With great money, comes great responsibility—in theory, at least.

While “the buck stops here,” is exactly the sort of sloganeering one might hope is pinned to the wall of every CEO’s office, that is simply not the case. Of course, few in the C-Suite would openly argue with the platitude, but the financial crisis of 2008-2009, and post-recession shenanigans at big banks, revealed that direct accountability is a rare bird.

Despite the ravenous blood-lust for executive liability that drives Sen. Elizabeth Warren and her likeminded good governance apostles, the fact remains that many banks are too big to fail and its CEOs are either too insulated or too removed from day-to-day operations to be held holistically accountable.

When Wells Fargo’s now-retired CEO John Stumpf was called before Congress to explain millions of accounts and credit cards employees opened without customer authorization, his best defense was a carefully engineered shrug. How could he have known?

Stumpf defended his tenure by describing post-discovery actions, swiftly made, and the termination of more than 5,300 employees.

We may never know with prosecutorial clarity what Stumpf knew, and when, and what degree of outrage his actions truly warrant. Warren and other vocal critics will likely need to satisfy themselves with a clawback of $41 million in his unvested equities, an early retirement and, perhaps, a few million dollars returned to company coffers at a later date.

That typical end game, a common one for disgraced (fairly or not) CEOs, may not be the inevitable outcome much longer. The writing is on the wall for greater liability for executives.

Perhaps the most scandalous (and recent) case of a CEO being held personally accountable and as a prosecutorial avatar for his company is Carl Ferrer, CEO of Backpage.com. If you have never heard of that particular website, good for you. It specializes in classified ads, with a very profitable focus on “escort” advertisements. Ferrer was arrested in October after authorities raided his Dallas office. He was charged with pimping minors as a result of his company’s stock and trade as a middleman for prostitution.

Even when compared to the worst, most scandal-ridden CEO in corporate America, Ferrer is a bloody handed outlier. Unfortunately, there may be fewer degrees of separation than executives might be deluded into thinking.

Compliance can no longer be left in a bubble, the exclusive domain of whomever happens to hold the title of CCO. Top executives, more so than ever, need to live and breathe compliance and ethics, lest they personally face very harsh, very personal repercussions.

Regulators, both at the state and federal level, are aiding the work of activists by seeking out connections between public companies and human trafficking (along with the intertwined matters of forced labor, child labor, and the sex trade). Companies are increasingly forced to disclose what they are doing to prevent suppliers and other third parties from engaging in any type of human trafficking.

The jump from conflict minerals disclosures (an SEC requirement that tracks the procurement of certain raw materials for evidence they support violent militias in the Congo) to human trafficking is not a broad one. The federal government has already approved laws that require federal contractors to disclose more, and do more, to prevent human trafficking by suppliers.

Legislators are also considering similar efforts. U.S. Rep. Caroline Maloney (D-N.Y.), for example, has promoted a bill to that would require public companies “to disclose information describing any measures the company has taken to identify and address conditions of forced labor, slavery, human trafficking, and the worst forms of child labor within the company's supply chains.”

A forerunner to all this is California’s Transparency in Supply Chain Act. It requires certain companies to report on their specific actions to eliminate slavery and human trafficking in their supply chains.

These efforts, bolstered somewhat by class-action lawsuits, are already having an effect. A study by the American Bar Association and Arizona State University’s McCain Institute and School of Politics and Global Studies surveyed Fortune 100 companies on how they address human trafficking concerns. It found that more than half have publicly available policies addressing human trafficking and nearly two-thirds provide them on forced labor.

Therein lies the danger for CEOs: will increased regulatory pressure lead to personal liability if mandated policies, screens, and internal controls fail?

If you thought the Foreign Corrupt Practices Act was a minefield, you ain’t seen nothing yet. An executive need not be a sleaze peddler like Ferrer to be in an unwinnable situation, especially when they are increasingly required to attest, at the risk of personal culpability, to the effectiveness of procedures and controls.

Attestations are nothing new, of course, and were a key part of the Sarbanes-Oxley Act. But while SOX focused on financial reporting, other efforts dig deeper. New York’s Department of Financial Services, for example, is seeking attestations by CEOs on anti-money laundering programs and cyber-security efforts.

And now, with a shot across the bow of the financial services world, Christy Romero, special inspector general for the Troubled Asset Relief Program, is calling upon government agencies to “remove the insulation around Wall Street CEOs and other high-level officials” by requiring that the CEO, CFO, and other senior executives sign an annual certification that they have conducted due diligence within their organization and can attest there is no criminal conduct or civil fraud in their organization.

Modeled after annual Sarbanes-Oxley certifications, her vision of a crime and fraud certification would create an incentive for top executives to institute strong anti-fraud internal controls on lower-level executives and managers. It would also motivate lower-level executives and managers to have conversations with leaders of the organization if fraud or crime is occurring.

Behind the curtain of all this is executive pay. From Wells Fargo to drug-maker Mylan, the Average Joe and politicians that curry his favor are as angry about how much CEOs earn as what misdeeds their company perpetrated. Rampant paycheck envy will inevitably accompany the SEC’s forthcoming pay ratio rule, a demand that CEOs disclose their pay as a ratio to the median employee. Wherever the big bucks stop, that is where you will find the focus of an ever-harmonizing chorus of critics and an end point for potential legal troubles.

It may, of course, be unfair to assume that CEOs are all-knowing, all-seeing, and all-powerful. The job of captaining a corporate ship to profitability and shareholder value is not an easy one. They are well paid for very good reasons and among them is not micro-managing the behavior of thousands upon thousands of employees.

As reasonable as a CEO’s post-crisis defense may be in terms of plausible deniability, honest ignorance, or intentional misdirection by those lower in the corporate hierarchy, he or she can no longer afford to ignore valuable lessons from their compliance officers.

They need to treat whistleblowers and helplines with the gravity they deserve, not as a cover-your-butt, check-the-box requirement. They need to ensure controls are tested, retested, and tested again. They need to ensure, with a hands-on approach, that policies and procedures are effective, followed, and extend throughout the enterprise and its third parties.

Compliance can no longer be left in a bubble, the exclusive domain of whomever happens to hold the title of CCO. Top executives, more so than ever, need to live and breathe compliance and ethics, lest they personally face very harsh, very personal repercussions.