If you have children—or have ever had to babysit them—you may understand something that U.S. regulators do not.

Rules can accomplish very little, especially in a vacuum. Tell a bratty kid, “No more cookies” and you may do little more than inspire them to obtain the forbidden treat by any means necessary. You created a challenge and inspired workarounds. Put the cookie jar on a high shelf? No problem. They will just crawl up on a chair, endangering both themselves and all around them.

We are not so blunt or foolish as to compare CEOs and other corporate executives to devious children. We draw the comparison only to underscore the inherent weakness of prescriptive rulemaking.

The United States and its capital markets are stuck on a never-ending seesaw that hops between regulation and deregulation. After a financial crisis hits, regulators act in unison as a modern Sisyphus, taking on the heavy lifting of rulemaking designed to protect investors and the capital markets. Over time, the figurative boulder of regulations is pushed downhill and into the distance by those arguing that such rules do more harm than good, stifling competitiveness and profitability.

We are now in the early stages of the downward roll, with a new President and Republican-majority Congress set to work on a deregulatory agenda.

From an objective viewpoint, there are pros and cons inherent in both regulatory build-up and deconstruction. A certain baseline of dos and don’ts is certainly prudent and necessary. But rules themselves won’t keep grubby hands out of cookie jars.

What we need to debate and discuss more is the enforcement piece of the puzzle.

Here are how things currently work when an otherwise good company does bad things. Federal regulators will line up and pair up to take a swing. Investigations proceed and deals are struck. At the end of the process, the company will agree to a fine that regulators accept without an admission of guilt. In severe cases, a corporate monitor may be put in place.

Typically, the only lingering shame comes from bad PR and media exposure. Mess up, pay up, move on, and hope for short memories.

Oh sure, we hear a lot about individual liability and demands for culpability, but it doesn’t really happen much at all.

There is also a conceptual problem with the current enforcement zeitgeist. As was pointed out in past writings by soon-to-be SEC Chairman Jay Clayton, shareholders are often punished as much, if not more, than executives.

For shareholders who want effective governance, a proactive approach to enforcement, and a punitive stance more effective than anything the government agencies can mete out, the focus should be on board composition and independence.

Hit a company with a multibillion-dollar fine and a mountain of “name and shame” press citations and the stock price will invariably take a hit. Regulators claiming to look out for “the little guy” will, effectively, hurt them as shares held in retirement accounts and other investments dip (or plummet) in value.

The government gets its money grab and companies are happy to cut a check, take a quarterly hit, and be done with the whole affair. Investors suffer the real damage.

True enforcement needs to focus on individual liability, not monetary exchanges. By individual liability, we don’t man chasing down CCOs like torch-bearing Transylvanians over less-than-stringent attestations. Instead, look to executive pay provisions in the Dodd-Frank Act, notably the push toward clawbacks, understandably despised by executives. Properly considered and fairly executed, however, the process might be a model for enforcement efforts.

For all this to be effective, however, boards need to be the focus.

Debates are increasingly common regarding directors’ needs to focus as much on long-term strategy as short-term profitability goals. Diversity of board composition and experience is also a growing focus among shareholders. With greater independence and objectivity, directors can be as effective as any government regulator, if not more powerful as agents of change.

Consider the story that refuses to die: revelations of illegal, unauthorized customer account openings at banking giant Wells Fargo.

John Stumpf, the former chairman and CEO of Wells Fargo, already expected to forfeit nearly $41 million in compensation. Recently came word that the board will demand that he repay an additional $28 million to the bank. Directors say they are also clawing back another $47 million from Carrie Tolstedt, former head of the sales division.

Which action sends a stronger message, we ask: $185 million in pay and move-on fines, or a direct hit to executive bank accounts that takes nearly $180 million from the pockets of those responsible? The elegance of the clawback solution is that by punishing executives, the government fine is effectively negated for shareholders (although they still lose out in stock price declines).

The clawbacks were revealed in a report of the Independent Directors.

“The former CEO, relying on Wells Fargo’s decades of success with cross-sell and positive customer and employee survey results, was too slow to investigate or critically challenge sales practices in the Community Bank,” the board wrote. “He also failed to appreciate the seriousness of the problem and the substantial reputational risk to Wells Fargo.”

Corporate control functions were constrained by the decentralized organizational structure “and a culture of substantial deference to the business units,” the April 2017 report says, adding that “management reports did not accurately convey the scope of the problem.”

“Wells Fargo’s decentralized organizational structure and the deference paid to the lines of business contributed to the persistence of this environment,” the board wrote, adding that it only learned that approximately 5,300 employees had been terminated for sales practices violations through September 2016 settlements with the Los Angeles City Attorney, the Office of the Comptroller of the Currency, and the Consumer Financial Protection Bureau.

The lesson here is that a more proactive board, one with a compliance focus, might have uncovered the bank’s problems far sooner. In any event, the directors did accomplish something regulators could not as they meted out direct, painful punishment on the individuals involved.

None of this should be fanciful thinking. After all, aren’t boards, by definition, representing shareholders and working in their best interests? Regulators have their role to play, but the real force of good corporate governance lies with directors. They are the real cops on the beat.

Much of the debate that surrounds the nomination of Jay Clayton as SEC chairman, at least throughout Congressional hearings, involves whether or not he would perpetuate predecessor Mary Jo White’s “broken windows” philosophy of putting smaller, easy-to-overlook violations alongside bigger acts of malfeasance on the SEC’s to-do list. Substantial hand-wringing is also focused on how often Clayton may need to recuse himself from enforcement maters, as if the revolving door problem in Washington is new and unique.

We should not underestimate the importance of the SEC’s Enforcement Division, the Department of Justice and, more controversial, the CFPB. They all have an important role to play. For shareholders who want effective governance, a proactive approach to enforcement, and a punitive stance more effective than anything the government agencies can mete out, the focus should be on board composition and independence.

Let Washington spring gotcha questions at SEC nominees. The more important questions are asked by board members.