Compliance in SMEs has been a long-running issue in the media for years. Despite this, not all SMEs have adequate compliance structures in place yet. This is shown by the recent study "Compliance – Focal points in SMEs", which was commissioned by the auditing and consultancy company Ebner Stolz in conjunction with the Frankfurter Allgemeine Zeitung Institute (F.A.Z. Institute).
In the second half of 2017, Frankfurt Business Media conducted an exclusive online survey of 447 decision makers from the first and second management level in medium and large companies on the focal points of compliance activities. The sobering result was that one in five companies had to deal with compliance violations in the past two years – in some cases involving quite significant amounts of loss.
In all, 42 percent of companies affected by compliance violations valued their losses at over € 100,000; in more than half of companies losses were € 50,000 or more. Nevertheless 99 percent of large companies questioned and 80 percent of SMEs rated compliance risks as being significant to them. The ranking list of compliance risks identified in the companies was headed by the areas of IT security with 94 percent and data protection with 95 percent. This was no change from the previous study published in the autumn of 2016. This high risk rating is boosted by the General Data Protection Regulation (GDPR) that will come into force in May 2018. Whether companies have autonomous compliance departments depends on the size of the company. According to the study results, 91 percent of large companies maintain specialist compliance departments. In SMEs, fewer than half of the companies questioned have such a department. SMEs are also lagging behind when it comes to implementing specific compliance measures.