May 2026
The Jurisdiction Shift: When the SEC Retreats, Delaware Advances
A proof-of-concept working document for board sessions on the Delaware Chancery liability environment — what the substitution effect is, what it produces, and what the governance architecture must now include.
The Governing Finding
Boards that interpret the SEC’s 30% enforcement retreat as reduced regulatory risk are making a decision that will transfer the cost of that error from the corporate balance sheet to the personal wealth of every executive in the room.
The SEC ran 303 enforcement actions in fiscal year 2025 — a 29.7% decline from the prior period. The financial press covered the decline as a governance signal. Most boards read it as one. The reading is analytically wrong in a way that is consequential at the personal level.
Federal enforcement data tells boards what the Securities and Exchange Commission is doing. It tells boards nothing about what the Delaware Court of Chancery is doing. When the SEC reduces complex governance oversight, the liability does not decrease. It relocates — to a jurisdiction that produces categorically different financial consequences, with no advance signal and no quarterly enforcement statistics to track.
The Mechanism
Section 220 replaces SEC discovery. The derivative complaint writes itself from the corporation’s own records.
In periods of active SEC enforcement, plaintiffs’ attorneys constructing derivative cases have access to the documentary record that federal investigations produce — subpoenaed documents, witness testimony, audit findings — without the cost of building the factual record independently. When the SEC withdraws, plaintiffs substitute a Section 220 books and records demand.
Section 220 is a Delaware shareholder right: a targeted request for board minutes, committee minutes, internal audit reports, board presentations, and the written communications between management and the board on specific risk categories. What the demand produces determines whether a derivative complaint can survive a motion to dismiss. The evidentiary record is built from the corporation’s own governance documents.
The critical governance implication: a board that governed well — that received credible risk information, asked documented questions, made documented decisions with documented rationale — produces a Section 220 record that is a Caremark defense asset. A board that governed through informal processes and undocumented decisions produces the evidentiary gap that derivative complaints require.
01The 30% drop in SEC enforcement actions does not reflect reduced governance liability. It reflects a jurisdictional transfer of liability to Delaware Chancery derivative litigation, where the financial consequences are categorically different: unindemnifiable under Delaware law, landing on individuals rather than on the corporate balance sheet.
02The eXp World Holdings ruling (January 2026) established that severe cultural misconduct is a Caremark mission-critical oversight obligation. The board’s failure to have direct awareness architecture for Tier 1 cultural risk — not the misconduct itself — was the governance failure the court identified.
03Caremark liability now extends to corporate officers individually (McDonald’s, 2023). The CHRO, COO, and General Counsel can be named directly in derivative suits for governance failures within their specific functional domains. The liability is personal. The defense is personal.
04Most D&O programs carry a structural error in the current environment: Side A towers were sized when Caremark claims were routinely dismissed. The motion to dismiss gate is less reliable after Boeing (2021), McDonald’s (2023), and eXp World Holdings (2026). The RSUI Indemnity v. Murdock ruling (2021) adds a policy language risk for Delaware-incorporated entities whose D&O policies have not been reviewed by Delaware insurance counsel.
05The international regulatory environment is not diminished by the SEC’s domestic retreat. The EU AI Act creates current conformity assessment obligations for high-risk AI deployments. The UK FCA’s SM&CR Phase 1 reforms expand personal accountability for designated Senior Managers. Delaware Chancery governance architecture and international regulatory compliance are simultaneous, not sequential, obligations.
What the Current Standard Requires
Four governance architecture elements that most boards have not yet formalized — and that Section 220 discovery will look for.
Direct reporting for Tier 1 risk categories. The eXp World Holdings ruling established that management mediation of the board’s awareness is inadequate for mission-critical risk matters. For Tier 1 cultural risk — severe misconduct involving senior leadership — the board committee must receive direct notification from the CHRO, within 48 hours of classification, through a channel that bypasses the CEO when the matter involves the CEO or the CEO’s direct reports. This architecture must be formalized, documented, and approved by the board before a Tier 1 matter arrives.
The Accountability Contract conversation. The McDonald’s ruling established that the board must have a specific, documented conversation with each C-suite officer about their Caremark domain: the central legal risks they own, the red flags that trigger their escalation obligation, the authority they have to investigate and remediate, and the timeline for board committee notification. This conversation is the governance architecture. Its documentation is the evidence that the board discharged its oversight obligation to its officers.
Board minutes quality standard. The Caremark documentation standard requires that board minutes record not only what information was presented and what decision was made, but what deliberative engagement the board had with the risk information — what questions were asked, what alternative responses were considered, what the documented basis for the decision was. Minutes that record the presentation and the vote, without the deliberation, create the evidentiary gap that Section 220 targets.
Side A D&O tower stress-test. The compliance budget and D&O program were built against a risk architecture that has partially shifted. A Side A stress-test — conducted with Delaware insurance counsel before the next renewal — assesses whether current Side A limits cover the mid-scenario Caremark derivative settlement range for an organization of comparable size and risk profile, and whether the policy language governing Side A activation performs as expected under Delaware’s specific indemnification prohibition framework.
“The board governs whether the governance architecture exists and is operating. Management operates within that architecture. When management begins making governance decisions — deciding whether a risk rises to the board’s attention rather than following the established protocol — the boundary has been crossed. The protocol is the boundary.”
Capital Allocation Implications
Where to direct resources. Where to stop. Both directions are required.
Where to direct resources: Delaware corporate counsel retainer (distinct from securities counsel) for Caremark architecture review and Section 220 demand readiness; Delaware insurance counsel engagement before the next D&O renewal for Side A stress-test and policy language review; Tier 1 Cultural Risk Protocol development (CHRO and Delaware employment counsel); officer accountability documentation for each C-suite function (Accountability Contract conversations); board minutes quality standard formalization.
Where to stop: Treating the SEC enforcement data as the primary or complete input to governance compliance investment decisions. SEC defense readiness remains relevant for fraud, market manipulation, and off-channel communications enforcement — the SEC has not retreated from those areas. The reallocation is marginal, not wholesale: a shift of compliance resources from the retreating risk toward the advancing Chancery risk, calibrated to the current relative probability and consequence distribution.
Three Regulatory Scenarios for Board Planning
Scenario A: SEC enforcement remains at current reduced levels through 2027; EU AI Act enforcement activates on schedule. The primary board governance investment is the Caremark compliance architecture — Tier 1 Cultural Risk Protocol, officer accountability conversations, Section 220 readiness — and the EU AI Act conformity assessment program for high-risk AI deployments. International compliance obligations are not diminished by domestic enforcement retreat.
Scenario B: Delaware Chancery expands Caremark claims to cybersecurity governance failures. The two dismissed cybersecurity Caremark cases (Gibson Dunn, November 2025) were dismissed because boards had basic reporting systems. The next cybersecurity Caremark case will be constructed around the gap between having reporting systems and having systems that surfaced specific credible vulnerability warnings that the board received and did not respond to. The investment priority is the cybersecurity risk register governance architecture — not just the security technology, but the board committee’s documented engagement with the register.
Scenario C: UK FCA SM&CR Phase 2 reforms expand accountability for technology and commercial functions in regulated entities. Phase 1 reduced certification roles by 15% while expanding conduct rule coverage for designated Senior Managers. Phase 2 signals suggest expansion into operational and technology domain accountability. Boards with UK regulated operations should establish Phase 2 monitoring through UK regulatory counsel and maintain the SM&CR governance documentation that Phase 1 requires.
In all three scenarios, the Caremark governance architecture investment is necessary. The scenario analysis calibrates relative urgency, not investment direction.
Sources
LACERS v. Sanford / eXp World Holdings, Delaware Court of Chancery, January 20, 2026 (Bernstein Litowitz Berger & Grossmann LLP analysis) | McDonald’s Corporation Derivative Litigation, Delaware Court of Chancery, January 2023 | Boeing Company Derivative Litigation, Delaware Supreme Court, 2021 | RSUI Indemnity v. Murdock, Delaware Supreme Court, 2021
U.S. Senate Banking Committee, February 2026 | Securities Enforcement & Litigation Insider, April 2026 | Debevoise & Plimpton, May 2026 | Gibson Dunn, November 2025 | Skadden Arps, October 2025
EU AI Act (Regulation EU 2024/1689) | UK FCA PS26/6, April 2026 | Bryan Cave Leighton Paisner, May 2026 | Edelman Trust Barometer, January 2026 | Villanova University School of Law | Boston University School of Law
JD Supra / Delaware D&O Insurance Disputes, March 2026 | WTW D&O Analysis, March 2025 | Proskauer Rose LLP, May 2026
The complete governance architecture — including the officer accountability framework, the Tier 1 Cultural Risk Protocol template, the Side A stress-test model, and the full implementation roadmap — is available in the Executive Leadership Playbook at [ALP URL — replaced at Stage 9c].