Part II of a Two Part Series
The Dodd-Frank Act put Consumer Protection into the headlines with the creation of the Consumer Financial Protection Bureau (CFPB), triggering a large restructuring of consumer financial laws and regulations. However, not all parts of Dodd Frank deal with the marketing practices of financial services companies. Dodd-Frank is the shortened name of the , and contains significant provision related to corporate governance. While the financial and capital provision are getting the headlines in the finance boardrooms; compliance teams in many publicly traded companies are preparing for initial Securities and Exchange Commission (SEC) filings related to Section 1502 of Dodd-Frank Act related to Conflict Minerals.
Conflict Minerals Basics: Finding 3TG
As I discussed in my previous blog, conflict minerals are natural resources extracted in a conflict zone and sold to perpetuate the fighting, conflict, or human rights violations. The concept is broad, due to the nature of international trade and the nature of monitoring the sourcing of conflicts across a vast spectrum of specific countries. In the case of Dodd-Frank, conflict minerals are defined as cassiterite, columbite-tantalite, gold wolframite, and their derivatives which are limited to tin, tantalum, and gold (“3TG””.)
Compliance program maturity of the supply chain varies across industry sectors – based on the pervasiveness of metals in the manufacturing process. Minerals are sourced not only by technology companies, but many manufacturers of products in today’s marketplace. While “mining” may sound like an antiquated fulfillment process in today’s digital age, the reality is that 3TG minerals can be used in many everyday consumer products including: hearing aids, pacemakers, GPS, mobile phones, fishing weights, cosmetics, dart tips and golf club heads. Even the vibration from your ubiquitous cell phone can be derived from a 3TG mineral.
The corporate governance changes driven by Section 1502 require full transparency for certain manufacturers to provide assurance if 3TG minerals are present in their products and to audit their supply chains and report conflict minerals status for sourcing from the Democratic Republic of the Congo, and adjoining countries (“Covered countries”) which are in scope for Dodd Frank. The objective is to confirm if the sourcing of the minerals directly or indirectly financed or benefited armed groups in the Covered Countries.
What is Required?
Under Dodd-Frank, companies would be required to submit an annual conflict minerals report to the SEC if they either (1) Are required to file reports with the SEC under the Exchange Act of 1934 and (2) if conflict minerals are necessary to the functionality or production of a product that they manufacture or contract to be manufactured. That sounds simple, but the reality is far from simple, and creates a sourcing complexity for supply chain management.
The reporting requirements trigger the organization to have conducted a thorough review of their products and process, including the controls within the manufacturing process. U.S. manufacturers may determine they are in scope if they have obvious 3TG in a product that meets the necessary to the functionality definition, but they also can be affected based on how they outsource or source the manufacturing of a product. If the manufacturer exerts influence over the manufacturing process or even specifically contracts to have the product manufactured for itself, can trigger the conflict minerals requirements.
While manufacturers are closely assessing and implementing their own internal compliance programs, organizations will start to see Conflict Minerals Reports filed from manufacturers regarding their status with the SEC. Sourcing and procurement organizations will begin to integration conflict minerals compliance into their supplier risk management strategies. Consumer advocacy groups are highlighting progress on achieving conflict minerals free sourcing as a key objective for consumer goodwill and corporate governance.
Understanding the scope of effort for achieving conflict minerals free sourcing is quite challenging for those not deeply involved in the supply chain analysis. Traditional vendor risk management or third party service provider oversight focuses more on risk management and risk controls in place with the supplier. Assessing the adequacy of an organizations approach to conflict minerals compliance requires a more nuanced understanding of the rules, the exceptions, and the triggers for external audit assurance obligations.
Recent court rulings about the constitutionality of the requirements and the overall costs of compliance have increased concern for the pending timelines. Manufacturers that have identified 3TG in their products are beginning to file reports for the June 2014 SEC deadline. Organizations that need to comply will need to not only build their conflict minerals supply chain compliance program, but integrate the requirements into their overall third party risk management program.
Based on lessons learned, and summaries of industry approaches, here are highlights in five key focus areas on how to assess or refine building a supply chain compliance program to address conflict minerals compliance.
Product Scoping
A starting point within the product scoping effort it to assess the commodity groups used within the organization as components of the final manufactured product. By clearly defining “in scope” and “out of scope” product parameters, based on the criteria established by the SEC can reduce the volume of suppliers that may need to be assessed. A key differentiator is that the use of the minerals must be inherently functional to the product, and not purely for decorative purposes. Sourcing from recycled or scrap materials is deemed out of scope. Packaging materials are also considered out of scope, along with stock product purchased from an outside supplier, with no customization by the manufacturer.
After validation of the set of commodity products that must be assessed, including identification of risk factors, the manufacturer will identify the subset of suppliers to be surveyed. The primary outcome of the product scoping effort is to identify the set of commodity products that have the potential or likelihood to contain a 3TG mineral.
Assessing the Supply Chain
The process to assess the supply chain and to conduct reasonable country of origin inquiries is challenging as sourced materials do not come with simple bar-coded “Made in a Covered Country Label.” Metals are produced from ores through a smelting process. Conflict minerals supply chain assessments require organizations to trace the origin of the source material to not only the smelter that processed the materials, but back to the mine itself to determine if that mine is financially sourcing the conflict in the covered country. Depending on the results of the assessments, SEC reporting requirements may trigger external audits of the due diligence process.
When conducting a survey or questionnaire to suppliers, it is important to provide context to the request to ensure accuracy in the responses. The Conflict-Free Sourcing Initiative (“CFSI”) guidelines and the Electronic Industry Citizenship Coalition Global eSustainability Initiative (“EICC-GeSI”) created industry standard templates for use with assessing suppliers regarding the identification of 3TG minerals, the location of the and surveyed these suppliers of certain identified commodities used in our manufacturing processes.
Reasonable Country of Origin Analysis
A critical aspect of the due diligence aspect of conflict minerals supply chain compliance is to conduct a reasonable country of origin analysis. Based on the supplier response to the CFSI questionnaire, the country of origin of the minerals should be identified at the smelter level. Each county may have a high, medium, or low risk status based on the potential for the country to have sourced minerals from the Covered Countries in Africa. The Conflict-Free Smelter (CFS) Program is a program developed by EICC and GeSI to enhance an organization’s capability to verify the responsible sourcing of materials. Further details of the CFS Program can be found here: http://www.conflictfreesmelter.org).
CFSI maintains a list of “certified” smelters that have been vetted to confirm that they are not funding the conflict. Due to the volume of manufacturers assessing their supply chains, suppliers are working with CFSI on an ongoing basis, so the list of approved smelters can be dynamic. Organizations are obligated to investigate any “Red Flags” they uncover during the supplier assessment process, based on standards created by the Organization for Economic Co-Operation and Development (OECD) to demonstrate that they are doing appropriate oversight and monitoring of the responses from suppliers.
Manufacturers should establish a target response rate as part of the conflict minerals sourcing initiative for receiving completed supplier responses. It is not sufficient to assess only the direct supplier, but all the sub-suppliers that are used to procure source minerals that could have been provided to the manufacturer. Based on the results of the due diligence, the manufacturer should be able to establish their position or filing status for the SEC.
Governance Programs
Conflict minerals compliance is not a one-time supply chain or vendor risk management event. Compliance requirements will need to be integrated into the organizations sourcing, vendor risk, and compliance teams as part of developing the governance mode. A compliance program for conflict minerals needs to include not only the governance model, but a posted Conflict Minerals Policy published on the manufacturer’s web site, and communicated to suppliers. Like most aspects of third party risk, there are due diligence obligations for each phase of the supplier lifecycle. Change management is critical within conflict minerals compliance as new trigger points need to be conveyed by contract if a commodity good supplier changes or modifies the sourcing of the mineral.
SEC Reporting & Audit Considerations
Based on the nature of an organization’s sourcing determination, an external audit may need to be performed to confirm the adequacy of the due diligence effort. If the publicly traded manufacturer has reason to believe that any of the conflict minerals in their supply chain may have originated in the Covered Countries, or if they are unable to determine the country of origin of those conflict minerals, then the organization must exercise due diligence on the conflict minerals’ source and chain of custody.
Annually a report must be submitted, called the Conflict Minerals Report (CMR) to the SEC that includes a description of those due diligence measures. Due complexity of the chain of custody, many organizations may have to initially file Conflict Minerals Status as “undeterminable”, a status that the SEC rules allows during the initial years of filing. As organizations continue to follow the trail of the 3TG minerals, conflict minerals reports will be updated and filed for diverse set of publicly held companies.
While third party risk and subcontractor risks have been the most common themes of recent guidance from prudential regulators, deciphering the 3TG in Dodd Frank has created a new aspect to supply chain vendor risk management. Corporate governance and ethical business practices are not just an internally focused policy and employee program, but extend into the supply chain, created new requirements for organizations to develop tools and process for third party risk assurance.
Linnea Solem is the Chair of the Shared Assessments Program and is Chief Privacy Officer, Vice President Risk and Compliance for Deluxe Corporation. Linnea is a management professional with 20+ years financial services experience in areas eCommerce, technology, business development, marketing, information practices and risk management. She is a Certified Information Privacy Professional and led Deluxe’s compliance initiatives for Y2K, GLB, Check 21, and Red Flags Legislation. You can connect with Linnea on LinkedIn.
Reposted with permission from Deluxe Blogs