But what are the current hot topics in compliance for SMEs? That is precisely the subject of the second part of our recently published study "Compliance - Brennpunkte im Mittelstand", which we again published in conjunction with the Institut der Frankfurter Allgemeine Zeitung (F. A. Z.-Institut).

One in five companies has been involved in compliance violations over the past two years. The considerable amounts of damages are sobering. According to the empirical survey conducted in the first part of the study, which involved 447 decision-makers from large and medium-sized enterprises, 42% of the companies involved suffered damage of more than EUR 100,000, and almost half of them suffered damage of more than EUR 50,000 as a result of compliance violations.
99% of the large companies surveyed and 80% of medium-sized companies identified compliance risks as essential. IT security and data protection remain among the top ten compliance risks (94% and 95% respectively). The compliance risks identified in this area are being spurred on by the Basic Data Protection Ordinance, which will go into force on 25 May 2018.
Considerable risk potential is also attributed to tax law: In the autumn of 2016, 82% of the companies surveyed identified tax law as an important area of compliance action; and the figure has now risen to 85% - the greatest risks are still seen in the area of transfer pricing and value added tax. In particular, since the BMF's report of 23 May 2016 on Section 153 of the German Tax Code, companies need to take immediate action. In that report, the tax authorities state that an internal tax control system can exonerate companies from an accusation of negligent tax evasion in individual cases.
And the pressure to act continues to increase, especially in the international arena: registered companies can enjoy procedural advantages in connection with the reform of the VAT Directive if they have implemented a system. In addition, with effect from 30 September 2017, a new Criminal Finances Act 2017 has entered into force in the United Kingdom, which can also have a significant impact on German companies. This impact can only be avoided if preventive measures are implemented that essentially correspond to the basic elements of a compliance management system in accordance with the specifications of the German Institute of Public Accountants (IDW PS 980).
More than half of the large companies already have a tax compliance management system in place; however, there is an urgent need to catch up in medium-sized companies: only 6% have already implemented one. However, once companies have looked into the matter, the study shows that the urgency to take appropriate compliance measures is then recognized. In practice, Ebner Stolz can assist affected companies with a specially developed tax compliance tool to identify, weight and minimize risks in the tax area.
It is rather rare for SMEs to have their own compliance departments. Only 45% of the companies surveyed in this segment have one. As a result, SMEs generally lag significantly behind in the implementation of compliance measures. While around 91% of large companies have already introduced compliance guidelines, only 66% of small and medium-sized companies have a set of regulations in place. 73% of the large companies have introduced an enterprise-wide compliance management system, compared with only 27% in the SME segment. Small and medium-sized companies often lack only one small step: often there are already effective structures on a small scale that can only be adapted, integrated or updated. Moreover, a comprehensive compliance management system is not necessarily required for every SME; appropriate structures in departments with high risk potential, such as the tax department or procurement, may suffice.
Conclusion
Compliance precautions not only help to minimize risks; they also provide efficiency advantages in companies - and help them to build a better reputation.