# The Jurisdiction Shift: Why the SEC’s Enforcement Retreat Is the Wrong Signal to Read
**Category:** White Paper Article
**Project:** TSP_2026-021_sec-retreat-delaware-liability
**Date:** 2026-05-23
**Slug:** sec-retreat-wrong-signal
**WordPress Category ID:** [White Paper Article category ID from CLAUDE.md]
—
The SEC ran 303 enforcement actions in fiscal year 2025. That is a 29.7% decline from the prior year. The financial press covered the number as a governance story — reduced regulatory pressure, lighter enforcement environment, a signal that the federal regulatory apparatus has recalibrated its approach to corporate oversight.
Boards read that number and updated their risk models accordingly.
That update is analytically wrong in a way that is consequential at the personal level.
The error is not reading the enforcement data. The error is reading federal enforcement data as the complete picture of corporate governance liability. It is not. There is a second jurisdiction — one that does not report quarterly enforcement statistics, does not hold press conferences when it shifts posture, and does not send signals that boards can read as license to reduce governance investment. That jurisdiction is the Delaware Court of Chancery.
When the SEC retreats, Delaware advances. That is not a forecast. It is a historically documented substitution pattern that is currently active.
—
## What the Substitution Effect Produces
The mechanism runs through plaintiffs’ attorneys. When the SEC is actively investigating corporate conduct, plaintiffs in derivative litigation have access to the discovery that investigation produces — documents, testimony, audit findings — without the cost of building the factual record themselves. When the SEC retreats, that discovery support disappears.
Plaintiffs’ attorneys do not disappear. They adapt. The adaptation is a Section 220 books and records demand: a request, in Delaware, that the corporation produce board minutes, committee minutes, internal communications, and the underlying documents that were the basis for board decisions. Villanova University School of Law and Boston University School of Law have both documented this substitution — the pattern in which reduced SEC enforcement activity correlates with increased Section 220 demand activity.
What Section 220 produces is a factual record constructed directly from the corporation’s own governance documents. The derivative complaint that follows is built on the corporation’s own evidence of what the board knew, when it knew it, what it did in response, and what it failed to do.
A board that governed well — that had the right reporting architecture, that received credible risk information and responded with documented investigation and remediation — is largely protected in this process. The governance record demonstrates compliance with the Caremark oversight standard. The motion to dismiss survives.
A board that governed through informal processes, undocumented decisions, and management-mediated information flows — that assumed its governance was adequate because no federal regulator had said otherwise — finds that Section 220 produces the evidence for a complaint it cannot defend.
The SEC’s silence was not a favorable governance assessment. It was the absence of an assessment. The Chancery’s assessment arrives on its own schedule, with its own evidentiary tools, and produces outcomes that are categorically different from what boards have been managing against.
—
## What Chancery Produces That the SEC Does Not
The financial architecture distinction matters. An SEC enforcement action produces a corporate penalty. The organization pays. The amount appears on the income statement as a cost of doing business. Directors and officers are not personally liable for the payment — except in cases of direct fraud or egregious individual misconduct, which constitute a small fraction of governance-related enforcement actions.
A Delaware Caremark derivative settlement works differently in every dimension.
The derivative plaintiff sues the board and senior officers on behalf of the corporation — alleging that governance failures harmed the company. Because the corporation is the nominal plaintiff in a derivative action, Delaware law prohibits the corporation from indemnifying the settlement. The individuals pay.
The payment comes from Side A D&O insurance — the layer of D&O coverage reserved for situations where the corporation cannot indemnify. When Side A limits are exhausted, the payment comes from personal assets.
Most organizations’ D&O programs were designed when Side A was the smallest layer, because Caremark claims were historically dismissed before reaching settlement. The motion to dismiss was the gate. In 2021, Boeing. In 2023, McDonald’s. In January 2026, eXp World Holdings in LACERS v. Sanford. Each ruling has widened the category of governance failure that survives a motion to dismiss.
The gate is less reliable than it was three years ago. D&O programs calibrated to the pre-2021 risk architecture are carrying coverage gaps that will become visible only when a derivative settlement arrives.
—
## The Three Rulings That Changed the Standard
Understanding where the current Caremark standard sits requires tracing three cases in sequence.
**Boeing (2021):** The Delaware Supreme Court’s first major extension of Caremark. The board that had established safety reporting systems was held potentially liable because those systems failed to surface safety risks before the crashes. The standard shifted from “did the board have a reporting system” to “did the reporting system actually function to give the board information about mission-critical risks.”
**McDonald’s (2023):** The Chancery court extended Caremark liability to corporate officers individually — not just the board. The Chief Human Resources Officer was specifically named. The ruling established that officers have their own Caremark obligations for their specific functional domains: the CHRO for cultural and misconduct risk, the COO for operational compliance risk, the CLO for legal risk. Officers can be named individually in derivative suits for failures within their domains.
**eXp World Holdings / LACERS v. Sanford (January 2026):** Chancellor McCormick denied the motion to dismiss a derivative suit against directors and senior executives for failing to appropriately investigate and respond to credible reports of workplace sexual misconduct. The ruling established “corporate trauma” — severe cultural misconduct — as a mission-critical board oversight obligation. The board’s lack of direct awareness architecture for this category of risk was itself a fiduciary failure. Not the misconduct. The governance architecture that would have brought it to the board’s attention.
These three cases together have created a standard that most organizations’ governance architecture was not built to meet. The question is not whether the board had a reporting system. The question is whether the board had a direct, documented awareness architecture for the specific categories of risk that constitute mission-critical central legal risks under the current standard — and whether the board’s response to information received through that architecture is documented in the way Section 220 discovery will examine.
—
## What the Current Standard Actually Requires
The governance architecture that the current Chancery standard requires has four components that most boards have not yet formalized.
**Direct reporting for Tier 1 risk categories.** The eXp World Holdings ruling makes clear that management mediation of the board’s awareness is inadequate for Tier 1 risk matters. For the categories of risk that constitute central legal risks — severe cultural misconduct, material cybersecurity failures, regulatory violations of material magnitude — the board committee must receive direct information, not management’s filtered version of it. The CHRO who receives a credible report of serious misconduct should have a protocol for direct board committee notification that bypasses the CEO chain when the matter involves the CEO, and that runs alongside the CEO briefing when it does not.
**The Accountability Contract Model.** The officer-level Caremark extension from McDonald’s requires that the board have an explicit conversation with each C-suite officer about their specific governance domain: what are the central legal risks in this function, what are the specific red flags that trigger the escalation protocol, what authority does the officer have to investigate and remediate, and what is the escalation timeline when a Tier 1 risk appears. That conversation must be documented. In its absence, the officer operates without a clear governance architecture for their Caremark responsibility — and without the documentation that demonstrates good faith when the derivative claim arrives.
**Section 220 readiness.** The board minutes, committee minutes, and operational records that will be produced in a Section 220 demand are the evidentiary foundation for any derivative complaint that follows. The governance documentation standard — specifically, the quality of board minutes to show not just what information was presented but what the board’s responsive engagement was — is now a litigation defense asset. Board minutes that record the agenda and the decision, without recording the board’s deliberative response to risk information, create the evidentiary gap that derivative complaints exploit.
**Side A D&O tower adequacy.** The CFO’s compliance budget was built against an SEC enforcement model. The Side A D&O tower was sized when Caremark claims were routinely dismissed. Both of these resource allocation decisions need to be revisited against the current Chancery risk architecture — specifically, the probable range of unindemnifiable derivative settlements for an organization of comparable size and risk profile, assessed with Delaware insurance counsel who understands how the policy language performs under Delaware’s specific indemnification prohibition framework.
—
## The Capital Allocation Consequence
The board that interprets the SEC’s 30% enforcement retreat as a governance budget reduction opportunity is misreading the signal in a way that has personal financial consequences.
The compliance investment that goes toward SEC examination preparation and securities law defense readiness is not wasted — SEC enforcement remains active in fraud, market manipulation, and off-channel communications matters. The reallocation is marginal, not wholesale. But the Caremark governance architecture investment — Delaware corporate counsel retainer, Section 220 demand readiness program, Side A D&O tower stress-test, Tier 1 Cultural Risk Protocol development — is an investment that was not adequately priced in the pre-2023 risk model. It needs to be priced in now.
The governance architecture described in this research — the board oversight protocols, the officer accountability conversations, the whistleblower channel architecture, the documentation standards that Section 220 discovery will examine — is not expensive to build compared to the cost of a derivative proceeding it is designed to prevent. The analogy is not perfect, but it holds in one direction: the organizations that build the architecture before a derivative claim arrives will not face the architecture question in the context of litigation. The organizations that do not will face it in the context of Section 220 discovery and a motion to dismiss that the current Chancery precedent makes less reliable than it was five years ago.
The research that supports this analysis — the full governance architecture for the jurisdiction shift, including specific implementation protocols for each C-suite function — is available at [ALP URL placeholder — replaced at Stage 9c].
—
**Sources:** U.S. Senate Banking Committee, February 2026 | Securities Enforcement & Litigation Insider, April 2026 | LACERS v. Sanford / eXp World Holdings, Delaware Chancery, January 2026 | McDonald’s Corporation Derivative Litigation, Delaware Chancery, January 2023 | Boeing Company Derivative Litigation, Delaware Supreme Court, 2021 | Villanova University School of Law | Boston University School of Law | Skadden Arps, October 2025 | RSUI Indemnity v. Murdock, Delaware Supreme Court, 2021 | WTW D&O Analysis, March 2025 | Gibson Dunn, November 2025 | Debevoise & Plimpton, May 2026
—
*Touch Stone Publishers Limited | Executive research for boards and C-suites building organizations that outlast them.*