VaR histogram for derivatives scenario analysis

Market conditions in derivatives trading can change in the blink of an eye. These rapid advances have meant that effective risk management paramount to a firms ability to run and make profits. At KRM22, we see four key problems facing the industry in terms of risk management;

  1. Addressing increased market volatility
  2. A heighted focus on liquidity risk management
  3. Implementing stress testing and scenario analysis
  4. The push to real-time monitoring

Our  comprehensive Trading Risk toolset, delivered through Limits Manager and Risk Manager modules, is a beacon of stability for traders navigating the seas of increased market volatility, liquidity risk management, stress testing, and real-time monitoring.

Addressing Increased Market Volatility

The derivatives market is no stranger to heightened volatility. In the last decade,  this phenomenon has been intensified by a variety of factors such as extreme geopolitical events, economic uncertainties, and sudden market shocks.

Increased market volatility poses a substantial challenge for traders and risk managers, as it can lead to rapid and unpredictable price movements. Traditional risk management systems often struggle to adapt to the accelerated pace and magnitude of these market fluctuations.

Traders need a solution that not only consolidates key risk metrics but also provides a real-time, holistic view of their portfolio’s performance. Without effective risk analytics and margin management, navigating through periods of increased market volatility becomes a daunting task, with the potential for significant financial losses and disruptions to trading strategies.

KRM22’s Risk Manager assists firms with these issues in two key areas;

Combined Risk Analytics

Risk Manager brings together P&L, VaR, Margin, and Stress in a consolidated view. This integration of risk metrics provides traders and risk managers with valuable insights into their portfolio’s performance, helping them navigate the storm of increased market volatility. These metrics can then be combined into a customized risk score, allowing teams to focus on the firms presenting the biggest problems.

Risk-Based Margin Financing

In times of market turbulence, managing margin requirements becomes critical. Risk Manager not only calculates the margin based on exchange requirements but also employs risk-based margin financing. This ensures that traders have a clear understanding of the financial commitments required to weather market storms. KRM22 actively works with all major exchanges to ensure the current methodologies are available.

Heighted Focus on Liquidity Risk Management

Liquidity risk management is a critical concern for derivatives traders, especially during times of market stress. Liquidity risk arises when there is a mismatch between the ability to execute trades and the demand for liquidity. This challenge is amplified in the derivatives space, where products can be highly specialized and liquidity may vary significantly across different instruments.

Traders face the risk of being unable to exit positions at desired prices, leading to increased transaction costs and potential losses. In the absence of centralized and efficient systems for monitoring liquidity exposure across multiple trading platforms, traders may find it challenging to proactively manage and mitigate liquidity risks.

This lack of visibility into liquidity needs and the absence of streamlined workflows for rapid decision-making can impede the ability to seize opportunities or protect against adverse market movements, undermining overall portfolio performance.

Our Limits Manager has been designed to tackle this issue head on.

Centralized Database and Efficient Reporting

Limits Manager centralizes active limits across all trading platforms. This not only streamlines regulatory reporting to individual exchanges but also facilitates real-time monitoring of liquidity exposure. The product search functionality enables immediate identification of liquidity needs across various ISVs, supporting quick decision-making.

Simplified Workflow and Accountability

Customizable workflows ensure accountability in the limit change request process. The system’s audit trail, complete with risk calculations, user remarks, and timestamps, provides an unambiguous record of every action taken. This level of transparency enhances accountability and aids in tracking liquidity risk management decisions.

Stress Testing and Scenario Analysis

Stress testing and scenario analysis are indispensable components of risk management in derivatives trading, serving as the litmus test for a portfolio’s resilience under adverse conditions.

As we have described, the derivatives market is highly sensitive to unexpected events, and stress testing is crucial for assessing how a portfolio would perform under extreme market conditions. Traders need to anticipate and understand the potential impact of significant market movements, black swan events, or sudden economic shifts.

Traditional risk systems may fall short in providing a comprehensive historical lookback and the ability to create risk profiles, leaving traders vulnerable to unforeseen risks. Without the ability to conduct robust stress testing and scenario analysis, traders risk being blindsided by market dynamics, leading to suboptimal decision-making and exposure to heightened financial risks.

Risk Manager has two key areas of functionality aimed at solving this issue

Historical Lookback and Trend Analysis

The At/Post Trade Risk Management module stores all risk calculations in an time series database. This historical lookback capability allows traders to create risk profiles and establish trend analyses. Understanding historical performance equips traders to anticipate and respond to potential future challenges proactively.

Custom Calculations and Ranking

The system empowers users with custom calculations, letting them define their own risk parameters. Rankings, coupled with described actions like notifications or limit changes, enable traders to prioritize and address potential risk scenarios based on their unique strategies and risk tolerance.

Real-time Monitoring

In the fast-paced world of derivatives trading, where milliseconds can make a significant difference, real-time monitoring is the linchpin of effective risk management. The derivatives market operates around the clock, and market conditions can change swiftly. Without timely insights into portfolio performance, traders face the risk of making decisions based on outdated information, exposing them to unnecessary risks. In the absence of a system that facilitates immediate product searches and provides up-to-the-minute risk analytics, traders may struggle to adapt swiftly to changing market dynamics. Real-time monitoring is not merely a convenience but a necessity for derivatives traders aiming to stay ahead of the curve and respond promptly to emerging opportunities or threats in the market. A lack of real-time monitoring capabilities can undermine the agility required to navigate through volatile conditions, potentially resulting in missed opportunities or unintended exposures.

Efficient Limit Change Request Processing

Limits Management ensures efficient processing of limit change requests. This not only aids in real-time decision-making but also supports growth facilitation by reducing the time required for generating essential reports.

Immediate Product Search

The ability to search for individual products across all ISVs in real-time is a game-changer. It allows traders to respond promptly to evolving market conditions and make necessary adjustments to their portfolios.


In conclusion, our Trading Risk tools stand as robust solutions in the face of increased market volatility, liquidity risk, stress testing, and the need for real-time monitoring. By combining technological sophistication with a deep understanding of the challenges inherent in derivatives trading, we are empowering traders to navigate choppy waters with confidence, efficiency, and accountability.

Traditionally, customers have been able to trade on either a Request for quote (RFQ) or a Central Limit Order Book (CLOB) based methodology. Each has different characteristics and nuances, which we are now seeing can apply to a single business.

To accommodate these business, we have redesigned the backplane of Market Surveillance to allow customers to store data and run analytic from multiple methodologies in one system. In addition to RFQ and CLOB, other protocols now supported includes Automated Market Maker (AMM) Exchanges and covers Anonymous Trading and Dark Pool techniques.

By avoiding the need for multiple instances, we can now make significant savings for our user base.

The new Insider Trading V3 is now available. Key improvements are:

Smoothed Price move calculation

The new version now handles outliers where one erroneous message with price significantly away from the average causes false triggers to occur. The delta from average is configurable per instance of the alert.

Grouping Trades and Orders

The V3 alert now groups the total value of all partial fills from a single parent order into a single figure which is then compared to the and the Large Value Threshold. When run against orders, the alert will focus only on unexecuted orders to avoid duplicates. This helps reduce false positives and saves time for compliance analysts.

Alert Suppression

Insider Trading now suppresses alerts where the suspicious trades or orders were at a less profitable price. For example, an early day buy of 10 lots at $100 where the instrument closes at $90. The next day sees a news triggered jumps of 10% ($99). The alert will not trigger because the original price was higher than the news triggered jump and so no profit was made. This functionality is optional and can be turned off to track failed insider trading attempts. Additionally, the alert can be run in the sandbox to assess the effect of turning it on or off against known data.

Potential profit calculation

The alert now makes a calculation of potential profit or avoided loss based on the sum of all the fill price and volumes, as well as the price movement in the market. This calculation can then be compared against a customizable value to give an indication of the scale of the insider trading.

Example of a vendor cyber attack risk screen

In the fast-paced world of capital markets, technology plays a pivotal role in driving innovation, efficiency, and competitiveness. However, with great technological advancement comes the inherent challenge of managing associated risks. Capital markets firms, particularly small and mid-sized enterprises, often grapple with the complex landscape of cybersecurity threats, regulatory compliance, and the need for robust risk management strategies.

The Landscape of Technology Risks

Capital markets firms often have a more complex technology infrastructure, incorporating legacy systems, cloud services, and third-party integrations than other firms of similar size. This together with the ever-evolving cybersecurity threats and intricacies of regulatory compliance leaves firms with the following challenges

  1. Cybersecurity Threats: The sophistication of cyber threats, including malware, phishing, and ransomware attacks, demands a vigilant and proactive defense strategy.
  2. Regulatory Compliance: Navigating the complex web of regulations, such as GDPR, Dodd-Frank, and MiFID II, requires meticulous attention to detail and a commitment to data privacy and reporting accuracy.
  3. Data Governance and Privacy: The increasing importance of data necessitates effective governance and privacy protection measures to meet regulatory requirements and ensure responsible data management.
  4. Resilience and Business Continuity: Firms must enhance their resilience to technology failures, cyber incidents, and other disruptions to maintain business continuity.
  5. Third-Party Risk Management: The reliance on third-party vendors exposes firms to additional risks, requiring robust management processes to ensure security throughout the supply chain.
  6. Insider Threats: Internal employees can pose a significant risk to technology security, whether intentional or unintentional, emphasizing the need for stringent access controls and employee training.
  7. Technology Change Management: The rapid pace of technological change necessitates effective change management processes to minimize risks associated with new technologies or updates.
  8. Data Integration: Capital markets firms often have varying software provides participating in their trade processing and as a result need to ensure that data flows efficiently across systems.

Addressing Technology Risks with Strategic Solutions

In response to these challenges, capital markets firms often turn to technology solutions that offer specialized functionalities aligned with industry best practices and regulatory frameworks. Notably, GRC (Governance, Risk, and Compliance) platforms and various point-to-point solutions play pivotal roles in managing technology risks.

GRC Platforms: Balancing Act for Small and Mid-sized Firms

GRC platforms, renowned for their ability to provide a holistic approach to risk management, compliance, and governance, often present a challenge for small and mid-sized capital markets firms. These platforms, while powerful, can be complex and resource-intensive. The deployment burden, coupled with the potential strain on IT infrastructure and staff resources, raises questions about their practicality for smaller enterprises.

However, these platforms offer undeniable benefits:

  • Streamlined Control Checklists: GRC platforms can streamline control checklists, aligning them with renowned frameworks such as NIST and ISO. This ensures a systematic approach to risk management and compliance.
  • Holistic View: Despite the challenges, GRC platforms provide a holistic view of the risk landscape, allowing firms to integrate various risk factors and compliance requirements into a comprehensive strategy.
  • Cost-Effective Scalability: While the initial deployment may pose challenges, GRC platforms can offer scalability and adaptability, making them cost-effective solutions in the long run as firms grow.

Point-to-Point Solutions: Targeted Solutions for Immediate Needs

Even for those firms capable of running large GRC platforms, they need to be augmented with point-to-point solutions. These solutions are designed to address specific challenges, however, they come with trade-offs:

  • Specialized Focus: Point solutions excel at solving immediate problems, offering specialized functionalities such as cybersecurity, data protection, and change management.
  • Lack of Holistic View: The challenge lies in their inability to provide a holistic view of the entire risk management framework. They may not inherently highlight interdependencies between different functional areas.
  • Incremental Integration: Smaller firms often adopt a phased approach, implementing specific point solutions to address immediate pain points and gradually integrating them into a more cohesive risk management framework.

The Risk Cockpit: Navigating the Middle Ground

The KRM22 Risk Cockpit is a technology platform designed to offer an alternative to the current approach for technology risk management. It sits alongside existing GRC and point-to-point solutions, augmenting them by giving a single point to monitor and control data.

Let’s delve into its key features and benefits:

Streamlining Control Checklists:

  • Kanban Boards: The Risk Cockpit introduces Kanban Boards, facilitating the efficient movement of tasks through defined processes. This feature enhances the organization’s ability to manage and streamline control checklists, aligning them with NIST and ISO frameworks.
  • Recurring Tasks: The system incorporates the management of recurring tasks, ensuring that regular control checks are performed systematically.

Monitoring Risk Exposure:

  • Data Integration: The Risk Cockpit supports the integration of data from disparate sources, covering various risk categories. This feature provides a comprehensive view of the organization’s risk landscape.
  • Metric Scoring: Metrics are scored according to the business risk appetite, allowing for prioritization and focused attention on areas with higher risk.
  • Automated Event Creation: Rapid reaction to risk events is enabled through automated event creation, improving the organization’s responsiveness.

Reducing the Cost of Audit:

  • Out of the Box and Custom Dashboards: The Risk Cockpit offers pre-built and customizable dashboards to display audit information. These dashboards provide a clear and accessible overview of the audit landscape.
  • Custom Dashboards for Reporting: The system simplifies the process of producing risk and control reports with custom dashboards, contributing to more efficient and cost-effective audit processes.
  • Auditor Logins: The flexibility to provide logins to auditors enables them to drill down into data, ensuring a thorough and effective audit process.

Conclusion: Striking the Right Balance

In navigating technology risks, capital markets firms must strike a balance between the need for comprehensive risk management and the practical constraints of their size and resources. The Risk Cockpit, with its focus on aligning control checklists, monitoring risk exposure, and reducing audit costs, exemplifies a strategic middle ground.

Capitalizing on features such as Kanban Boards, recurring tasks, data integration, metric scoring, and automated event creation, The Risk Cockpit offers a tailored approach to risk management. While GRC platforms may be daunting for smaller firms and point solutions lack a holistic view, The Risk Cockpit emerges as a promising solution, providing the right balance between functionality and practicality.

In the dynamic realm of capital markets, where technology risks are omnipresent, strategic solutions that empower organizations to streamline processes, monitor risks effectively, and optimize audit costs are essential for sustained success. The Risk Cockpit, embodying these principles, represents a noteworthy step toward a resilient and secure future for capital markets firms of all sizes.

As we discussed in our recent blog, Capital Markets firms are increasingly focused on making data protection a top priority. They have recognised increased reliance on technology to drive innovation and efficiency comes hand in hand with escalating cybersecurity threats. In the European Union (EU), stringent data protection regulations like the General Data Protection Regulation (GDPR) and the Digital Operational Resilience Act (DORA) set the benchmark for safeguarding sensitive information. Central to meeting these regulations is adherence to a known framework such as SOC2.

SOC2, or Service Organization Control 2, is a framework designed by the American Institute of Certified Public Accountants (AICPA) to ensure that service providers securely manage data to protect the interests and privacy of their clients. While SOC2 originated in the United States, its global relevance has grown, especially with the increasingly interconnected nature of businesses and the borderless digital environment.

One of the primary reasons SOC2 is gaining prominence is its alignment with the core principles of EU regulations, particularly GDPR. SOC2, with its focus on data security and privacy controls, serves as a complementary framework that aids organizations in meeting GDPR’s stringent standards.

The SOC2 framework consists of five Trust Service Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. Each criterion addresses specific aspects of data management and protection, making SOC2 a comprehensive approach to cybersecurity.

The Security criterion, for example, emphasizes the need for robust access controls, encryption, and monitoring to safeguard sensitive data. In the context of GDPR, this aligns seamlessly with the regulation’s requirement for implementing appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

At KRM22, we have taken our steps to meet our obligations to data protection since foundation. We appointed a DPO to give our customers confidence that we address GDPR in an appropriate manner, and have a CISO to manage information security as a whole. Alongside this, we built our processes to be SOC2 compliant from day one. This culminated in us achieving our first successful audit three years ago. This month we have completed our 2022/23 audit, and have passed again.

Not only do we give cybersecurity the respect it deserves, but we practice what we preach. We use our Risk Cockpit software to manage our entire SOC2 audit process. By tracking regular tasks and processes in the Risk Cockpit, we are able to extract evidence for our auditors simply and quickly. This year, this has led to us not receiving any clarification requests, a first for our audit process. Our auditors have commented at how much they appreciate this level of accuracy and tracking.

In conclusion, as organizations navigate the intricate landscape of cybersecurity and EU regulations, SOC2 emerges as a beacon of assurance and compliance. KRM22’s Risk Cockpit has been built to assist firms manage these process. Talk to us about how we can help you with your SOC2 and other framework management.