Managing Risk

The smallest element on the CIRE by mark count, but tested every sitting. Covers risk categories (market, credit, liquidity, operational, regulatory, reputational), basic risk measures, and the risk-management context for a registered representative making recommendations to retail clients.

Rules tested:CIRO Rule 3401CIRO Rule 3110

Start free CIRE mock exam See pricing — $29.99/mo All 9 element dashboards

Risk categories

Market risk: losses from movements in equity prices, interest rates, FX, commodities.
Credit risk: counterparty fails to perform; bond issuer defaults; OTC derivatives counterparty risk.
Liquidity risk: cannot sell at expected price within expected time.
Operational risk: process, people, systems, or external events.
Regulatory risk: rule changes increase compliance burden or restrict activity.
Reputational risk: harm to brand from conduct or external events.

Risk measures

Standard deviation: dispersion of returns; total risk proxy.
Beta: sensitivity to market movements; systematic risk.
VaR (Value at Risk): worst expected loss at a given confidence level over a horizon.
Sharpe ratio: risk-adjusted return.
Duration: interest-rate sensitivity for bonds.

Risk management techniques

Diversification: across asset classes, sectors, geographies.
Hedging: offsetting position to reduce specific risk (puts for downside, futures for FX).
Stop-loss orders: discipline-based loss limit.
Asset allocation review: ongoing adjustment as risk profile changes.
Insurance: explicit risk transfer (segregated funds for creditor protection).

Client risk profiling

Risk tolerance: willingness to accept risk (psychological).
Risk capacity: ability to absorb loss (financial).
Both factors required under modernized KYC (Rule 3401).
Risk profile drives the recommended asset allocation, not the other way around.
Material change in client circumstances = re-assess both tolerance and capacity.

Firm-level risk and compliance

Three lines of defence: business operations (1st), risk and compliance (2nd), internal audit (3rd).
Capital adequacy: CIRO sets minimum capital requirements for dealer members.
Daily capital adequacy testing; firm at risk if below threshold.
Business continuity planning: documented response to operational disruption.

Exam traps

Trap:Confusing risk tolerance with risk capacity in KYC.Fix:Tolerance = psychology. Capacity = math (income, net worth, time horizon, dependents).
Trap:Assuming diversification covers systematic risk.Fix:Diversification reduces unsystematic only. Hedging or asset allocation away from equities is required for systematic risk reduction.
Trap:Treating VaR as a worst-case loss number.Fix:VaR = loss at a given confidence (e.g., 95%). 5% of the time the loss can be worse.

Memory hooks — Element 9

Ciroexam · CIRE 2026

→6 risk categories: market, credit, liquidity, operational, regulatory, reputational
→Standard dev = total · Beta = systematic
→VaR = worst expected loss at confidence level
→Tolerance = willingness · Capacity = ability
→3 lines of defence: ops → risk/compliance → audit
→Duration = bond interest-rate sensitivity