Adapt your SAP authorisation concept to S/4HANA

S/4HANA is SAP’s next-generation business suite that is built on SAP’s proprietary operational database system and in-memory computing platform called SAP HANA. S/4HANA is intended to be easier to use and administer while helping to solve more complex problems and handle vastly larger amounts of data than ist predecessors. S/4HANA is available in on-premises, cloud and hybrid deployment models.

With the release of S/4HANA SAP consolidates the integration and harmonisation of functionalities and processes and further reduces barriers between SAP modules facilitating system integration. New technologies, such as Fiori, enhance the user interface for both desktop and mobile devices. The in-memory HANA database lets you collect, store, and process high volumes of operational and transactional data in real time.

Implementation of S/4HANA will affect your current environment, and not just technologywise because processes are also subject to change. Both – the new technology and the change in processes – will result in new requirements for your current authorisation concept. Whereas parts of your existing authorisation concept can be easily transformed and implemented 1:1 in the SAP S/4 HANA system, other parts need to be changed and adapted to meet the new requirements.

PwC has a proven track record in Switzerland and globally in implementing and transforming SAP authorisation models in the SAP S/4HANA environment. Our GRC Technology Team in Switzerland led and executed the authorisation implementation part of the ninth S4/HANA implementation worldwide from the authorisation concept, to implementation and operation. Our experts have the required skill-set, tools, techniques and experience to discuss your challenges with you, and to actively support you throughout the whole project.

Download the PDF by clicking the image below:

Please contact our team for more details:

Dominik Götz
Senior Manager
+41 58 792 28 93

Erik Trouillet
+41 58 792 23 64

Changes to legislation governing Swiss VAT liability

Swiss VAT law places new obligations on foreign companies

The partial amendment to the Federal Law on Value Added Tax (VAT law) will impact companies not established in Switzerland from 1 January 2018. Businesses which are not based in Switzerland but provide supplies vis-a-vis Switzerland may be liable to pay Swiss VAT. This will apply in instances where a foreign company generates turnover in Switzerland, in other words in cases where Switzerland is the place of supply for the purposes of VAT. The following information outlines the VAT situation in Switzerland today and in the near future.

Download the full report here.

If you have any questions, please get in touch your usual PwC contact person or our expert

Julia Sailer
Leader VAT compliance Switzerland
Tel. +41 58 792 44 57

Additional Languages for this report


Enhanced auditor’s report: towards trust and transparency

The new auditor’s report required by Swiss legislation is designed to be more informative and insightful, and give the stakeholders of reporting entities greater assurance. We at PwC welcome the new reporting requirements as an opportunity to unlock the ‘black box ’of what we actually do as auditors and increase trust in our role.

We also realise, though, that the new reports and their potential impact on governance have to be discussed and understood – not only by the auditors who produce them, but by reporting entities and their stakeholders, from shareholders to regulators. For this reason we’ve produced a short flyer explaining the major changes and their implications, including a commented overview of the structure of the new report.

You can read the flyer via the link below. Feel free to contact us if you’d like to discuss the new auditor’s report and its implications in more detail.

Download flyer


The IDD implementation taking a clearer shape: latest EIOPA publications

The Insurance Distribution Directive was published in the Official Journal of the European Union in February 2016.

It will be transposed into law of the EU Member states by 23 February 2018.
The IDD applies to a wide group of insurance and reinsurance distributors and introduces a set of extended and new requirements around the oversight, governance and distribution of insurance products.
Affected firms will need to be compliant with the requirements from that date.

Read the Flyer

Please do not hesitate to contact us.

Philip Kirkpatrick
Insurance Risk and Regulatory Leader
+41 58 792 23 61

Nadejda Groubnik
Insurance Regulatory &
Compliance Services
+41 58 792 24 52

Robert Borja
Insurance Risk Assurance Leader
+41 58 792 29 56

Are large-scale transformation initiatives doomed by default?


Against a backdrop of ubiquitous change, successful transformation is essential for survival in a highly dynamic and competitive environment. However, there is overwhelming evidence that most such initiatives end in some degree of failure. We examine the trends and forces driving these processes and the factors crucial to their success.

Read more …

Europe knows all about your VAT transactions – Do You?

There are headlines most weeks, if not days, telling us all about the different European jurisdictions where submission of transactional VAT data is mandatory. What frustrates me is that these stories tend to recycle the number of EU states who have mandatory regimes, without explaining which countries they are talking about, or which regulatory submission.

“There are 6 EU SAF-T states, but 2 also have an e-audit regime” is one of the most frequently recurring. However, I have seen articles claiming 9 or 10 transactional eFiling territories. Having gone back to the individual EU/EEA countries concerned to look at the legislation, I suggest that there are actually at least 14 countries across Europe who are (or will be by 1 July) collecting and analyzing this data.

Traditional VAT/SAF-T

Austria, France, Lithuania, Luxembourg, Poland & Portugal all have existing SAF-T based eFiling regulations for VAT transactional data. With Norway joining them this year, we have 7 SAF-T territories in Europe / EEA.

SAF-T has historically been used to provide more detailed, transactional, data about VAT subsequent to the filing of quarterly or monthly summary form-level data.

Invoice Approval or Submission

A second group of countries require the submission of Invoice data, either in real-time or following on shortly after the event. Czech Republic & Slovak Republic have long-standing regulations here, and Italy, Hungary & Spain join them this year. Italy from 1 January, Hungary & Spain from 1 July. That gives us 5 more territories.

You can debate the point whether each submission standard in this category is SAF-T or not; I’m not that concerned about what you call it. I am grouping these on the basis that the regulation comes from Invoicing, rather than VAT.


The Benelux countries have, for a number of years, shared cross-border VAT information within a project called Transactional Network Analysis, to identify and prevent Carousel Fraud.

Public statements have suggested that up to 10 countries are a part of the TNA group, but only the Benelux 3 are clearly identified. Luxembourg is a part of our Traditional VAT/SAF-T group, but we can definitely add Belgium & Netherlands to our list of EU states collecting sufficient transactional data sufficient to perform analytics. The others may be part of our SAF-T or Invoice groups, but we cannot be certain.

Data Analytics

With these regulatory submissions, the authorities have detailed submissions about each individual transaction; that’s as much information as your own organisation holds on those transactions. They also have large, and growing, data analytics groups of their own.

If your organisation is not performing data analytics on your own VAT & Invoice data, it will not be long before the regulators are asking you questions that you do not want to hear; they can compare your data with all the other data they collect, and exchange, and know more about your companies data than you do!

Swiss-US Privacy Shield: New Framework for the Transfer of Data to the USA

The so-called Swiss-US Privacy Shield replaces the Safe Harbor Agreement between Switzerland and the USA. The agreement establishes a new regulatory framework for the transmission of personal data from Switzerland to certified companies domiciled in the US. The same standards will apply for Swiss transfers of personal data to the USA as for data transfers from the EU.

Swiss data protection legislation stipulates specific requirements for the transfer of personal data abroad. They protect the personality and the rights of the data subjects concerned. However, the US is not deemed to provide an adequate level of data protection in terms of Swiss law. Swiss companies therefore have to take specific measures to safeguard personal data when it is transferred to the US.

Until recently, Swiss companies could rely on the Swiss-US Safe Harbor Agreement. After the Court of Justice of the European Union declared the EU-US Safe Harbor Agreement invalid, the Swiss Federal Data Protection and Information Commissioner (FDPIC) put the Swiss-EU Safe Harbor Agreement into question.

In August 2016, the EU and USA put into place a successor agreement, the EU-US Privacy Shield. Switzerland also entered into negotiations with the USA, which resulted in the Swiss-US Privacy Shield.

Enhancing the Application of Data Protection Principles, New Tasks for the FDPIC
The agreement is expected to substantially improve the position of those concerned by personal data transfers. The application of data protection principles by participant companies should be enhanced, as should the management and supervision of the framework by the US authorities. Cooperation between the US Department of Commerce (DOC) and the Federal Data Protection and Information Commissioner (FDPIC) should be intensified. The persons concerned are being given specific instruments to enable them to find out about data processing directly from certified US companies or the competent authorities, and to ensure that any required corrections or deletions are made. For example, the FDPIC will act as a point of contact for persons in Switzerland in the event of any problems in connection with the transfer of data.

Same Conditions as in the EU for the Transmission of Personal Data to the US
The new regulatory framework corresponds to the solution adopted by the USA and the EU and implemented within the European Economic Area (EEA) – the EU-US Privacy Shield. The similarity is highly significant, as it guarantees the same framework conditions for persons and businesses in Switzerland and the EU/EEA area in relation to transatlantic data flows. The same standards therefore apply for Swiss personal data transfers to the USA as for data transfers from the EU. This increases legal certainty in commercial transactions and reduces additional costs for the economy.

Need for Action for Companies
US companies can start the certification process with the DOC three months after the finalization of the agreement. Interested US companies are advised to obtain a Privacy Shield Certificate from the DOC. Swiss companies should make sure that their US partners possess such a certificate. These conditions are essential for Swiss companies to submit personal data to the US without requiring additional contractual guarantees. Furthermore, companies should review their current contractual basis for data transfers to the US and adapt it to the Swiss-US Privacy Shield where required.

Greece introduces Voluntary Disclosure Programme

On 21 December 2016 a Voluntary Disclosure Programme (VDP) for undeclared income of previous years has been introduced in Greece through Law 4446/2016 (for prior coverage please refer to our blog). The VDP applies to both individuals and legal entities and requires the filing of standard tax returns for all non-declared tax objects. The application of the VDP ensures in principle that no other administrative and/or criminal penalties would be imposed to the taxpayer regarding the tax infringements restored by the VDP.

A decision of the General Secretary of State is still required to be issued for clarifying procedural and practical matters. Please read the analytical Newsalert from PwC Athens.

PwC has a specially dedicated team of experts dealing with the above voluntary disclosure allowing for a swift and cost efficient processing.

For more details, please contact:

Dr.Marcel Widrig
PwC, Partner
Anna-Maria Widrig Giallouraki
PwC, Senior Manager
Thomas Grossen
PwC, Assistant

Greece: Voluntary Disclosure Program: Bill approved by Parliament

On 21 December 2016 the bill with title “Ptoxeftikos Kodikas, Dioikitiki Dikaiosyni, Teli-Paravola, Oikiothelis apokalypsi forologiteas ylis parelthondon eton, ilektronikes synallages, tropopoiisseis tou N. 4270/2014 kai loipes diataxeis” was voted by the Greek Parliament.

The final text is, apart from some small changes predominantly referring to the timing of payment of the tax, basically unchanged compared to the draft bill. Please refer to our blog dated 14 December 2016.

The bill still needs to be published in the Government Gazette.

A more analytical Newsalert will follow shortly.

PwC has a specially dedicated team of experts dealing with the above voluntary disclosure allowing for a swift and cost efficient processing.

For more details, please contact:

Dr.Marcel Widrig
PwC, Partner
Anna-Maria Widrig Giallouraki
PwC, Senior Manager
Thomas Grossen
PwC, Assistant

Greece: Voluntary Disclosure Programm: Draft Bill submitted to the Parliament

On 12 December 2016 the draft bill with title “Ptoxeftikos Kodikas, Dioikitiki Dikaiosyni, Teli-Paravola, Oikiothelis apokalypsi adiloton eisodimaton, ilektronikes synallages, tropopoiisseis tou N. 4270/2014 kai loipes diataxeis” was submitted to the Greek Parliament.

This draft bill also includes provisions on the voluntary disclosure of undeclared taxable income. As preliminary remarks (subject to the finalisation of the bill and/or further clarifications from the Ministry of Finance), the key points for Greek tax residents with undeclared income in Greece and/or abroad can be summarised as follows:

  • Greek taxpayers will have the possibility to legalise income which has been so far undeclared or not duly/accurately declared (legalisation process called for simplification purposes “Voluntary Disclosure Program” VDP)
  • This VDP can cover income for which the obligation to file the initial tax return had elapsed up to 30 September 2016
  • The legalisation will be done by way of submission of tax returns (by hand or electronically) by 31 May 2017. The tax due is in principle payable within 30 days from the submission of the tax return.
  • The amount of main tax due by the taxpayer within the VDP will depend on the year when the income needed to be declared, and the tax due will be calculated based on the applicable tax scale.
  • In addition to the main tax based on scale, an additional tax of 10% (of the main tax due) is levied. This additional tax can be reduced to 8% in case the tax return is submitted earlier, up to 31 March 2017.
  • The additional tax of 8% or 10% is then re-adjusted based on a specific table, depending of the calendar year in which the deadline for submission of the initial tax return had elapsed. The older the year, the higher the readjustment rate (e.g. for years prior to 2002 the readjustment rate of the additional tax is 25% while for years after 2010 the readjustment rate of the additional tax is 0%).
  • The additional tax can then be further increased depending on whether the taxpayer has an open tax assessment and its stage in the process.
  • For amounts declared under the above VDP no further penalties or criminal prosecution for tax evasion will be imposed.

PwC has a specially dedicated team of experts dealing with the above voluntary disclosure allowing for a swift and cost efficient processing.

For more details, please contact:

Dr.Marcel Widrig
PwC, Partner
Anna-Maria Widrig Giallouraki
PwC, Senior Manager
Thomas Grossen
PwC, Assistant