Wells Fargo CEO John Stumpf will tell you his company had tone at the top. As its problems with “phantom” accounts persisted for years, it promoted its values and repeatedly urged employees to do the right thing. But the Wells Fargo board just revoked $41 million of Mr. Stumpf’s equity awards. The board set up a new independent investigation, which will further distract management, and which is so independent that Mr. Stumpf will receive no salary while it continues.

Tone is nice. Incentives aligned with ethical – and profitable – conduct could have been better. What can your business learn from Wells Fargo’s experience?

Aggressive cross-selling was an imperative from the top. Front line employees had to open accounts to meet their – and their bosses’ – sales targets and to earn their – and their bosses’ – incentive compensation.

Wells Fargo employees opened 2 million or so fake accounts. Customers lost money, endured hassle and possibly had credit scores cut. As Holman Jenkins points out in The Wall Street Journal, Wells Fargo itself lost money. It incurred the expense of opening and closing millions of accounts on which it made no profit. Like much illegal activity by employees, these “bad acts” were a dead weight loss for the bank.

Yet, when the government announced $185 million in fines, Wells Fargo initially insisted that its sales incentives had nothing to do with the bad behavior. Its manuals and memos required that accounts be opened properly. Then came press reports on sales meetings in which executives told employees not to cheat customers, immediately followed by instructions from supervisors to ignore what was said in the meeting and to do “whatever it takes” to get accounts open.

After fines, bipartisan outrage from Senators, and the opening of multiple criminal investigations, Wells Fargo is now cutting incentives and suspending much of its famous cross selling.

Is that the right response? Is it possible to align incentives with business results?

People respond to incentives. If you incentivize accounts, you get accounts. Wells Fargo evidently failed to incentivize compliance and profitable accounts, and didn’t have negative incentives, especially for executives. So manuals, memos, and visits from Corporate were its only tools to convince employees to open legitimate (and potentially profitable) accounts.

Employees don’t care what “suits” from Corporate say – they care what their bosses want. What were the bosses’ incentives? Was there a reward for managers whose teams had few unauthorized accounts? Did executives whose teams opened “bad” accounts lose compensation? In principle, the sanction for bad behavior was termination, but people were also fired for failing to meet their sales goals.

Making matters worse, employees who tried to point out the perverse incentives were branded as negative or not team players. There was evidently no channel through which Mr. Stumpf or the board could learn that the imperative of cross-selling more accounts was leading to trouble. Many new lawsuits are claiming retaliation.

To manage your company’s risks effectively, calibrate incentives for both the ends and the means. Include negative incentives. Involve and empower someone who understands compliance risks to be influential at the most senior levels. Then apply incentives consistently to compliance and other business risks — and make sure they stick all the way up the chain of command.

Finally, build a culture that welcomes and pays attention to challenges. As I’ve written elsewhere, it’s easy to deride anyone who questions imperatives from the top, thus missing chances to correct mistakes before they become disasters.

If you can do these things, you can enhance profitability and dramatically reduce your risk of quality time with regulators, prosecutors and Senators.