The rules of building ownership have changed. What was once a background risk, absorbed quietly by contractors and design teams, is now arriving at the building owner’s door. Regulators and litigants are no longer satisfied with organizational accountability. They are targeting the individuals who own, control and sign off on physical assets.

Approximately two-thirds of the SEC’s standalone enforcement actions in fiscal year 2025 charged individual bad actors, a 27 percent year-over-year increase, rising to nearly nine in 10 under the most recent commission leadership. That is not a statistical anomaly. A fine paid by a firm does not follow an individual to their next investment or project. A personal liability judgment does. For building owners, asset/facility managers, and the boards and officers who ultimately sign off on facility oversight, this enforcement posture represents a fundamental shift in personal exposure.

This shift did not happen in isolation. It reflects a broader move across regulatory bodies toward holding decision-makers personally accountable for outcomes once treated as a cost of doing business. Settlements that once closed the matter for a company now increasingly arrive paired with separate findings against the individuals who signed off on the underlying conduct, and that pattern is migrating into how building related enforcement and litigation are pursued.

Liability-CO1Building owners are now the target

SEC enforcement under recent leadership has combined corporate penalties with targeted charges against individual officers, directors and responsible parties, driven by the belief that accountability must be personal. The current administration has focused even more heavily on individuals, with nearly 90 percent of standalone actions since the most recent presidential inauguration involving individual charges.

For building owners, this is not an abstract regulatory development. It demands an immediate change in how building owners think about their facilities and portfolios. The instinct is to treat records management as something delegated to a property manager, FM team or general contractor. That instinct is now dangerously outdated. When a regulatory investigation targets a building, whether triggered by a safety incident, a permitting dispute or a tenant complaint, investigators no longer stop at the property management firm. They are asking who owns the asset, who signed the operating agreements, and who had ultimate oversight authority.

Liability-CO2Consider a routine scenario that illustrates the situation. A tenant slips on a recently treated lobby floor and files a claim. Counsel for the claimant requests the maintenance log, the flooring vendor’s service contract and the inspection history tied to that specific surface. If the ownership entity cannot produce a continuous record for that asset across each of the contractor changes that have occurred since installation, the absence of a clean record becomes evidence of inadequate oversight in its own right, regardless of whether the floor was in fact properly maintained. Liability-CO3

Why building owners are especially exposed

Building owners sit at the center of a uniquely complex liability environment. Each asset sits at the intersection of physical infrastructure, environmental compliance records, permitting and inspection logs, contractor documentation and life-safety systems data. Elevator certifications, fire suppression testing, roof and facade inspections, and boiler and pressure vessel records all fall into this category, and each one carries its own renewal cycle, inspecting authority and paper trail that can be incomplete or scattered across multiple vendors over the life of the asset. Every one of those record types is subject to regulatory scrutiny. The growing use of AI in litigation and regulatory enforcement means that gaps in the documented history of a property are increasingly discoverable without a formal investigation being necessary.

AI tools are already expanding the universe of potentially discoverable materials in building-related litigation, increasing both the volume and the complexity of facility data that opposing counsel can surface. OSHA’s public injury and illness data, already electronically submitted and searchable, is becoming raw material for plaintiffs’ attorneys using AI-assisted discovery platforms. A missing inspection report or an undocumented building system modification that once sat quietly in a contractor’s filing cabinet is a searchable liability that can be traced back to the asset owner.

Liability-CO4Building the data shield: What owners must demand

The solution is not more paperwork. Instead, it is smarter documentation built on a consistent, system-agnostic identity framework that travels with the asset regardless of which property manager is engaged, which contractor completes the work, or who ultimately purchases the building decades from now.

The core vulnerability for most building owners is that records are created within software platforms and contractor systems that change. Property management platforms get replaced. Vendors are swapped. Capital project data gets migrated in ways that break the original chain of custody. What remains is a collection of records that technically exist but cannot be traced with any reliability. In an audit or a litigation event, untraced records are functionally equivalent to missing records.

A structured identity system solves this by anchoring every asset record, including every inspection log, every system certification and every as-built modification, to a universal, persistent reference that does not depend on any single platform or vendor. When that reference exists, the data lineage is provable. When a regulator, an insurer or opposing counsel demands the documentation history behind a life-safety certification or a code compliance decision, the thread is intact. This transforms a records archive from a liability into a defense the owner can stand behind.Liability-CO5

These requirements are most effective when written into procurement language rather than added after a system is already in place. Building owners who require identity and record linkage standards directly in vendor contracts and requests for proposals shift the burden of compliance onto every party that touches the asset, rather than relying on reconciliation after the fact. A clause requiring that commissioning records be delivered with a persistent, vendor-neutral identifier is inexpensive to add at the outset and far more difficult to retrofit once a system is already operating and multiple parties have already generated untracked data.

The transparency mandate is arriving whether building owners are ready or not

The regulatory pressure shaping this environment extends well beyond any single enforcement agency. With federal transparency and data lineage principles being reinforced across agencies, and enforcement mechanisms including civil penalties, criminal prosecution and asset-level sanctions expanding, building owners cannot afford a passive posture. Regulators are converging on a single expectation: claims must be proven through a documented chain of evidence that an independent reviewer can verify.

For building owners, this means that the “documented or it didn’t happen” standard is no longer aspirational. It is the baseline for surviving an audit and protecting owners against personal liability.

The deed to a building is a personal attestation of ownership and responsibility. When a facility’s records cannot be traced, the personal liability attached to that ownership does not vanish. It waits.

Act now, not when it is needed

Building owners who wait for a regulatory inquiry or a tenant lawsuit to assess their records infrastructure will discover that the moment of exposure and the moment of discovery are the same. This data framework is not a crisis management tool. It is a structural ownership practice that must be embedded at the asset level before a regulator, an insurer or a litigant tests it.

The real estate industry has long treated facility documentation as a contractor deliverable — something to collect at project close and file away.

Liability-CO6In this regulatory climate, the advantage belongs to building owners who build the chain of custody before anyone asks for it.

None of this requires adopting a single proprietary platform or undertaking a wholesale technology overhaul. What it requires is a consistent standard that any property manager, contractor or software system can be held to over the life of an asset, paired with a willingness on the part of ownership to treat that standard as nonnegotiable rather than aspirational. Building owners who put this discipline in place now, while it remains a competitive advantage rather than a regulatory mandate, will be the ones best positioned when the next inspection, the next sale or the next subpoena arrives.