Management often has negative associations with the term "compliance." At the same time – most recently since the serious compliance violations at such companies as Siemens, Telekom, ADAC and Volkswagen – the anxiety over substantial incidents in the area of compliance runs deep among business leaders: there is a threat of major consequences for both the company and the individual. Compliance is thus an issue not only for major (DAX index) corporations, but also for the Mittelstand. According to a study done by Ebner Stolz in conjunction with the F.A.Z. Institute and Forsa, a public opinion polling center, for the Mittelstand, the highest priorities connected with compliance are conformity with the law and the avoidance of liability. Increasingly, the Mittelstand is also aware that compliance can offer additional advantages. At the top of that list are augmented security at 90%, increased transparency at 88%, and improved reputation at 78%. As Dr. Uta-Maria Ohndorf, Managing Director at Roche Diagnostics in Belgium, a participant in our study, reported, her own experience is that good compliance produces confidence, and not just in a financially tangible way; it also affords a clear competitive advantage in the marketplace.
In which areas is the introduction of compliance structures most important for the Mittelstand? Most frequently mentioned in this regard were data protection at 98% and IT security at 92%, closely followed by employment law and tax law (at 86% and 82%). This is no surprise: according to our assessment, the tax authorities are well equipped for audits and use auditing software to systematically analyze the data in the operational accounting system. Steffen Demuß, Director of Taxation and Compliance for copier manufacturer König & Bauer AG, confirms our own observations and, as part of our study, explains how a Tax Compliance Management System at König & Bauer looks. Sönke Gooß, CFO of edding AG, adds that auditors pay particular attention to volume taxes, sales taxes, wage taxes and transfer pricing.
How does the Mittelstand put compliance requirements into action internally? These companies take a far more casual attitude than major corporations. Thus, comprehensive compliance management systems are present in less than one-half of such companies. Instead, individual measures instituted by management or division directors are most common. This is justified by the structure of the Mittelstand, with its flat hierarchies and direct channels of communication: compliance measures can be phased in gradually in individual modules, according to the degree of risk. Smaller Mittelstand companies in particular have recognized that they are lagging behind. Fifty-eight percent of such companies have indicated that investments in compliance will rise in the future.
With respect to introducing compliance structures, those companies that have clearly defined procedures have the advantage. According to Dr. Ulrich Schulz, Executive Director for Compliance at CORPUS SIREO, a participant in our study, in such cases, these procedures can simply be expanded to show where image issues, value streams and liability risks exist.
Compliance structures can be implemented better when the correct resources are used. Depending on the size of the company, these may include Excel spreadsheets, document management systems, or comprehensive compliance management systems. As Detlef Bräuer, Director of Operations for SER Solutions Deutschland GmbH, explained to Peter Ringbeck, Director of IT and Organization for DG HYP in Hamburg, in a talk about implementing a document management system, using appropriate resources makes procedures simpler and more efficient for employees and easier for auditors to reconstruct.
The Mittelstand cannot avoid censure for negligent or even intentionally improper transactions (the latter can exist even in the case of “tacit acceptance”) simply by introducing compliance structures. As the Federal Ministry of Finance announced in a recent letter, an internal tax control system can be one indicator negating the presence of intent or negligence. But compliance structures and guidelines must not be reduced to a “paper tiger.” Rather, the tone for compliance must be set “from the top.” Ulrich Rothfuchs, a compliance officer at DEKRA, regards compliance as a management function, since communication, authenticity and credibility are critical to determining whether people will get the message. Once the message is received, control measures can return to the background.