills and pending orders. Checking only after fill confirmation arrives too late to prevent overshoot.
- Per-symbol caps — max notional or quantity per instrument
- Gross/net limits — total long-plus-short and directional exposure
- Cluster limits — correlated groups treated as one bucket
- Pre-trade enforcement — includes pending and partial order state
Stop logic and loss budgets
Hard stops exit positions at predefined price or loss levels. Soft stops trigger review or size reduction before the hard boundary is reached.
Daily and weekly loss budgets halt new risk-increasing trades once drawdown thresholds are hit. They do not guarantee recovery but prevent emotional escalation coded into automation.
Trailing stops adjust with favourable movement but require clear rules for gap opens and illiquid sessions where stop prices cannot be honoured.
Stop logic must interact safely with order types: a stop-market in a thin book can fill far from the trigger. Consider limit offsets and maximum slippage tolerances.
Circuit breakers and kill switches
Circuit breakers pause trading after consecutive errors, abnormal slippage, or data quality failures. They convert runaway automation into a controlled halt.
Kill switches cancel open orders and block new submissions immediately. They should be reachable from operations consoles and not depend on the same process that is failing.
Graduated responses reduce size before full halt: first widen filters, then block entries, then flatten selectively, then full stop. Binary on-off is simpler but can be costly if triggered by brief glitches.
Test breaker triggers in simulation and fire drills. Untested switches often fail when credentials expire or network paths differ under stress.
Pre-trade checks and order validation
Every order should pass validation for minimum size, tick size, maximum leverage, and available margin before submission. Rejected orders at the venue are expensive in latency and information leakage.
Duplicate order detection uses client order IDs and idempotent submission handlers. Retries after timeout must not double exposure.
Fat-finger guards compare requested size and price against recent market ranges. Orders far from mid should require secondary confirmation or auto-reject.
Rate limiters protect API keys and prevent ban-triggering bursts during reconciliation loops or bug-induced spam.
Monitoring, audit, and governance
Risk events—limit breaches, stop triggers, breaker activations—should emit alerts with context: symbol, intended size, reason code, and operator action taken.
Immutable audit logs support post-incident review and regulatory inquiry. Tamper-evident storage is preferable to editable spreadsheets.
Role-based access separates who can change limits from who can deploy strategy code. Emergency overrides require authentication and automatic log entry.
Periodic risk committee review validates that limits still match strategy mandate and capital base. Static limits drift out of relevance as portfolios evolve.
- Alerting — every breach and halt with structured context
- Audit trail — immutable, timestamped risk decisions
- Access control — separate limit changes from code deploy
- Periodic review — limits versus mandate and capital
Risk controls turn automation from open-loop hope into bounded operation. Position limits, stops, and circuit breakers should block bad orders before they reach the market—not explain losses afterward.