# The Board That Read the Room Wrong
**Category:** Founder’s Legend
**Project:** TSP_2026-021_sec-retreat-delaware-liability
**Date:** 2026-05-23
**Slug:** board-read-room-wrong
**WordPress Category ID:** [Founder’s Legend category ID from CLAUDE.md]
—
*The following account is a composite drawn from multiple advisory engagements. Identifying details have been changed. The governance failure pattern is real.*
—
I was brought in after the Section 220 demand arrived.
The board had been managing well — or so the members believed. They had an audit committee. They had a risk committee. They had a CHRO with thirty years of experience, a General Counsel who had worked at two major law firms before going in-house, and a CEO who ran a tight ship. The company had never had a significant enforcement action. The compliance function had a green dashboard.
Three months before I arrived, the SEC had announced its enforcement retreat. The company’s securities counsel had briefed the board on the enforcement data — the 30% reduction in actions, the administration’s signals, the new priorities. The board had discussed the news and drawn what seemed like the obvious conclusion: the regulatory environment had become more favorable. The compliance budget discussion at the following board meeting reflected that conclusion.
The Section 220 demand arrived six weeks after the budget was trimmed.
—
## What the Board Had Gotten Right
Before describing the failure, the board’s actual competence matters. This was not a board of people who did not take governance seriously. This was a board that had done most of the right things.
They had a whistleblower hotline. It was operated by a third-party vendor. Reports were routed to the General Counsel’s office and to the CHRO for HR-related matters. The audit committee received a quarterly summary of report volume and category. The system worked as designed.
They had board minutes that documented what was presented and what was decided. The minutes were reviewed by securities counsel before being finalized. They met the disclosure standard the company needed to meet.
They had a risk committee that reviewed a risk register each quarter. The risk register included cybersecurity, regulatory compliance, and operational risk categories. The CHRO presented a cultural health update annually. Employee survey data was included.
None of this was wrong. All of it was inadequate for the standard that Chancery would apply.
—
## What the Board Had Missed
The Section 220 demand requested three years of board and committee minutes, internal audit reports, whistleblower hotline reports, and the written communications between senior management and the board on a specific category of matter. The matter involved credible, repeated reports of misconduct by a senior leader — reports that had been filed through the hotline, investigated by the HR team, and closed within the HR function without escalation to the board.
The board had not known about the reports. The CHRO had managed the investigations as HR matters. The General Counsel had been informed. The CEO had been briefed on the pattern but had assessed the risk as manageable within the management team. The risk committee had received the quarterly whistleblower summary — volume by category — but not the specific matter, because the CHRO had classified it as below the threshold for committee notification.
The Section 220 demand produced all of this. The board’s minutes showed no awareness of the matter. The General Counsel’s written communications showed awareness. The CHRO’s investigation files showed three separate complaints over eighteen months, all investigated and closed within the HR function. The CEO’s emails showed briefings that described the pattern and the decision not to escalate.
The derivative complaint wrote itself from those documents.
—
## The Specific Failures
When I reviewed the governance architecture in the aftermath, four specific failures were visible.
**The classification standard was not defined.** The Tier 1 classification — the determination that a matter is serious enough to require board committee notification — had never been formalized. The CHRO made the call, case by case, based on her judgment about what the board needed to know. Her judgment was reasonable by the standard she had been trained against, which was the operational HR standard, not the Caremark governance standard. The distinction the eXp World Holdings ruling would establish — that severe cultural misconduct involving senior leaders is mission-critical board oversight territory, not HR management territory — was not part of her framework, because it had not been incorporated into the organization’s governance architecture.
**The escalation bypassed the board rather than the CEO.** In the two cases where the CEO was briefed and made a management-level assessment, the board received no information. The CEO’s authority to assess a governance risk and decide not to escalate it to the board is precisely what the Caremark direct notification architecture is designed to eliminate. Management’s assessment of a matter involving management is not the board’s oversight of a matter involving management. When the subject of a potential concern is a person who reports to the CEO, the CEO is not a neutral information filter between the CHRO and the board.
**The board minutes did not document deliberative engagement.** In the quarterly risk committee meetings where cultural health was presented, the minutes recorded the presentation and the committee’s acknowledgment. They did not record questions that were asked, alternative risk assessments that were offered, or the committee’s specific engagement with the cultural health data. A board that received a cultural health presentation and asked no documented questions produced no Caremark defense in its minutes for those sessions.
**The budget reduction came at the wrong moment.** The compliance budget trim — made in response to the SEC enforcement data — reduced the resources allocated to the whistleblower program’s case management system, which had been scheduled for an upgrade that would have provided better analytics on pattern identification. The upgrade did not happen. The pattern — three complaints about the same senior leader over eighteen months — would have been more visible with the improved analytics. Whether it would have changed the CHRO’s classification decision is not knowable. What is knowable is that the reduction in governance investment coincided with the period during which a Caremark risk was developing.
—
## What the Board That Got It Right Did
In the same period, I worked with a board that faced a structurally similar situation — credible reports about a senior leader, a CHRO who was managing the matter competently, and a CEO who was aware. This board’s outcome was different for one reason: they had built the Tier 1 Cultural Risk Protocol twelve months earlier.
The protocol had been a deliberate governance investment. The board had engaged Delaware employment counsel to develop a formal classification standard. The standard defined specifically — by severity of allegation, seniority of the subject, scope of the alleged conduct, and presence of external signals — which matters required direct board committee notification, on what timeline, and through what channel.
When the CHRO received the first credible complaint about the senior leader, she ran it through the classification standard. It met the Tier 1 threshold on two criteria: seniority of subject (a direct CEO report) and severity of allegation. The protocol required notification to the risk committee chair within 48 hours, directly from the CHRO, independent of the management chain.
The risk committee chair received the notification. An investigation structure was established — independent outside counsel retained directly by the committee — that operated outside the management chain for its duration. The CEO was informed but did not direct the investigation. The committee received the findings and directed the organizational response.
The matter was resolved. It was not resolved without cost or difficulty. But it was resolved in a governance structure that would survive Section 220 discovery: documented classification decision, documented notification timeline, documented investigation structure, documented committee engagement, documented response.
No derivative complaint was filed. The governance record left nothing for a complaint to exploit.
—
## The Pattern That Separates Them
The two boards were not different in competence, resources, or intent. They were different in one dimension: one had built a governance architecture that was calibrated to the current Caremark standard, and one had not.
The board that got it right had made a specific investment — modest in cost, substantial in governance consequence — to formalize what had previously been informal. They had defined, in writing, before a crisis arrived, what the CHRO’s escalation obligation was, what the committee’s notification standard was, and what the investigation structure would be for different categories of matter. The investment forced the conversation that the Accountability Contract Model describes: the board and the CHRO establishing, explicitly and in writing, what governance responsibilities each held and what the protocol was when Tier 1 criteria were met.
That conversation, and its documentation, was the entire difference between a governance record that could survive Section 220 discovery and one that could not.
The SEC’s enforcement data told neither board anything about whether their governance architecture was adequate for the Caremark standard. The SEC does not audit board minutes. The SEC does not assess whether Tier 1 escalation protocols are adequate. The SEC’s retreat from complex governance oversight did not make those governance questions less important. It made the forum in which they would be tested different.
Both boards read the same SEC enforcement data. One had built the architecture. One had not. Section 220 could tell the difference.
—
*The full governance architecture for the current Chancery environment — including the Tier 1 Cultural Risk Protocol template, the Accountability Contract Model documentation, and the officer accountability conversation framework — is available at [ALP URL placeholder — replaced at Stage 9c].*
—
**Sources:** LACERS v. Sanford / eXp World Holdings, Delaware Chancery, January 2026 | McDonald’s Corporation Derivative Litigation, Delaware Chancery, January 2023 | Edelman Trust Barometer, January 2026 | Seattle University School of Law, January 2025 | Cohen & Gresser LLP, January 2026
—
*Touch Stone Publishers Limited | Executive research for boards and C-suites building organizations that outlast them.*