Risk Management in Quantitative Trading
## The Foundation of Sustainable Returns
In quantitative trading, generating positive returns is only half the battle. The other half—arguably the more important half—is managing the risks inherent in trading strategies. A strategy that generates 50% annual returns but carries a significant probability of catastrophic loss is far less valuable than one generating 20% with controlled drawdowns.
At Hilbert Trading, risk management is not a compliance function or an afterthought. It is fundamental to our identity as a trading firm. Our risk framework shapes every strategy we deploy, every position we take, and every piece of infrastructure we build.
Understanding Risk in Crypto Markets
Unique Characteristics
Cryptocurrency markets present risk management challenges beyond those in traditional finance:
24/7 Trading: Markets never close. A risk event at 3 AM on a Sunday requires the same response capability as one during business hours.
Extreme Volatility: Daily moves of 10%+ are not uncommon. Weekly moves of 30%+ occur multiple times per year. Position sizing must account for this volatility.
Market Structure Fragmentation: Liquidity is spread across dozens of venues with varying reliability. Counterparty risk extends beyond traditional considerations.
Protocol Risk: DeFi positions carry smart contract risk—the code may contain bugs or vulnerabilities that could result in total loss.
Regulatory Uncertainty: The regulatory environment continues to evolve, creating legal and compliance risks that are difficult to quantify.
Tail Risk
Cryptocurrency markets exhibit pronounced tail risk—the probability of extreme events is higher than normal distributions would suggest. The March 2020 COVID crash, the May 2021 deleveraging cascade, the November 2022 FTX collapse—these events occur with concerning regularity.
Any risk framework that doesn't explicitly account for tail events is incomplete. We stress test all strategies against historical extreme scenarios and hypothetical events beyond observed history.
Our Risk Management Framework
Position-Level Controls
Size Limits: Every position has maximum size constraints, typically expressed as a percentage of strategy capital and as a percentage of market liquidity. We will not take positions large enough that unwinding them would move the market significantly.
Concentration Limits: No single position dominates the portfolio. Even our highest conviction trades are limited to prevent any single loss from being catastrophic.
Loss Limits: Positions have defined stop-loss levels. If a position loses more than its threshold, it is automatically reduced or closed regardless of conviction.
Exposure Monitoring: Net exposure is monitored continuously. Delta, gamma, and other risk metrics are calculated in real-time across all positions.
Strategy-Level Controls
Drawdown Limits: Each strategy has maximum drawdown thresholds. When reached, the strategy reduces risk automatically. Severe drawdowns trigger human review before resumption.
Correlation Monitoring: We track correlations between strategies and adjust allocations to avoid excessive concentration in correlated return sources.
Capacity Management: Strategies have defined capacity limits based on market liquidity. We will not scale strategies beyond their ability to execute efficiently.
Performance Attribution: We continuously decompose returns into expected sources. Unexpected return sources trigger investigation—they may represent hidden risks.
Firm-Level Controls
Aggregate Exposure: Total firm exposure is monitored across all strategies and accounts. Firm-wide limits ensure that even if multiple strategies take similar positions, aggregate risk remains controlled.
Counterparty Limits: We limit exposure to any single exchange, custodian, or protocol. The FTX collapse validated the importance of counterparty diversification.
Liquidity Management: We maintain sufficient liquid reserves to meet margin calls, seize opportunities, and survive extended market dislocations.
Operational Controls: Trading system access is controlled. Changes require review. Disaster recovery procedures are documented and tested.
Quantitative Risk Metrics
Value at Risk (VaR)
We calculate VaR across portfolios using multiple methodologies:
Historical VaR: Based on actual historical returns. Simple but may not capture risks not present in historical data.
Parametric VaR: Based on assumed return distributions. Allows for stress scenarios beyond historical experience but requires assumptions about distributions.
Monte Carlo VaR: Simulates many possible scenarios to estimate potential losses. Most flexible but computationally intensive.
We emphasize that VaR has known limitations—it tells you the loss you will not exceed 95% or 99% of the time, but says nothing about how bad the 1% or 5% of cases might be.
Expected Shortfall
Expected Shortfall (Conditional VaR) addresses VaR's limitations by measuring the expected loss given that you are in the tail. If your 99% VaR is $1M, your Expected Shortfall might be $2M—the average loss in the worst 1% of scenarios.
This metric better captures tail risk and is our preferred measure for position sizing.
Maximum Drawdown
Historical maximum drawdown—the largest peak-to-trough decline—is a key metric for strategy evaluation. We target strategies with controlled maximum drawdowns and track drawdown in real-time against limits.
Sharpe and Sortino Ratios
Risk-adjusted return metrics like Sharpe ratio (excess return per unit of volatility) and Sortino ratio (excess return per unit of downside volatility) help us compare strategies on a level playing field.
We are skeptical of high Sharpe ratios in backtest—they often reflect overfitting rather than genuine alpha. Live track records with lower but stable risk-adjusted returns are more valuable than backtests showing 5+ Sharpe.
Operational Risk Management
System Redundancy
Our trading infrastructure has no single points of failure:
Multiple Data Feeds: We subscribe to multiple market data sources and detect discrepancies automatically.
Failover Systems: If primary trading systems fail, backup systems can assume operations. Regular failover tests verify functionality.
Geographic Distribution: Critical infrastructure is distributed across multiple data centers and cloud regions.
Process Controls
Change Management: All code changes go through review and testing before production deployment. Changes during volatile markets require additional approval.
Incident Response: Documented procedures exist for common incident types. Post-mortems follow significant incidents to identify improvements.
Access Control: System access follows least-privilege principles. Privileged actions require multiple approvals.
Human Factors
Risk management is not purely technical. Human factors matter:
Alert Fatigue: Too many alerts lead to ignored alerts. We calibrate alerts to be actionable.
Stress and Decision-Making: Humans make poor decisions under stress. Automated responses handle time-sensitive risk events; humans make strategic decisions with adequate time.
Communication: Clear communication protocols ensure the right people are informed of risk events. Escalation paths are defined and followed.
Scenario Analysis and Stress Testing
Historical Scenarios
We stress test strategies against historical events:
- March 2020 COVID crash
- May 2021 leveraged cascade
- November 2022 FTX collapse
- UST depeg (May 2022)
- 3AC contagion
For each scenario, we ask: How would our current portfolio have performed? Would losses have breached limits? Would we have had sufficient liquidity?
Hypothetical Scenarios
Historical scenarios are insufficient—the next crisis will be different. We also test against hypothetical scenarios:
- Major stablecoin depeg (USDT, USDC)
- 50%+ single-day decline in BTC
- Coordinated exchange failures
- Major protocol exploits affecting our positions
- Regulatory shutdown of major venues
These scenarios help us identify risks that historical data doesn't capture.
Learning from Failures
Industry Lessons
The cryptocurrency industry has provided abundant lessons in risk management failures:
Three Arrows Capital: Concentrated, leveraged directional bets without adequate hedging. Position sizing was excessive for the risk involved.
FTX/Alameda: Commingled customer funds, inadequate risk controls, fraudulent reporting. Counterparty risk realized catastrophically.
Terra/Luna: Algorithmic stablecoin design with reflexive failure mode. Model risk—the system worked until it didn't.
We study these failures not to criticize but to learn. Every failure reveals risks that may exist in our own operations.
Our Failures
We have made mistakes. Every trading firm has. What matters is response:
- Immediate action to limit damage
- Honest assessment of what went wrong
- System improvements to prevent recurrence
- Documentation for institutional learning
We maintain an internal database of our own incidents and the lessons learned from each.
The Culture of Risk
Risk management is not a department—it's a culture. At Hilbert Trading:
Everyone Owns Risk: From traders to engineers to operations, everyone understands and is responsible for managing risk within their domain.
Speak Up: Anyone can raise concerns about risk. There is no penalty for being too cautious.
Transparency: Risk metrics are widely shared internally. Everyone knows the firm's current exposure.
Continuous Improvement: Risk management is never "done." We continuously review and improve our framework.
Conclusion
Sustainable success in quantitative trading requires exceptional risk management. Alpha generates returns; risk management preserves them. The graveyard of trading firms that generated impressive returns before catastrophic failure reminds us that risk cannot be ignored.
At Hilbert Trading, our risk framework is our competitive advantage. It allows us to pursue opportunities that others cannot—because we understand and control the risks involved. It allows us to survive market dislocations that eliminate less prepared competitors. It allows us to compound returns over years rather than giving back gains in a single catastrophic event.
Risk management is not about avoiding risk—it's about understanding, measuring, and deliberately choosing which risks to take. We take calculated risks every day. But we know what we're risking, and we know what we could lose.