The Epistemic Risk of Risk: A Modal Framework for Quantitative Risk Management

TL;DR

This paper introduces a modal epistemic framework for risk management that distinguishes between risk claims and the stances towards them, addressing epistemic gaps and governance principles.

Contribution

It develops a formal modal logic for risk epistemology, separating object-level risk claims from meta-level diagnostics to improve governance and decision-making.

Findings

Introduces modal semantics for assurance and commitment

Identifies epistemic gaps as risk-relevant

Proposes an architectural approach to risk diagnostics

Abstract

Risk governance is not only about identifying and measuring adverse states of the world. It also asks when an institution is entitled to rely on a risk claim. This paper introduces modal epistemic tools for that second layer of QRM. For a risk proposition $p$, $Kp$ denotes assurance-grade endorsement for certification, audit reliance, board sign-off, or regulatory reporting. By contrast, $Bp$ denotes working commitment: a disciplined action-guiding stance under incomplete assurance. The framework distinguishes object-level risk claims from stances toward them. It develops crisp and fuzzy modal semantics for assurance, working commitment, live possibility, non-exclusion, hesitation, and epistemic inconsistency. The central diagnostics are \[ p\wedge\neg Kp \qquad\text{and}\qquad p\wedge\neg Bp, \] which identify cases in which a risk is present but lacks the relevant stance. Thus QRM should model not only hazards and losses, but also evidential incompleteness, model risk, validation gaps, and failures of escalation. Two governance principles motivate the analysis. The Risk Management Principle says that if $p$ is a risk, then the absence of the relevant stance, $p\wedge\neg Mp$, is itself risk-relevant. The Risk Reach Principle says that real and decision-relevant risks should be reachable by the appropriate stance. Their unrestricted combination creates Moorean and Fitch-style collapse pressure: treating $p\wedge\neg Kp$ or $p\wedge\neg Bp$ as ordinary targets of the same stance whose absence they record undermines the diagnostic. The response is architectural. Object-level risk claims should be separated from meta-level epistemic diagnostics. The latter should be governed through an audit layer that records and controls epistemic gaps. This preserves action and precaution without collapsing risk governance into institutional omniscience.