The last installment of our three-part series on strategies to minimize the costs of upcoming Conflict Minerals Report (CMR) audits required under the SEC final regulation. Each installment focuses on one strategy.
Our short series of articles explores ideas for reducing the cost of the CMR audit. This final article focuses on the third cost reduction strategy – defining the due diligence process. Fair warning – this discussion gets deep into the weeds of the regulation and the OECD 5 Step framework.
As a quick reminder, recall that SEC narrowly focused the CMR audit by establishing the specific two-part audit objective, and clarifying that “the final rule does not require an audit of the entire Conflict Minerals Report” (p. 56329). The CMR audit is to cover the elements of the CMR that describe the due diligence activities – nothing more1.
Clearly, it is critical to clearly define/delineate how due diligence activities relate to – and contrast from – other activities.
Isn’t Due Diligence the OECD 5-Step Framework?
The default response to the question of “what is conflict minerals due diligence?” is the OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High Risk Areas and the associated supplements. This document is frequently referred to as “the OECD Due Diligence Framework” or the “OECD 5-Step Framework” in reference to the five-step conceptual design outlined in the document. SEC referred to the OECD framework in the preamble to the final regulation, acknowledging that it “satisfies our criteria and may be used as a framework for purposes of satisfying the final rule’s requirement” (p. 56326). Indeed, at the time of rule’s adoption, the OECD document was the only such framework (p. 56281).
So there it is.
Or is it? Must a company’s due diligence process, along with the description of it in the CMR (which defines the boundaries and cost of the CMR audit) contain all five steps?
We think not, and this graphic illustrates our views.
Statements made by SEC and OECD support the position that some steps of the OECD framework align with SEC regulatory elements other than due diligence. Among the more significant:
- Risk identification (OECD Step 2) is part of the RCOI (SEC Step 2) (p. 56312)
- Policy development (OECD Step 1) is part of RCOI (SEC Step 2) (p. 56312)
- RCOI precedes – and determines the necessity for – “further work outlined in the OECD guidance – due diligence”, indicating that the OECD 5-step process includes more elements than just due diligence. (p. 56312)
- Due diligence processes are not prescriptive, are intended to be flexibly implemented, may differ between companies and even between minerals within the same company (p.56326; OECD p. 14 and Annex I, P. 16).
The OECD Cycle 3 Report also bears out these, and other, supporting points.
Perhaps not everyone will agree with this interpretation. But we believe that for many, it will make sense and help manage CMR audit costs.
Setting It Up
Once a company has reviewed the facts and circumstances and decides to move forward in this manner, the next question is how to proceed and/or prepare. We don’t think this needs to be complicated, burdensome or require significant changes in processes/systems already underway.
We use this analogy: visualize the OECD 5-step framework as separate tabs in a 3-ring binder. Removing the Steps 3 and 4 tabs and placing them in a separate binder labeled “Conflict Minerals Due Diligence” establishes the distinct scope of the due diligence process and by definition, the CMR audit. The original binder can be appropriately labeled “Conflict Minerals Management Systems, Risk Assessment/RCOI and Reporting” – or similar descriptive terms. Just don’t call it “Due Diligence”.
Now place relevant documentation behind the appropriate tabs in the correct binders. As a front page for each tab, consider adding a short description of each element, how it relates to the other elements and due diligence, maybe even using a diagram. Do the same for the stand alone due diligence binder to clearly illustrate the distinction between it and the others. The summary description may even form the basis for the CMR due diligence description.
Again, keep in mind that the CMR audit should focus only on the elements of the CMR that describe the due diligence activities. Emphasize clarity in these explanations as that will help the CMR auditor understand the program element boundaries and ease the audit process. As mentioned in the previous article, companies need to ensure they select qualified auditors with appropriate expertise so that the delineation of the processes is understood.
What about Step 4?
OECD Step 4 is the audit of the due diligence practices of the smelters/refiners themselves. It is well established that both OECD and SEC support use of industry initiatives such as iTSCi and EICC’s Conflict Free Smelter (CFS) program to conduct the smelter/refiner audits2. For downstream companies in particular – as OECD made clear in the diagram on page 20 of the Cycle 3 report – Step 4 is about supporting the development and implementation of third party audits.
But in our view, the connection between the smelter audits and the due diligence “binder” is not about conducting, participating in or directly supporting smelter/refiner audits as that may not be reasonable or appropriate given the company’s place in the supply chain. We think the relationship between due diligence and Step 4 centers on if or how the company uses smelter/refiner audit information within its risk mitigation/response strategy and decisions.
Under this interpretation, the company’s due diligence process and explanation thereof in the binder and CMR report would identify the third party audit scheme relied on by the company (e.g., EICC CFS), and describe how the company uses that information. The CMR audit would not assess the smelter/refiner audits themselves, but as defined within SEC’s stated CMR audit objective, would instead compare the CMR’s description of the smelter/refiner audit information use with the way the company actually makes its risk mitigation decisions.
Are We Done Yet?
In our three articles, we presented ideas to consider in managing the costs of complying with the CMR audit requirement when such an audit is triggered. Some of our commentary may be considered controversial and there may not be general consensus on them. Over time, other ideas and interpretations will likely emerge that reinforce, supplement or supersede these. We will attempt to offer commentary as we become aware of these developments, and invite others to engage in the discussion.
1 Although to be precise, auditor guidance for the GAO audit standards is in development to help auditors interpret when or if conformance to Attestation/Performance Audit standards require what some may perceive as scope expansion.
2 Others include gold audits under Responsible Jewelry Council (RJC) and London Bullion Marketers Association (LBMA), both of which have obtained mutual recognition status with EICC. The tungsten industry’s Conflict Minerals Council was launched very recently; it is unclear at this time how that initiative aligns with Step 4.
These articles represent views, observations and opinions of The Elm Consulting Group International LLC/Elm Sustainability Partners LLC and are not to be construed as legal advice, nor should they be relied on without appropriate business and legal reviews.