Major corporations get caught behaving badly … a lot. And so far, the main solution we’ve come up with is fining them — the Federal Trade Commission hit Facebook with a $5 billion fine this summer, an amount that, while large, will barely make a ding in its business. The $170 million fine the FTC and New York state recently hit Google’s YouTube with is almost laughable considering Google’s overall worth.

Even the $425 million Equifax settlement, which came out of the company’s exposure of some 147 million people’s personal information, promised victims the ability to claim a $125 check. Except too many people signed up, and the pot of money for those checks was just $31 million, coming out to about 21 cents per person.

Just one big bank executive went to jail after the 2008 financial crisis; financial institutions paid more than $300 billion in crisis-related fines, but collectively they made much more than that.

All this raises the question, are fines really the best punishment for holding corporations accountable?

Companies aren’t people, and you can’t put them in jail. You could put the executives that run them behind bars, but that doesn’t happen often. The main option these days is fines, and how well those work is debatable.

But it’s not hopeless. Experts say there are ways to make firms do better, including stomping out the cultural and structural issues that cause problems in the first place, implementing close monitoring after something does go wrong, and making sure accountability mechanisms are in place where they can be for the people responsible.

“As long as it is profitable to break the law, corporations, which are profit-maximizing entities by design, will continue to break the law,” said Sally Hubbard, director of enforcement strategy at think tank the Open Markets Institute and former assistant attorney general in New York state’s antitrust bureau.

Fining companies is tricky

At the current moment, one of the most common ways for a company to be penalized for wrongdoing is through fines. The problem is, a lot of the time, fines don’t work.

If a monetary penalty is big enough to affect the company’s bottom line or change the way it does business, it can be effective. But in many cases, it’s not, especially when it comes to multi-billion-dollar corporations. And fines ultimately get passed onto shareholders and workers, not company decision makers.

The penalty for wrongdoing in both civil and criminal cases is fines, and the damages through civil liability are generally bigger than those imposed under criminal liability. But the bigger the fine doesn’t always mean the more effective. There is evidence that criminal convictions and, in turn, fines, are more motivating for corporations, explained Mihailis Diamantis, a University of Iowa law professor who focuses on corporate crime and criminal theory. For a civil penalty, it’s easier to write it off as the cost of doing business. For a criminal penalty, there’s a reputational issue in play.

“There seems to be something about the stigma or the bad reputation or what have you that’s associated with a finding of criminality that seems to be particularly motivating, at least for some corporations,” he said.

The size of the fine doesn’t always make a big difference, especially in the case of big companies that have plenty of money to spare. Just look at Facebook — its stock price went up when investors found about the FTC fine.

Rohit Chopra, a Democratic commissioner who voted against the FTC’s Facebook decision, in his dissenting opinion, argued that the penalty was “less than Facebook’s exposure from its illegal conduct, given its financial gains” and said the settlement “lets Facebook off the hook” for some of its violations. He made a similar argument in his YouTube dissent and noted that the terms of the FTC’s penalty for the company illegally harvesting kids’ personal data “were not even significant enough to make Google issue a warning to its investors.”

In his YouTube dissent, Chopra also pointed out that the FTC has taken other action against smaller companies that broke the laws regarding children’s privacy that have been much more effective.

“When it comes to smaller offenders, the fines mean a lot more,” Hubbard said. “You actually need to go harder on the big guys, and it’s not a question of lack of authority, it’s a lack of political will.”

There are some caveats. Restitution — meaning a company paying for the harms it imposes — is important in helping victims of corporate misdeeds. Wells Fargo, for example, had a victims fund as part of its fake accounts scandal and settlement. And even with the big companies, regulators and courts could award huge amounts of money.

Under a 2011 agreement with the FTC over charges Facebook had deceived users regarding their privacy, the FTC could have penalized Facebook $40,000 per user per day for violating the agreement. That could have translated to trillions of dollars in this latest FTC settlement instead of $5 billion. At the very least, the number would have given the regulator more leverage.

“If the FTC was willing to wield the power that it has, what it would do is to say Facebook, we have the legal ability to fine you trillions of dollars unless you [agree to a certain set of conditions], because at that point, it’s a negotiation,” Hubbard said.

What could work

So if penalizing a company through fines isn’t always the best answer, what could be?

One perhaps obvious answer is to do more to target the individuals responsible. Companies can’t go to jail, but executives can. They can also lose their jobs and suffer financial damage for their misdeeds that they’re likely to care about more.

“If you want to deter, if you want to reduce criminal wrongdoing in corporations, then you would go after individual members of corporations much more vigorously and put a couple of individuals in jail for what they did wrong,” said John Hasnas, a law professor at Georgetown University.

Sen. Elizabeth Warren (D-MA) has proposed legislation that would increase the accountability of corporate leaders for their firms’ misdeeds, whether they personally approved of the actions within their companies that broke the law or not. Her bill would build on existing laws to include negligent executives of corporations with more than $1 billion in revenue and says that if they or their companies engage in bad behavior, they go to jail for a year. She has also previously proposed the Ending Too Big to Jail Act, which requires the CEOs of big banks to certify nothing illegal is happening under their watch and create a permanent investigative unit to look into financial crimes.

The idea behind both proposals is that it would make it easier to hold corporate executives accountable in the courts.

Diamantis warned that while government agencies and prosecutors targeting individuals would work well in an ideal world, it can be complicated. Because you’re dealing with organizations, it can be difficult to find out which individuals responsible for misdeeds and to gather sufficient evidence against them. And sometimes it’s not specific people who are the problem but instead organizational decay and a broader problem of the culture.

He said what he believes would be the best approach would be a type of probation for companies. Basically, a judge would set out certain terms a company would have to comply with over time. The corporation would have to fix itself. “You’d have a court-appointed monitor … and then you would have a plan of reform that the monitor is authorized to implement,” he said.

Some of these things have been tried out before, and even recently. Part of the FTC’s settlement with Facebook requires CEO Mark Zuckerberg to personally certify the company is protecting consumer privacy, which could make him more liable if Facebook screws up.

And some companies have managed to undertake organizational turnarounds and make themselves better. One such example is Siemens, a German engineering company that was fined $1.6 billion for using bribes to get contracts around the globe, has largely managed to restore its reputation and become a good corporate citizen. As the Wall Street Journal pointed out in 2011, it’s because of a lot of deliberate structural changes within the firm — it replaced board members and hired compliance officers, among other measures.

But change doesn’t come easily. Take a look at Uber, which in 2017 ousted its CEO amid concerns over its culture, including sexual harassment and discrimination, and deceptive business behavior. Prior to that, it had brought in former Attorney General Eric Holder to conduct an investigation into the ride-sharing company. Uber now has a new CEO and says it’s doing better, but problems persist — it continues to have a lot of labor issues, particularly with drivers, and it’s losing a ton of money.

“It’s so embedded in the culture that just by changing one leader or changing one rule is not going to do it,” said Robert Bies, a professor of management at Georgetown University. “It is embedded in how we think and how we look at the world.”

He pointed to Johnson & Johnson, which has faced lawsuits over claims asbestos in its talcum powder products cause cancer and over its role in the opioid epidemic, and to Boeing, which this year has been caught up in a scandal after its 737 Max 8 planes crashed twice. “When money overrode the mission and who you were serving, that’s a cultural shift that doesn’t come easily or quickly,” Bies said.

The takeaway: There is no one easy way to punish a company for wrongdoing. And it’s not just the government or prosecutors who make a difference — outside advocacy groups and consumers can also push companies to do better. Still, it’s a formula we haven’t figured out yet. The next corporate scandal is around the corner, we just don’t know what it is yet.