de en
Nexia Ebner Stolz


Compliance – Hot Topics for SMEs

Com­pa­nies have to cope with more strin­gent re­gu­la­ti­ons. This ap­plies equally to large cor­po­ra­ti­ons and to SMEs. The to­pic of com­pli­ance has also long since re­ached SMEs, as shown in the first part of our study "Com­pli­ance – Hand­lungs­op­tio­nen im Mit­tel­stand" publis­hed in the au­tumn of 2016.

But what are the cur­rent hot to­pics in com­pli­ance for SMEs? That is pre­ci­sely the sub­ject of the se­cond part of our re­cently publis­hed study "Com­pli­ance - Brenn­punkte im Mit­tel­stand", which we again publis­hed in con­junc­tion with the In­sti­tut der Frank­fur­ter All­ge­meine Zei­tung (F. A. Z.-In­sti­tut).

Compliance – Hot Topics for SMEs© Thinkstock

One in five com­pa­nies has been in­vol­ved in com­pli­ance vio­la­ti­ons over the past two years. The con­side­ra­ble amounts of da­ma­ges are sobe­ring. Ac­cor­ding to the em­pi­ri­cal sur­vey con­duc­ted in the first part of the study, which in­vol­ved 447 de­ci­sion-ma­kers from large and me­dium-si­zed en­ter­pri­ses, 42% of the com­pa­nies in­vol­ved suf­fe­red da­mage of more than EUR 100,000, and al­most half of them suf­fe­red da­mage of more than EUR 50,000 as a re­sult of com­pli­ance vio­la­ti­ons.

99% of the large com­pa­nies sur­veyed and 80% of me­dium-si­zed com­pa­nies iden­ti­fied com­pli­ance risks as es­sen­tial. IT se­cu­rity and data pro­tec­tion re­main among the top ten com­pli­ance risks (94% and 95% re­spec­tively). The com­pli­ance risks iden­ti­fied in this area are being spur­red on by the Ba­sic Data Pro­tec­tion Or­di­nance, which will go into force on 25 May 2018.

Con­side­ra­ble risk po­ten­tial is also at­tri­bu­ted to tax law: In the au­tumn of 2016, 82% of the com­pa­nies sur­veyed iden­ti­fied tax law as an im­port­ant area of com­pli­ance ac­tion; and the fi­gure has now ri­sen to 85% - the grea­test risks are still seen in the area of trans­fer pri­cing and va­lue ad­ded tax. In par­ti­cu­lar, since the BMF's re­port of 23 May 2016 on Sec­tion 153 of the Ger­man Tax Code, com­pa­nies need to take im­me­diate ac­tion. In that re­port, the tax aut­ho­ri­ties state that an in­ter­nal tax con­trol sys­tem can exo­ne­rate com­pa­nies from an ac­cu­sa­tion of ne­gli­gent tax eva­sion in in­di­vi­dual ca­ses.

And the pres­sure to act con­ti­nues to in­crease, es­pe­cially in the in­ter­na­tio­nal arena: re­gis­te­red com­pa­nies can enjoy pro­ce­du­ral ad­van­ta­ges in con­nec­tion with the re­form of the VAT Di­rec­tive if they have im­ple­men­ted a sys­tem. In ad­di­tion, with ef­fect from 30 Sep­tem­ber 2017, a new Cri­mi­nal Fi­nan­ces Act 2017 has en­te­red into force in the United King­dom, which can also have a si­gni­fi­cant im­pact on Ger­man com­pa­nies. This im­pact can only be avo­ided if pre­ven­tive mea­su­res are im­ple­men­ted that es­sen­ti­ally cor­re­spond to the ba­sic ele­ments of a com­pli­ance ma­nage­ment sys­tem in ac­cor­dance with the spe­ci­fi­ca­ti­ons of the Ger­man In­sti­tute of Pu­blic Ac­coun­tants (IDW PS 980).

More than half of the large com­pa­nies al­re­ady have a tax com­pli­ance ma­nage­ment sys­tem in place; howe­ver, there is an ur­gent need to catch up in me­dium-si­zed com­pa­nies: only 6% have al­re­ady im­ple­men­ted one. Howe­ver, once com­pa­nies have looked into the mat­ter, the study shows that the ur­gency to take ap­pro­priate com­pli­ance mea­su­res is then re­co­gnized. In prac­tice, Eb­ner Stolz can as­sist af­fec­ted com­pa­nies with a spe­cially de­ve­lo­ped tax com­pli­ance tool to iden­tify, weight and mi­ni­mize risks in the tax area.

It is ra­ther rare for SMEs to have their own com­pli­ance de­part­ments. Only 45% of the com­pa­nies sur­veyed in this seg­ment have one. As a re­sult, SMEs ge­ne­rally lag si­gni­fi­cantly be­hind in the im­ple­men­ta­tion of com­pli­ance mea­su­res. While around 91% of large com­pa­nies have al­re­ady in­tro­du­ced com­pli­ance gui­de­lines, only 66% of small and me­dium-si­zed com­pa­nies have a set of re­gu­la­ti­ons in place. 73% of the large com­pa­nies have in­tro­du­ced an en­ter­prise-wide com­pli­ance ma­nage­ment sys­tem, com­pa­red with only 27% in the SME seg­ment. Small and me­dium-si­zed com­pa­nies of­ten lack only one small step: of­ten there are al­re­ady ef­fec­tive struc­tures on a small scale that can only be ad­ap­ted, in­te­gra­ted or up­dated. Mo­re­over, a com­pre­hen­sive com­pli­ance ma­nage­ment sys­tem is not ne­ces­sa­rily re­qui­red for every SME; ap­pro­priate struc­tures in de­part­ments with high risk po­ten­tial, such as the tax de­part­ment or pro­cu­re­ment, may suf­fice.


Com­pli­ance pre­cau­ti­ons not only help to mi­ni­mize risks; they also pro­vide ef­fi­ci­ency ad­van­ta­ges in com­pa­nies - and help them to build a bet­ter re­pu­ta­tion.

back to top