The Assumptions Hidden Inside Risk Frameworks
Part 2 - Most organisations didn't miss the concentration because they lacked information. They missed it because their frameworks were built for a world that no longer exists — and the assumptions holding that worldview in place were never written down, never reviewed, and never questioned.
📊 EMERGING RISKS SERIES: The Chokepoint Fallacy — Post 2 of 4
This is Post 2 of "The Chokepoint Fallacy" — a series on how global systems quietly concentrated risk while organisations assumed the opposite.
Post 1 examined how concentration happened structurally. This post examines why frameworks weren't built to see it.
Every framework begins as a response to a specific problem, in a specific moment, under specific conditions.
The enterprise risk frameworks most large organisations rely on today were largely built — or expanded — during a period that, in retrospect, had unusual properties. Trade was expanding. Supply chains were lengthening — and performing, by most measures. Geopolitical relationships between major economies were managed through institutions and incentives that made sustained disruption to global commerce costly for everyone involved. The system wasn’t frictionless, but it was broadly stable.
In that environment, the frameworks worked. They were calibrated correctly for the conditions they were designed to operate in. The stress tests asked sensible questions. The scenarios reflected plausible outcomes. The assumptions were reasonable.
The conditions changed. The frameworks didn’t.
The assumptions stayed quietly embedded in the architecture.
Frameworks don’t update themselves. They answer the questions they were built to ask, using the logic they were given when they were constructed. The problem isn’t that they failed. The problem is that nobody asked whether they still applied.
What the Frameworks Assumed
Risk frameworks don’t arrive neutral. They arrive pre-loaded.
Every model carries embedded propositions about how the world works — about which variables matter, which relationships are stable, which conditions can be treated as fixed. These propositions are rarely written down explicitly. They don’t appear in methodology documents or governance charters. They live in the structure of the model itself: in what it measures, what it aggregates, what it treats as background rather than variable.
Frameworks built during the long stability of the 1990s and 2000s embedded three propositions that have since proved costly.
The first was route availability. Major trade corridors would remain functionally open. Disruption was modelled as temporary — a weather event, a port strike, a short-term political friction — not as a structural condition. The framework asked: how long is the disruption? It did not ask: what if the route itself becomes unreliable as a category?
The second was insurance continuity. Specialist markets would remain willing to price and bear risk on standard terms. The assumption wasn’t that nothing would go wrong. It was that when things went wrong, the financial architecture for managing that would remain intact. War risk premiums, coverage exclusions, market withdrawal — these were edge cases, not scenarios.
The third was institutional alignment. Geopolitical actors, whatever their differences, shared a baseline interest in maintaining the conditions for global commerce. Trade would remain, broadly, a shared interest. This wasn’t naïve — it was a reasonable reading of decades of evidence. It was also, quietly, a bet on a specific kind of international order that has since become considerably less stable.
None of these propositions were stated. None were reviewed. They were simply assumed — because for a long time, they were true.
Why Nobody Asked
Understanding why the assumptions went unexamined requires understanding the incentive structure around framework maintenance.
Questioning a risk framework’s foundations is not a straightforward professional act. It requires asserting that the model your organisation has built its governance around — the model that has been signed off by committees, validated by auditors, presented to boards — is operating on premises that may no longer hold. That is a significant claim. It carries significant professional weight.
The people best positioned to raise it are usually the people with the most to lose by raising it. Senior risk professionals who inherited frameworks from their predecessors have limited incentive to declare those frameworks structurally compromised. The professionals who built the frameworks have even less. Boards and audit committees, who have been receiving assurance based on those frameworks for years, are rarely positioned to question the epistemological foundations of the tools they’ve been relying on.
This isn’t a story about bad actors or professional negligence. It’s a story about rational behaviour inside an institutional structure that wasn’t designed to encourage foundational self-questioning. The incentives pointed toward refinement — better data, tighter parameters, more sophisticated scenario modelling — not toward the harder question of whether the model’s operating assumptions still reflected the world.
Refinement is visible. It produces reports, updates, presentations. Foundational questioning is slow, disruptive, and produces uncertainty before it produces clarity. In most governance environments, uncertainty is not a product that travels well.
What the Models Couldn’t See
Even if the incentives had encouraged review, there was another problem waiting underneath.

Models measure what is legible. They aggregate what can be counted, tracked, and compared across time. Volatility is legible. Frequency is legible. Historical loss data is legible. These are the variables that enterprise risk frameworks were built to process, and they process them with genuine sophistication.
Structural dependency is not legible in the same way.
The fact that a significant portion of global LNG moves through a small number of maritime corridors does not appear as a variable in most enterprise risk models. It appears, if at all, as a background condition — something assumed to be stable, not something measured as a risk in its own right. The concentration isn’t captured because the model wasn’t designed to see it. It was designed to capture events within a stable system, not questions about the system’s stability itself.
I’ve watched technically excellent risk teams produce genuinely sophisticated output — granular, well-evidenced, defensible in any governance forum — while the structural dependency they were most exposed to sat entirely outside the model’s field of view. Not because they were careless. Because the model was measuring the right things for the wrong world.
This is the legibility trap. The more precise the model, the more confident the organisation becomes in what it can see. And the more confident it becomes in what it can see, the less attention it pays to what the model was never designed to find.
Concentration risk lives in the second category. It always has.
Every framework begins as a response to a specific problem, in a specific moment, under specific conditions.
The frameworks that encoded a stable world weren’t wrong to do so. They were right for the world they were built in. The question that wasn’t asked — and that most organisations still aren’t asking — is whether that world still exists.
I’ve sat in enough governance reviews to know how this conversation usually ends. Someone flags that the model doesn’t capture a particular exposure. There’s acknowledgement, occasionally genuine concern. A working group is proposed. The agenda moves on. The model doesn’t change — because changing the model means questioning the assumptions the model was built on, and questioning those assumptions means revisiting decisions that were made by people who are still in the room.
That is not incompetence. It is a completely rational institutional response to a structurally difficult problem.
But rational institutional responses can accumulate into systemic blind spots. And the blind spot at the centre of this particular failure is significant: the frameworks that were supposed to surface concentration risk were themselves products of the concentrated worldview they were meant to examine. They couldn’t see the problem because the problem was partly inside them.
Frameworks are designed to answer questions. They are not designed to question themselves.
That is what the next disruption will exploit: not a gap in the model, but the model’s foundations.
📌 Key Takeaways:
1️⃣ Risk frameworks don't arrive neutral. They arrive pre-loaded with propositions about which variables matter, which relationships are stable, and which conditions can be treated as fixed.
2️⃣ The frameworks most organisations rely on today encoded three assumptions that have since expired: that major trade routes would remain open, that insurance markets would price risk on normal terms, and that geopolitical actors shared a basic interest in maintaining global commerce.
3️⃣ The incentive structure around framework maintenance points toward refinement, not foundational questioning. Refinement is visible. Foundational questioning produces uncertainty before it produces clarity.
4️⃣ Models measure what is legible. Structural dependency is not legible in the same way as volatility or frequency — so it sits outside the model's field of view, not because of carelessness, but because of design.
5️⃣ The legibility trap: the more precise the model, the more confident the organisation becomes in what it can see — and the less attention it pays to what the model was never designed to find.
Frequently Asked Questions
For readers seeking quick answers about risk framework assumptions and institutional blind spots:
Why do risk frameworks stop reflecting the real world?
Frameworks are built for a specific moment under specific conditions. When conditions change, the framework doesn't update automatically — it continues answering the questions it was built to ask. The assumptions embedded at construction stay in the architecture unless someone explicitly revisits them. In most governance environments, that review never happens.
What assumptions did enterprise risk frameworks get wrong about global supply chains?
Three assumptions have proved particularly costly: that major trade routes would remain functionally open, that specialist insurance markets would continue pricing risk on standard terms, and that geopolitical actors shared a baseline interest in maintaining global commerce. None of these were stated explicitly in methodology documents. They were embedded in what the frameworks measured — and what they didn't.
Why don't organisations update their risk frameworks more frequently?
The incentive structure around framework maintenance favours refinement over foundational review. Refinement produces visible outputs — updated reports, tighter parameters, better data. Foundational questioning produces uncertainty before it produces clarity, and uncertainty is not a product that travels well in governance environments. The people best positioned to raise foundational concerns are often those with the most to lose professionally by raising them.
What is the legibility trap in risk management?
The legibility trap describes how model precision creates false confidence. Models measure what is legible — volatility, frequency, historical loss data. Structural dependency, including supply chain concentration, is not legible in the same way. The more sophisticated the model becomes at measuring legible variables, the more confident the organisation becomes in its overall risk picture — and the less attention it pays to structural exposures the model was never designed to capture.
How should organisations identify assumptions hidden inside their risk frameworks?
The starting point is examining what the framework treats as fixed rather than variable — the background conditions it assumes rather than measures. For supply chain and geopolitical risk, the questions to ask include: what does this framework assume about route availability, insurance market function, and institutional stability? When were those assumptions last reviewed? And what would the framework fail to see if any one of them no longer held? Later posts in this series develop a structured approach to exactly this diagnostic.
Next in The Chokepoint Fallacy
The Shock Didn't Land Where Anyone Was Watching
The organisations under most pressure weren't the ones with direct exposure. The damage travelled differently. Publishing June 23.
The most dangerous assumption isn't the one you made carelessly. It's the one you made carefully — and then forgot to revisit.