That's simple-sounding, but I don't think it's simple.

Large organizations like banks are fantastic for obscuring responsibility. The CEOs say, "I didn't know." The line workers say, "I was just following orders."

Everybody in between keeps things hazy because it's useful to their careers. When things go badly, they need to be able to claim it wasn't their fault. When things go well, they try to claim credit.

The net result is nobody gets punished when there is crime on a massive scale.

I think the only viable option is to punish the company. I think it would also be fair to change the law such that CEOs are treated as negligent if they let internal controls get to the point where criminal things are happening without an obvious, chargeable conspiracy by a group of workers. But good luck getting our bought-and-paid-for congressmen to approve something like that.

CEO is totally responsible for the big picture.

Should be personally liable for large-scale crimes.

If you are a decision maker, though, that decision can come back and bite you in the ass.

I think that's the point. They should fear that when making decisions.