I respectfully disagree with you.
There is no violation of any kind(strong word to use though). If your cluster has 3xcp-500, a single box can handle all of that. you will run into the issue of over utilizing the box resources. IF and only IF you go up to 1501 unique auth request on one any box in the cluster, then you will get the error I mentioned above.
And if this is truly a "Violation", I suggest you take it up to the product managers and have them take out the pooling of the policy manager license when you cluster cppm. This will guarantee that one box can only do what it was build for.