How to Minimize Risk in Your Conflict Minerals Program
If you have initiated your conflict minerals program, you likely began by filtering your products to identify those that may contain tin, tantalum, tungsten and gold (3TG). Based on this, you initiated a Reasonable Country of Origin Inquiry (RCOI) that involved hundreds or even thousands of telephone and email inquiries, data requests, data files and other supporting documents.
To effectively highlight areas of risk and provide auditable evidence of your due diligence process, these efforts and the resulting data must first be well organized. Once data is organized it must be continuously reviewed and assessed for accuracy, plausibility, consistency, gaps and reasonableness.
Key issues to consider throughout the process are supplier response rates and requests for confidentiality, missing and erroneous data, and discovery of red flags, which warrant further investigation. It is only by spending time assessing these issues will you be able to gain a realistic perspective of the potential risks associated with your supply chain.
The Complexities of Conflict Minerals Data Collection
Publicly traded companies have begun implementing Conflict Minerals Compliance Programs (CMCPs) to meet the requirements of Section 1502 of The Dodd-Frank Act. A key component of the CMCP is data collection from the supply chain.
The current industry standard for collecting conflict minerals information from the supply chain is the Responsible Business Alliance's Conflict Minerals Reporting Template (CMRT), but it is not the only tool for data collection. Others may choose to create their own custom templates based on the CMRT or create their own method of data collection entirely.
Engaging suppliers for data collection typically involves multiple telephone and/or email contacts. Ensuring these communications and data collection tools are offered in a supplier’s native language increases the chances data being requested will be provided.
Because the solutions developed to tackle conflict minerals compliance are survey driven, it is important to address survey limitations before any form of analysis takes place. Suppliers may be cautious when it comes to sensitive issues that may be linked to controversial human rights abuses. This may lead to conservative survey responses or response bias. Indeed, the term “conflict” carries a negative connotation that may cause some to become protective or wary.
Lastly, due to pressures from the court of public opinion, issuers and other suppliers may impel responders to provide conservative information to avoid risk of public shame and cut costs.
Data is Essential, Accuracy is Critical
Gathering comprehensive data is essential for identifying supply chain risks and preparing for an audit. Factor in the global nature of supply chains, language barriers, political obstacles, confidentiality concerns plus the sensitive nature of the materials being traced and the complexities involved in this kind of work become clear.
The type of important information that will be collected include the location of the facilities that are used in the production or storage of the products being traced, as well as a list of materials that are included in the products. Meetings and telephone contacts to follow up on missing data and questions will need to be scheduled appropriately based on time zones.
After successfully engaging suppliers and obtaining required data, you will also need procedures for data quality assessment. Completed templates and surveys need to be reviewed for reasonableness and missing data. Verifying responses and obtaining additional information may require several iterations of follow-up just within the first tier of your supply chain.
You should expect to spend 15 to 60 minutes of time per supplier to collect the required information. Remember, you will also likely need to follow up with suppliers on a regular basis, such as each quarter, to understand if there have been any changes in their supply chains. Though this time commitment is spread out over the course of the year, when dealing with very large supply chains it may quickly become a very significant use of human resources.
You will also need mechanisms to track the progress of your telephone and email queries, so that you can easily determine which items are closed and which still need to be addressed. Building these tracking systems after the data collection has begun will not be as efficient as having them ready to go from day one. Furthermore, it is critical to maintain working documentation of your due diligence efforts in preparation for an audit, whether internal, external or conducted by an agency. This objective evidence should be retrievable and utilized to substantiate findings that are recorded in an audit report.
One area where we experience a significant need for fact checking is in identification of smelters and refiners noted in templates. We have found many times that smelters listed for a given component are in fact a different of company such as semiconductor fabricator, solder manufacture, or metal trader. In addition, the names of smelters as provided by your suppliers will vary. We have found that on average you can expect five or six different spellings of each smelter provided. Having a robust database of smelter aliases, both known smelters and known non-smelters, will expedite this process. Verifying the veracity of smelter information may thus also include multiple telephone and email communications across locations worldwide, in addition to Internet research.
Supplier Response Rates
The Conflict Minerals rule is different from many previous SEC reporting obligations. There are many references throughout the final rule about “reasonable” and “best effort” but far fewer explanations as to what these really mean. There is no set number for what will be viewed by the SEC as an acceptable response rate. What is acceptable will also depend greatly on a number of other factors, such as when the program was rolled out, how many suppliers are being queried, the business sector impacted, etc. However, few would dispute that the greater number of suppliers you are able to gather information from the better chance you have of your SEC filing being accepted as reasonable.
While it may sound simple, finding the proper point of contact for a supplier can often be one of the most difficult hurdles. Most likely the contacts you have for your suppliers are not in the CSR, compliance or sourcing department, but instead are in sales or are account managers. Unless they have seen similar requests from other customers, chances are that they have never heard of the conflict minerals issue and will not know how to respond. As such, the email will get bounced around and forwarded throughout the organization until a “champion” is identified that can compile the data requested.
Requests for Confidentiality
Though the final pieces of information your company needs to gather are not of a proprietary nature to your direct suppliers, the route to get there includes information that often is. Many of your suppliers, especially those in the distribution business, may be hesitant to share information about who they are buying their products from. Getting over this hesitancy can also be a challenge. What assurances can you give to your suppliers that you will not use the information that they are providing about suppliers to cut them out of the supply chain? Utilizing an AI-powered platform such as the Source Intelligence system allows the assignment of alphanumeric codes to suppliers to protect their identity within the system. The execution of Non-Disclosure Agreements with suppliers is also becoming a more common practice.
Missing and Erroneous Data
Most suppliers will do their best to provide the information you are requesting because they have a financial incentive to keep you, their customer, satisfied. However all your suppliers are likely suffering through the same difficulty of gathering this data that you are, and many of them may not even be required to report to the SEC themselves.
While many suppliers may not intentionally provide misleading information in their submissions, they may not have the resources to gather all the information or to fact check all the data they are submitting. However, as a reporting company there is a need to identify these gaps and inaccurate information. Each reporting company must ensure that it is putting forth a best and reasonable effort to follow up with suppliers and identify where the reporting and reputational risks lie.
Conflict Minerals Program Best Practices
Fact checking, data validation, and re-engagement are three of the most important pieces of any conflict minerals compliance program. Information provided by suppliers should be checked against data sources available via other projects and external sources (data mining sites such as the UN, US State Department, NGO’s, Industry Groups and more). As the names of companies within a supply chain are identified, they should be compared to a list drawn from external sources. This creates many additional benefits beyond conflict minerals compliance such as risk mitigation and brand protection from reputational harm.
Several steps may be implemented to help streamline the RCOI and hence the data assurance efforts.
Step 1: Have suppliers pass through a screening process. If they are able to provide a declaration that their products do not contain 3TG, provide them with the ability to exempt themselves from further inquiries.
Step 2: Suppliers that are not able to provide such a declaration should then be asked either to send a copy of their CMRT or provide contact information for those parts and components that are likely to contain 3TG. As this information is collected it should be assessed for quality by quickly identifying possible errors and cautionary flags in line with the OECD Due Diligence Guidelines. Follow-up information should be requested whenever a problem is discovered within the information provided.
Step 3: Should the information provided contain errors or red flags, further information regarding the sourcing of these materials should be requested from the supplier.
Source Intelligence has implemented a data Quality Control (QC) process to check supplier data for accuracy, plausibility, consistency, gaps and reasonableness. The process consists of both automated and manual checks performed by software and technical personnel respectively.
During the QC process, several types of red flags may be raised which require business rules with regard to response and could potentially impact a customer’s risk. Our system happens to consist of three different types of flags: Signal, Warning and Red.
To see what our Conflict Minerals Program can do for you, request a demo with one of our experts!