Download - CONFLICT MINERALS DISCLOSURE REQUIREMENTS
JAN-MAR 2014www.riskandcompliancemagazine.com
RCrisk &compliance&
Inside this issue:
FEATURE
The evolving role of the chief risk officer
EXPERT FORUM
Managing your company’s regulatory exposure
HOT TOPIC
Data privacy in Europe
REPRINTED FROM:RISK & COMPLIANCE MAGAZINE
JAN-MAR 2014 ISSUE
DATA PRIVACY IN EUROPE
www.riskandcompliancemagazine.com
Visit the website to request a free copy of the full e-magazine
Published by Financier Worldwide [email protected]
© 2014 Financier Worldwide Ltd. All rights reserved.
R E P R I N T RCrisk &compliance&
CONFLICT MINERALSDISCLOSURE REQUIREMENTS
���������������������������������
������������
risk &complianceRC&
������������������
�������
����������������������������
������������
�����������������������������������������������
���������
���������������������������
REPRINTED FROM:RISK & COMPLIANCE MAGAZINE
OCT-DEC 2014 ISSUE
www.riskandcompliancemagazine.com
Visit the website to requesta free copy of the full e-magazine
Published by Financier Worldwide [email protected]
© 2014 Financier Worldwide Ltd. All rights reserved.
2 www.riskandcompliancemagazine.comRISK & COMPLIANCE Oct-Dec 2014
MINI-ROUNDTABLE
MINI-ROUNDTABLE
CONFLICT MINERALS DISCLOSUREREQUIREMENTS
www.riskandcompliancemagazine.com 3RISK & COMPLIANCE Oct-Dec 2014
MINI-ROUNDTABLE
PANEL EXPERTS
Jonathan Hughes is the director of Assent Compliance’s Conflict Mineral service division. During his time with Assent, he has overseen various programs including REACH, RoHS and Conflict Minerals. Mr Hughes has been instrumental in the architecture and further development of Assent’s Compliance Software and Consulting service offerings. He represented Assent Compliance when requested to speak with the SEC in person regarding Conflict Minerals. His feedback was requested in writing, submitted to the SEC and cited in the Final Rules. Mr Hughes has also participated in an upcoming report to be released by the Government Accountability Office this summer.
Jonathan Hughes
Director
Assent Compliance Inc.
T: +1 (613) 290 8044
E: jon.hughes@assent
compliance.com
Jane C. Luxton is a member of Clark Hill PLC’s Environment, Energy, and Natural Resources Practice Group based in the Washington, DC office. Ms Luxton has extensive experience in conflict minerals and related supply chain accountability legal issues. Her practice includes advising mining, metals, and manufacturing companies on a range of US and international legal compliance issues as well as sustainability regimes. She has served in senior legal positions with the US Departments of Justice and Commerce.
Jane C. Luxton
Partner
Clark Hill PLC
T: +1 (202) 572 8674
Joseph A. Hall is a member of Davis Polk’s Corporate Department. His practice includes advising issuers and underwriters on capital markets transactions; advising SEC-regulated entities on regulatory matters; and advising on securities, corporate and governance matters, generally. He returned to the firm in 2005 following completion of his service at the US Securities and Exchange Commission as Managing Executive for Policy under Chairman William H. Donaldson. As a member of Chairman Donaldson’s senior management team, Mr Hall assisted in directing the Commission’s policy-making and enforcement activities.
Joseph A. Hall
Partner
Davis Polk
T: +1 (212) 450 4565
E: joseph.hall@davispolk.
com
Charles A. Riepenhoff, Jr is a managing director in KPMG’s Forensic practice. He serves as the firm’s Advisory Lead for Conflict Minerals, is a CMR reporting specialist, and a member of KPMG’s Conflict Minerals Executive Steering Committee. Mr Riepenhoff has more than 40 years of diversified experience in the areas of regulatory compliance, investigations, and audit. He has served as an instructor for national training programs and a lecturer at The Institute of Continuing Legal Education of the State Bar of Georgia and the Atlanta Bar Association.
Charles A. Riepenhoff, Jr
Advisory Managing Director
KPMG LLP
T: +1 (404) 222 3289
As Associate VP of Industry Solutions, Sonal Sinha is responsible for driving solutions and strategy for MetricStream in industries such as consumer packaged goods, retail and technology. Ms Sinha comes to MetricStream with over a decade of experience as a Risk Management and Compliance Leader at global consulting, financial services and technology corporations such as Google, Visa and KPMG. Ms Sinha holds a B.Sc. (Honours) from the University of Texas, Arlington and a joint M.B.A. from University of California, Berkeley’s Haas School of Business and Columbia Business School in New York.
Sonal Sinha
Associate Vice President
MetricStream
T: +1 (650) 620 2955
E: sonalsinha@metricstream.
com
CONFLICT MINERALS DISCLOSURE REQUIREMENTS
4 www.riskandcompliancemagazine.comRISK & COMPLIANCE Oct-Dec 2014
MINI-ROUNDTABLE
RC: Could you provide a brief overview of key issues surrounding ‘conflict minerals’? What considerations do companies need to make about the materials they use and where they are sourced?
Riepenhoff: Under Section 1502 of the Dodd-
Frank Act, the rules of the US Securities and
Exchange Commission (SEC) provide that companies
reporting to the SEC under the 1934 Securities
Exchange Act determine annually whether they use
conflict minerals in their manufacturing process.
Conflict minerals are defined as gold, tin, tungsten,
and tantalum (3TG) originating in the Democratic
Republic of the Congo (DRC) and its neighbouring
countries where military strife has been financed by
the sale of these minerals. Companies must disclose
by filing a Form SD and a Conflict Minerals Report
(CMR) the source of the minerals if they come from
the DRC or surrounding countries and they must
determine whether the 3TG they use is ‘DRC conflict
free’, ‘DRC conflict undeterminable’, or ‘Not found
to be DRC conflict free’, as defined in the SEC’s final
rules on conflict minerals of 22 August 2012. There
are several key issues companies should consider
with regard to Section 1502. These include their
procurement strategy for conflict minerals, and the
reliability of data received through a Reasonable
Country of Origin Inquiry (RCOI). Companies should
also consider how best to protect their brand and
examine their exposure to a range of risks, including
reputational, operational and legal. Companies are
vulnerable if they do not know who their business
partners are, how they operate, how they source
their materials, how they manufacture, and so on. It
is more important than ever that companies should
know the source of the products they buy in order to
manage associated risks.
Hughes: There are a number of key issues
surrounding conflict minerals. Companies need to
ensure business continuity and a positive brand
image while being in compliance with the mandated
legislation. They should install a business process
that allows them to gain supply chain transparency
at the material level and develop a holistic materials
compliance program. All of this should be done at
an affordable price. Finally, they need to ensure that
the business process selected for conflict minerals
‘scales’ in the event that new, similar regulations
involving restricted or monitored substances or
materials are put in place.
Luxton: Conflict minerals, writ large, is a supply
chain accountability program evolving on multiple
fronts that companies need to address. The SEC
rule is certainly one important part. Only 1300-some
companies of an expected 6000 filed the required
forms. Those that made 2014 submissions should
be working to improve their performance for 2015,
CONFLICT MINERALS DISCLOSURE REQUIREMENTS
www.riskandcompliancemagazine.com 5RISK & COMPLIANCE Oct-Dec 2014
MINI-ROUNDTABLE
and those that want to qualify their products as
‘DRC conflict free’ must put in place an independent
private sector audit (IPSA). The conflict minerals
court case is moving forward again, and reporting
requirements could change – another challenge. But
for companies thinking strategically about supply
chain and reputational risk, many other competitive
factors overshadow the importance of the rule.
Pressure from customers – both consumers and
sustainability-focused business customers
– along with investor and interest groups
that rate and rank performance, are
much stronger market forces driving
sophisticated corporate behaviour.
Today’s environment offers both risks and
opportunities.
Hall: Over the last few years we have
seen increasing interest by institutional
investors – particularly socially conscious
investors – and now the US federal
government, in the way companies’
purchasing decisions may inadvertently be helping
to finance armed conflict in the DRC. Relatively few
US manufacturers directly source their commodity
inputs from the African continent, but quite a few
US manufacturers build products with raw materials
that may have originated from the continent
somewhere up the supply chain. Investor and
regulatory attention to the issue is now compelling
many of these companies to examine their supply
chains with an unprecedented level of rigor. A few
years ago the main concerns of a supply chain
manager when purchasing commodities and other
manufacturing inputs might have been price,
quality and reliability of supply and delivery; now
that same manager is bound to ask whether her
company’s sourcing policies may inadvertently
leave the company vulnerable to adverse publicity.
This would be a concern for any company, but for
a consumer products company in particular, the
negative repercussions could be significant. So this is
of a piece with other ‘corporate social responsibility’
issues that public companies increasingly must deal
with, from environmental topics such as carbon
footprint and water quality, to human rights concerns
such as employment anti-discrimination policies and
fair trade practices.
Charles A. Riepenhoff, Jr,KPMG LLP
“Companies are vulnerable if they do not know who their business partners are, how they operate, how they source their materials, how they manufacture, and so on.”
CONFLICT MINERALS DISCLOSURE REQUIREMENTS
6 www.riskandcompliancemagazine.comRISK & COMPLIANCE Oct-Dec 2014
MINI-ROUNDTABLE
Sinha: The impact, breadth, applicability and
requirements of the conflict minerals rule indicates
that it is poised to change the face of compliance in
many ways. Over the last decade, organisations have
seen a flurry of new regulations, the primary focus
of which has been on disclosures around financial
controls, accounting practices, operating results
and the overall financial strength of a company. On
the other hand, even though it is regulated by the
SEC, the conflict minerals rule is nearly devoid of
a financial governance angle. Instead, it is focused
on corporate social responsibility. Until
recently, corporate social responsibility
has been a voluntary activity for most
companies. Visionary companies, however,
have quickly realised that complying
with the conflict minerals rule – and
understanding the materials they use and
where they are sourced – will also help
them demonstrate social responsibility,
which can bring about short-term and
long-term reputational and financial
benefits.
RC: How has legislation dealing with the problem of conflict minerals evolved in recent years? What developments have you seen in the past 12-18 months?
Hughes: Industry at large has gone through
the Kübler-Ross Stages: denial, anger, bargaining,
depression and acceptance. Firms are now installing
compliance programs and have accepted the
regulation as a business requirement. While some
court issues continue, industry at large has accepted
and is trying to meet compliance requirements.
Sinha: The SEC adopted Section 1502 of the Dodd-
Frank Act, requiring that publicly listed companies
disclose their use of conflict minerals. The rule
requires all US publicly listed companies that use
3TG metals in their products to, firstly, determine if
these minerals originated in the DRC and certain
surrounding countries, and secondly, to identify if
these minerals were sourced conflict-free or not.
In the broadest sense, the rule aims to minimise
funding to armed groups that engage in human
rights violations in the Congo and adjoining regions.
Regulators believe that by encouraging organisations
Sonal Sinha,MetricStream
“The impact, breadth, applicability and requirements of the conflict minerals rule indicates that it is poised to change the face of compliance in many ways.”
CONFLICT MINERALS DISCLOSURE REQUIREMENTS
www.riskandcompliancemagazine.com 7RISK & COMPLIANCE Oct-Dec 2014
MINI-ROUNDTABLE
to make public disclosures regarding the source
and movement of conflict minerals across their
supply chain, that over time, companies will look to
source minerals from conflict-free sources. The SEC’s
upholding of the conflict minerals rule, in spite of
multiple appeals, highlights their focus on actually
addressing the problem of conflict minerals.
Hall: In the US, the 2010 Dodd-Frank Act directed
the SEC to require publicly traded companies to
report on the existence of conflict minerals in their
supply chains. The SEC’s rule went into effect in
2013, with the first reports being due in early June
2014. However the SEC’s rule was challenged in
federal court by a group of trade and business
associations, and shortly before the first round
of reports were due, the court struck down a key
provision of the rule. The SEC soon announced that
companies would nevertheless be required to file
their reports by the original due date, but would not
have to label their products in a manner that would
convey whether or not they were free of inputs
that may have directly or indirectly financed armed
conflict in the DRC. So the first round of filings was
rather ambiguous on that point – and as a group
the filings were the subject of some criticism for it.
We are now waiting for the SEC’s next move, which
could involve a request for the court to clarify that
the SEC’s rule as originally adopted is now fully in
effect for reports covering calendar 2014, which
will be due in May 2015. Just to keep everyone
guessing, however, if control of the US Senate
passes into Republican hands after the November
elections, we could see a movement in Congress
to repeal portions of the Dodd-Frank Act, including
the provisions authorising the SEC to promulgate
the conflict minerals rule. So in the US we may still
be a long way off from knowing whether legally
mandated conflict minerals reporting will continue to
exist for 2015 and beyond.
Riepenhoff: The most significant developments
since the SEC promulgated the final rules governing
Section 1502 in August 2012 have not come from
the legislation per se, but rather from the courts.
The US court of appeals ruled that the requirement
to disclose ‘not found to be DRC conflict free’
violated a corporation’s right of free speech under
the first amendment. In a separate meat-labelling
case, a different appeals court ruled that the
public’s right to know overrode a company’s first
amendment rights. The SEC issued a temporary
stay in December 2013 relieving the requirement on
companies to disclose their status determination,
such as ‘undeterminable’ or ‘conflict free’, for the
2013 reporting period. The SEC has asked that the
appeals court reconsider its ruling. The outcome of
the various court rulings may have an impact on
whether companies will eventually be required to
declare their manufacturing process status with
regard to conflict minerals. Whatever the outcome,
though, there is growing pressure on companies
CONFLICT MINERALS DISCLOSURE REQUIREMENTS
8 www.riskandcompliancemagazine.comRISK & COMPLIANCE Oct-Dec 2014
MINI-ROUNDTABLE
from various stakeholders, including customers, to
make their supply chains more transparent, so they
should establish strong processes to do this. If they
do so, they may gain a competitive advantage.
Luxton: After the 2010 passage of conflict
minerals reporting legislation in Section 1502 of the
Dodd-Frank Act, the centre of activity shifted to the
SEC’s 2012 implementing rule. The rule left many
terms ambiguous, and the SEC was forced to issue
‘frequently asked questions’ documents and on at
least one occasion an interpretive letter, the broader
applicability of which remains unclear. In April 2014,
after an appeals court invalidated the rule’s specific
labelling requirements as contrary to the First
Amendment, the SEC released guidance on revised
compliance expectations. In July, an unrelated First
Amendment case raised new questions
about the conflict minerals decision, and
the court has called for briefing on possible
reconsideration, which could potentially
reinstate the original requirements or lay
the groundwork for different disclosures.
Also in July, the US adopted specific conflict
minerals sanctions criteria that apply not
just to SEC-filing companies but to all
businesses operating in the US. Without
question, this is an evolving area of law.
RC: Which sectors and industries need to be most aware of the SEC’s
conflict minerals disclosure requirements, including available exemptions? What checks should these companies make on their internal operations?
Luxton: The SEC’s disclosure requirements are
an equal-opportunity problem for all manufacturing
sectors and industries. With no de minimis cutoff
and few exemptions, manufacturing companies
and those that ‘contract to manufacture’ need to
be engaged. And that is also true for the many
companies that do not file SEC reports but are
caught up in supply chain tracing at the insistence of
their publicly traded customers. Some industries, for
instance electronics and automotive manufacturers,
were early adopters and have worked hard to
establish standardised search templates and support
CONFLICT MINERALS DISCLOSURE REQUIREMENTS
www.riskandcompliancemagazine.com 9RISK & COMPLIANCE Oct-Dec 2014
MINI-ROUNDTABLE
smelter certification programs, but others
have lagged behind. Those in the forefront
have given notice they expect better
responsiveness and data quality from
their suppliers than occurred in 2014, and
buyers are increasingly looking for ways to
leverage their purchasing power to increase
a supplier’s willingness to provide needed
information.
Hall: Any SEC-reporting company,
domestic or foreign, with manufacturing
operations – including outsourced
manufacturing operations – needs to be
aware of the rule and needs to determine whether
any of its products falls within the scope of the
rule. If so, there aren’t any reporting exemptions,
as such. For example, there is no de minimis
exemption that would allow a company with only
a tiny amount of conflict minerals in its products
to escape the reporting obligation. The rule itself is
rather convoluted, however, and not every company
that uses conflict minerals in its manufacturing
operations is caught by it. That said, companies
in the electronics or heavy manufacturing
industries will, because of the nature of their
products, tend to be covered, while companies in
the service industries, such as transportation or
telecommunications, may not be.
Sinha: The conflict minerals rule is imposed on
all US publicly listed companies, which means that
thousands of organisations are affected, across
multiple industries, including electronics, aerospace,
manufacturing, automotive, jewellery, retail,
healthcare and energy. On top of that, hundreds of
thousands of suppliers also have to demonstrate
compliance. For the most part, previous regulatory
compliance requirements have been inward-looking;
companies have been held responsible for the
activities within their organisations. On the other
hand, with the conflict minerals rule, a company
must look outward, as well as inward. In this case, it
means assessing the entire supply chain, all the way
down to the smelters, to determine the origin of the
raw materials in their products.
CONFLICT MINERALS DISCLOSURE REQUIREMENTS
10 www.riskandcompliancemagazine.comRISK & COMPLIANCE Oct-Dec 2014
MINI-ROUNDTABLE
Riepenhoff: All sectors that manufacture
products for sale or sell products containing 3TG
need to establish a policy for conflict minerals. The
final rules require a company that manufactures, or
contracts to manufacture products, to determine
whether they use 3TG, and if so, perform the RCOI as
well as due diligence for responsible supply chains,
and then meet certain disclosure requirements.
There are no specific exemptions to these rules.
However, the SEC’s final rules do provide companies
with the latitude to reach their own interpretation as
to the meaning of some terms, such as ‘reasonable’
and ‘functionality’. Internally, companies should
develop a standard operating procedure which
defines the process and responsibilities for meeting
the requirements established by the rules. Many
functions within an organisation are involved, such
as procurement, design, engineering, production, IT
and legal. It is important that these functions work
together to compile and document the company’s
process and decision making and to ensure that
accurate filings are made to the SEC.
Hughes: 3TGs are most prevalent in electronics,
automotive and aerospace or manufacturing as a
whole, which dictates that these sectors need to be
most aware. Firms in these sectors need to have a
scalable means of collecting, analysing and reporting
on material data from their supply chain.
RC: What risks may arise through a company’s dealings with third party partners and suppliers? How are such relationships addressed by the disclosure rules?
Hall: It’s a given that no public company will
want to be in the position of having to report that
its purchasing activity may have contributed to
financing armed conflict in the DRC. As a result,
companies will want to deal with suppliers who can
credibly certify that their minerals did not originate
in the DRC or an adjoining country, or, if they did,
that they did not finance armed groups in the region.
But this is no easy task when companies may deal
with hundreds or even thousands of suppliers, who
themselves may be several steps removed from
the actual mines, smelters and processing facilities
where the minerals originate. So a company’s
relationships with its suppliers, and the degree to
which the company is able to obtain their diligence
and cooperation, will directly impact what the
company can and cannot say about the impact
of its purchasing activity. This is presumably the
point of the rule; while structured as a disclosure
requirement, the goal would appear to be to force
companies to examine their supply chains at a
minute level and hold them directly responsible
for whether their purchasing decisions are having
CONFLICT MINERALS DISCLOSURE REQUIREMENTS
www.riskandcompliancemagazine.com 11RISK & COMPLIANCE Oct-Dec 2014
MINI-ROUNDTABLE
an indirect and unintended impact in a far-away
country.
Hughes: The major risk in dealing
with third party providers is selecting
the wrong program type and risking an
overspend on consulting rates. There
have been examples of consulting firms
charging upwards of $1m to clients,
where more scalable, robust and effective
programs could have been implemented
internally or through other providers for a
quarter of the cost.
Riepenhoff: Companies face a range
of risks with regard to their supply
chain. One item that is high on the list is brand
reputation and the impact of a company’s dealings
with customers, suppliers or third party partners.
A company’s reputation could be harmed if it finds
it is using conflict minerals or if it determines that
it is inadvertently purchasing from suppliers that
are on a sanctions list. Conflict minerals reporting
is one step toward supply chain transparency and
corporate responsibility. It will require a significant
and expanded effort, regardless of conflict minerals,
to meet the growing demand from stakeholders for
increased supply chain transparency. Companies
need to have systems, processes, and contracts that
enable them to understand what is in their products
and where the ingredients come from. Regulators in
the US and elsewhere – for example the UK Timber
Act and rules regarding Blood Diamonds – are
continually looking for ways to require companies
to expand disclosures about their supply chains.
These disclosures include not only materials
sourcing but also human rights issues such as child
labour. Another significant risk is regulatory risk. If
the conflict minerals reporting program is regarded
by a company as temporary or is not integrated
with other compliance programs, the company
risks running afoul of other regulations that, at first
sight, are not connected to Section 1502, such as
sanctions, anti-bribery laws, and so on.
Sinha: Global supply chain expansion and a more
decentralised supplier base offers organisations
cost advantages and new opportunities to reach
consumers. However, as the organisation’s supply
Joseph A. Hall,Davis Polk
“It’s a given that no public company will want to be in the position of having to report that its purchasing activity may have contributed to financing armed conflict in the DRC.”
CONFLICT MINERALS DISCLOSURE REQUIREMENTS
12 www.riskandcompliancemagazine.comRISK & COMPLIANCE Oct-Dec 2014
MINI-ROUNDTABLE
chain becomes more distributed and more global,
it also becomes more vulnerable than ever. Dealing
with third party partners and suppliers poses various
risks, such as disruptions caused by uncertain
economic cycles, unpredictable consumer demands,
and natural and man-made disasters.
There are a number of supply chain
risks including data breaches, IP theft,
geopolitical risk and poor supplier
performance. As such, going through
the necessary due diligence processes
to arrive at the required conflict
minerals disclosure requirements is
vital, and will provide organisations
with a better understanding – including
greater visibility and transparency
– over their entire supplier ecosystem,
as well as the individual suppliers.
Luxton: One principal risk is from suppliers that
are unwilling or unable to provide full and accurate
source information obtained from their upstream
supply chains. Lack of this information places
reporting companies at a competitive disadvantage
compared to others that can show their customers,
investors and the market that they are further
along in the race for conflict-free products or even
informed transparency. The SEC rule does not require
100 percent accuracy in reporting, but rather good
faith reliance on information that includes refusing
to overlook red flags. Even the US Commerce
Department recently conceded it can’t tell which
smelters are tied in to DRC conflict activity, so for the
time being, companies must do what they can to get
the best possible information and document their
efforts. A second major risk is unexpected surprises,
such as instances of bribery or sanctions violations
discovered in the supply chain.
RC: Could you describe the Reasonable Country of Origin Inquiry (RCOI) process in terms of addressing anti-bribery and corruption and Office of Foreign Assets Control (OFAC) risks? What actions should a company in response to these risks?
Sinha: What makes the conflict minerals rule
especially interesting is its flexible, less prescriptive
approach. For example, if a company is unable to
Jane C. Luxton,Clark Hill PLC
“With the recent expansion of the sanctions criteria to add individuals and groups supporting illicit trade in conflict minerals, the risks have increased.”
CONFLICT MINERALS DISCLOSURE REQUIREMENTS
www.riskandcompliancemagazine.com 13RISK & COMPLIANCE Oct-Dec 2014
MINI-ROUNDTABLE
determine whether the minerals in its products have
originated in the covered countries, they can prepare
a ‘DRC conflict undeterminable’ report. This report is
valid for a temporary two-year period, or four-year
period for smaller companies. This gives companies
more time to conduct the necessary due diligence.
If, after conducting an RCOI, a company determines
that conflict minerals in its products have originated
from the DRC and surrounding regions, then the
company is required to initiate additional due
diligence on the source and chain of custody of its
conflict minerals. According to the Organisation for
Economic Cooperation and Development (OECD),
due diligence in the mineral supply chain is “an
ongoing, proactive, and reactive process through
which companies can ensure that they respect
human rights, and do not contribute to conflict”.
Riepenhoff: An RCOI means that a company must
conduct an inquiry regarding the origin of its conflict
minerals that is reasonably designed to determine
whether any of its conflict minerals originated in
the covered countries and must perform the inquiry
in good faith. The best way to conduct the inquiry
is through an integrated compliance program
designed to address all regulatory risks including
anti-bribery regulations, economic sanctions, and so
on. Uncovering infractions in one area of compliance
can actually help with compliance in another area.
When companies filed their conflict minerals reports
to the SEC in June 2015, a number of them revealed
that they had bought gold from North Korea,
unwittingly in contravention of US sanctions against
the country.
Luxton: I see this as a critical focal point for
corporate risk management. The supply chain review
involved in the RCOI process – and of course further
diligence if required – can unearth unpleasant
surprises, including evidence of violations of the
Foreign Corrupt Practices Act, UK Bribery Act,
and OFAC sanctions rules. The first round of SEC
conflict minerals filings included some embarrassing
revelations from major companies forced to admit
that sanctioned North Korean gold was found in
their supply chains. With the recent expansion of
the sanctions criteria to add individuals and groups
supporting illicit trade in conflict minerals, the risks
have increased. Companies need to integrate the
programs they have in place or are hopefully building
to address all of these risks and make sure attorneys
are involved, to maximise the company’s protection
while it determines the scope of any violations and
how best to meet disclosure and other obligations.
Hall: It’s possible that a company that has robust
anti-bribery, anti-corruption and OFAC policies and
procedures will find it somewhat easier to conduct
the RCOI because such a company may, as a
general matter, have more insight into and ability to
obtain information from its supply chain partners.
But in practical terms, the RCOI is not a procedure
CONFLICT MINERALS DISCLOSURE REQUIREMENTS
14 www.riskandcompliancemagazine.comRISK & COMPLIANCE Oct-Dec 2014
MINI-ROUNDTABLE
that most companies would already have been
undertaking in order to comply with existing anti-
corruption laws and sanctions regimes.
RC: If a company acquires a target that it suspects falls within the scope of the disclosure requirements, what steps does it need to take?
Riepenhoff: The rules provide for an eight-month
extension in the company’s annual filing to the SEC
if it makes an acquisition. As quickly as practical,
an evaluation should be performed to determine
whether the acquisition meets the conflict minerals
rules. In any event, the subsidiary should be included
in the company’s integrated compliance program,
addressing all regulatory risks, not just
those related to conflict minerals.
Luxton: Under the rule, a company that
acquires or otherwise obtains control over
a business subject to conflict minerals
reporting obligations must provide a report
covering the new business, starting with the
first reporting calendar year that begins no
sooner than eight months after the effective
date of the acquisition. For example, if the
deal closed in March 2014, because eight
months later would still be in calendar year
2014, the acquiring company would need to
file a report for calendar year 2015. If the deal closed
in May, the company would have an extra year
before it was required to report, since the end of
the eight-month period would fall in 2015. However,
these rules apply only to acquiring companies that
did not have an independent, pre-existing disclosure
obligation. Presumably the theory is that a company
already required to report would have systems in
place to allow it to meet new supply chain tracing
needs.
Hall: If the target was not already subject to the
disclosure rules, during due diligence the acquiring
company should seek to understand whether
any of the target’s products are ‘in scope’, and if
so whether the target has followed supply chain
and sourcing policies designed to avoid the use
CONFLICT MINERALS DISCLOSURE REQUIREMENTS
www.riskandcompliancemagazine.com 15RISK & COMPLIANCE Oct-Dec 2014
MINI-ROUNDTABLE
of conflict minerals from the DRC and adjoining
countries. In the likely event that the target has not,
the acquiring company should try to get a handle
on the complexity of the target’s supply chain, since
bringing the target into compliance with disclosure
obligations, or even restructuring the target’s supply
chain, may well impact post-acquisition integration
costs. Note that the target’s operations would
be covered by the company’s conflict minerals
disclosures in the year following the acquisition if
the acquisition closes before 1 May; otherwise they
would be deferred until the next year.
Sinha: The conflict minerals rule ushers in
changes to the relationships and disclosure
requirements between the organisation, its suppliers
and associated regulatory bodies. In order to arrive
at a disclosure, the company must understand all
of its suppliers, assessing the contracts between
the company and its suppliers. It also requires that
companies implement conflict minerals surveys,
assessments, audits and due diligence to track if
the necessary steps have been taken by all of the
suppliers and smelters in order to demonstrate
‘conflict free’. Unlike other regulations, this rule
impacts the external operations and relationships
with suppliers. Significant effort is required, and the
processes the organisation must take to conduct
the necessary due diligence requires great cross-
functional collaboration across the organisation;
from the chief procurement officer, general counsel,
CFO, COO, supply chain and procurement, legal
counsel, compliance, finance, internal auditors,
corporate social responsibility teams, external
auditors, and more.
RC: What consequences can companies expect if they are found to be non-compliant with the requirements?
Hughes: Non-compliance, in the literal
sense and with respect to complying
with Dodd-Frank as an SEC issuer, would
typically mean at least one of the following:
not executing your reasonable country
of origin inquiry in good faith; failing to
conduct due diligence in according with the
CONFLICT MINERALS DISCLOSURE REQUIREMENTS
16 www.riskandcompliancemagazine.comRISK & COMPLIANCE Oct-Dec 2014
MINI-ROUNDTABLE
OECD framework; or failing to disclose your findings
properly in your Form SD and CMR. What some
people mean when they say ‘non-compliance’ is
the presence of 3TGs in a company’s supply chain
that are sourced from conflict afflicted mines in the
DRC. Strictly speaking, the latter is not an instance
of ‘non-compliance’ with Dodd-Frank as long as
it is reporting in a company’s filings with the SEC.
For non-compliance on the basis that 3TGs are
present in a company’s supply chain and sourced
from conflict afflicted mines in the DRC, there are
three possible ramifications: loss of business due to
contractual obligations with your customers; damage
to brand image due to public disclosure; or sanctions
under the latest amendment to Executive Order
13413. In theory, a company that knowingly supports
these mines could be subject to sanctions under this
executive order through its indirect support of those
persons in the DRC committing war atrocities and
illicitly trading 3TGs. Does this mean that companies
are going to start receiving sanctions if it is found
that one of the smelters listed on their CMRT has
sourced from a conflict afflicted mine in the DRC?
That is highly unlikely – but it is something that could
be used as a stick against flagrant violators.
Sinha: What makes the conflict minerals rule
different than most is that the regulators aren’t the
only ones judging a company’s compliance efforts.
This judgment also falls with various stakeholders,
such as non-governmental organisations, investors
and customers, which are also interested in a
company’s published conflict minerals report.
Conflict minerals will likely become a brand and
reputation issue, which is also a financial issue.
Responsible sourcing is increasingly important to
consumers, and will likely become a base-level
requirement needed to stay competitive. On top of
that, negative press generated about a company’s
conflict minerals-related efforts can likely also have
a huge effect on reputation, sales and profitability.
It is in a company’s best business interest to invest
the necessary time and resources in building
a comprehensive conflict minerals program,
recognising that this effort is a critical stepping-
stone to a more sustainable and responsible supplier
governance program.
Hall: Using conflict minerals from the DRC or an
adjoining country is not itself a violation of the SEC’s
rule. However, whether or not a company falls into
this category, if it is subject to the SEC’s conflict
minerals reporting requirements and it fails to file a
report, or it files an incomplete or inaccurate report,
at a minimum it – along with its senior executives
– would be subject to an enforcement action by the
SEC.
Riepenhoff: The rules do not provide for
financial or other penalties to be levied by the
SEC in the event of non-compliance. But some
NGOs, such as the Responsible Sourcing Network
CONFLICT MINERALS DISCLOSURE REQUIREMENTS
www.riskandcompliancemagazine.com 17RISK & COMPLIANCE Oct-Dec 2014
MINI-ROUNDTABLE
and Enough, are closely monitoring the reporting
practices of companies and are keenly interested
to see companies reduce their purchase of
conflict minerals. Companies can expect to come
under pressure not only from NGOs but also their
customers to meet the requirements of the Act.
Luxton: Companies face three types of direct
legal consequences if they fail to comply with the
rule. The SEC Office of Enforcement has the power
to bring enforcement actions against non-compliant
companies, but in practice it is very unlikely that
the SEC will take aggressive action, particularly in
the early days of the rule and except in a case of
egregious conduct. Section 18 of the Exchange Act
of 1934 provides a private right of action against
any person who makes a false statement on which
a purchaser or seller of a security relies, unless the
person can show he did not know the statement
was false or that the statement did not affect the
price of the security; these are tough evidentiary
burdens to meet. Note that this provision does not
apply to companies that simply fail to file. Finally,
California and Maryland have passed laws barring
state officials from awarding procurement contracts
to companies that fail to comply with the SEC’s
conflict minerals rule.
RC: What advice can you offer to firms on building a comprehensive conflict
minerals program and adequately addressing disclosure requirements?
Luxton: The most important advice I can
offer a company is to integrate its supply chain
accountability functions in a carefully planned
and strategic way. The SEC’s conflict minerals
disclosure requirements are only one aspect of a
larger phenomenon, and supply chain transparency
demands will only become more numerous and
insistent. The EU is considering conflict minerals
legislation with a wider geographic scope than US
law; states are conditioning procurement on conflict
minerals compliance. But far more is involved: two
states already have supply chain responsibility
regimes focused on human trafficking and slavery,
and federal legislation has been introduced along the
same lines. A recent appellate case held chocolate
makers potentially liable for slavery in their upstream
supply chains. Major industrial customers are
pressuring their suppliers for disclosures relating to
the EU REACH and RoHS programs, carbon usage,
and other socially conscious issues. Companies that
deal effectively with these business risks in a savvy,
coordinated way can reduce corporate vulnerability,
realize efficiencies, and win competitive advantage.
Hall: Companies should start early, devote
the required resources and make sure senior
management understands the magnitude and
CONFLICT MINERALS DISCLOSURE REQUIREMENTS
18 www.riskandcompliancemagazine.comRISK & COMPLIANCE Oct-Dec 2014
MINI-ROUNDTABLE
complexity of the task. Avoid the temptation to
hand the task off to the accounting and legal
personnel who typically handle SEC filings; while
they will need to be involved – in particular, legal
staff will play a critical role in interpreting the rule
and determining whether the company is subject
to it in the first place, and if so which products are
covered – compliance with the disclosure
requirements will depend heavily on the
efforts of the company’s supply chain
managers and other business people who
are typically a step removed from SEC
reporting.
Hughes: Conflict minerals is just one
restricted or monitored substance. For
example, the EU RoHS directive prohibits
the use of lead. If companies develop
separate compliance programs for each
restricted substance, material or social
regulation, their costs will run out of control. Once
firms accept the need for a holistic program to
address product compliance and implement that
program, they will be in a strong compliance position
for the future.
Sinha: First and foremost, companies need to
take a proactive, long-term approach to compliance,
regardless of what stage they are in with regards
to their conflict minerals due diligence or reporting
requirements. This also means establishing the
right foundation: companies need to be clear with
themselves and their stakeholders, with what they
are setting out to do, and what they are trying
to achieve. Engaging the right teams, and hiring
and promoting the right people, can help ensure
that a company’s compliance efforts are well-
coordinated, and cost and time effective. It is also
important to take a risk-based approach to conflict
minerals compliance. This means identifying high-
risk suppliers and high-risk products first. Based on
this, companies can prioritise efforts and budgets
accordingly. My final piece of advice would be to
leverage technology and solutions which can help
strengthen, simplify and automate conflict minerals
management. A long-term, proactive strategy, with
the right technology solution, will increasingly be
what sets leading organisations apart from the rest.
CONFLICT MINERALS DISCLOSURE REQUIREMENTS
Jonathan Hughes,Assent Compliance Inc.
“Once firms accept the need for a holistic program to address product compliance and implement that program, they will be in a strong compliance position for the future.”
www.riskandcompliancemagazine.com 19RISK & COMPLIANCE Oct-Dec 2014
MINI-ROUNDTABLE
Riepenhoff: A comprehensive approach is a
good place to start. Conflict minerals reporting
should be tied to compliance with other supply chain
regulations to make data gathering more efficient
and to strengthen the entire reporting process. A
well-run company does not want to operate without
a deep knowledge of its supply chain; the more it
knows, the better it will be able to prevent supply
interruptions and other threats to efficiency and
smooth operations. Hiding the head in the sand is
not a good way to run a company. Prevention of
negative events is one side of the coin; the other
side is enhancing the benefits to the company.
A more transparent supply chain will improve
efficiency and resiliency. And it will enhance a
company’s reputation. If investors and the public
have a good opinion of the company, this can only
be beneficial, not only for the share price but for
society at large. Transparency breeds trust. RC&
CONFLICT MINERALS DISCLOSURE REQUIREMENTS