Why did RMI update the protocols?
The RMI requires its protocols to be reviewed annually to ensure the content continues to reasonably support the responsible sourcing requirements set forth by law (e.g., Dodd Frank Action Section 1502) and international expectations, such as the OECD Guidance. Interim adjustments are able to be made if driven by revised findings or legislation, including the European Union (EU) Supply Chain Due Diligence Regulation (May 2017) and forthcoming Chinese legislation. Within the EU context, accompanying measures and implementing regulations will require RMI to formally apply for acceptance into the EU scheme, which requires assurance programs to be aligned with OECD Guidance to be accepted in by EU Member States.
The revised Standard also meets international expectations communicated by the availability of the OECD Alignment Tool and Methodology,), alignment with upstream partners such as ITRI Tin Supply Chain Initiative(iTSCi) and Better Sourcing Program (BSP), and the need to update content based on three years of feedback and input from auditors, auditees, and other stakeholders.
Why did RMI remove “conflict-free” terminology?
The “Conflict-free” label, while referenced and defined in DFA 1502, does not accurately represent the principle and practice of due diligence as an ongoing process that is expected to be carried out and improved upon over time, where risks incidents are identified, managed, and reported as part of the process.
The updated Standard and assurance process continues to support companies’ declarations for “conflict-free” for regulatory purposes or otherwise, in that smelters and refiners are still required to identify and address direct or indirect support to non-state armed groups and the financing of conflict in the Great Lakes Region as part of the risk identification and assessment process.
Companies are still able to use the results of the RMI’s assurance process to support their United States Securities and Exchange Commission (SEC) filings, “conflict-free” claims, and/or customers’ requests. However, as was the case under the previous protocols, companies that source from smelters or refiners that are in conformance with the revised standard are not considered automatically in compliance with the SEC Final Rule. Under the SEC Final Rule, additional steps are required for companies to meet SEC reporting requirements: scoping, RCOI, and due diligence.
Has RMI expanded the risks covered by the audit?
RMI has not expanded the risks covered by the audit, however the revised standard explicitly references OECD Annex II risks to clarify that risks covered by the OECD Guidance must be included in the smelter’s risk identification, assessment, and management process.
Companies must address all OECD Annex II risks, which are those commonly associated with the extraction, transport and trade of minerals from CAHRAs:
- Any forms of torture, cruel, inhuman and degrading treatment;
- Any forms of forced or compulsory labor;
- The worst forms of child labor;
- Other gross human rights violations and abuses such as widespread sexual violence;
- War crimes or other serious violations of international humanitarian law, crimes against humanity or genocide;
- Direct or indirect support to non-state armed groups;
- Direct or indirect support to public or private security forces;
- Bribery and fraudulent misrepresentation of the origin of minerals;
- Money laundering;
- Non-payment of taxes, fees and royalties to governments.
How is RMI going to drive consistent outcomes in identifying CAHRAs when smelters can use their own definitions?
RMI uses the OECD’s definition and is providing resources to help smelters identify these areas. The rationale smelters use must be defensible and evidence-based. RMI has made resources available on this webpage. Additionally, the European Council is planning to develop and indicative and non-comprehensive list of CAHRAs. RMI continues to engage with regulators, the OECD and other standard setting bodies to provide guidance and drive consistent outcomes in identifying CAHRAs.
Can smelters use upstream assurance mechanisms for sourcing from CAHRAs?
Yes, smelters may continue to use upstream assurance mechanisms to assist in conducting due diligence over high-risk sources. When using upstream assurance mechanisms, smelters must, at a minimum:
- Understand the scope of activities of the upstream assurance mechanism and understand any gaps between the scope of the mechanism’s activities and the requirements of the OECD Guidance.
- Ensure that all information generated by the upstream assurance mechanism, and which is expected to be shared with the auditee, is received in a timely manner and records are maintained for at least five (5) years and made available to the auditor.
- Have sufficient understanding of the context of CAHRAs to be able to review and understand the information generated by the upstream assurance mechanism and to assess their ability to exercise influence over actors in high-risk supply chains who can most effectively prevent or mitigate identified risks.
- Where possible, actively participate in the upstream assurance mechanism to mitigate identified risks in its supply chains.
How can a smelter or refiner define high-risk or low-risk sourcing?
The smelter should do so in accordance with Table 5 in the Tin/Tantalum Standard, Tables 5-6 of the Tungsten and Gold Standards, respectively.
How do you know which areas have which risks?
Smelters and refiners are required to develop a procedure to identify CAHRAs. RMI has provided resources and examples on our website here.
If one area is defined as low-risk area, but there are media reports with high-risk in this area, how does the auditor determine the risk-level?
The auditor does not determine the risk-level, the smelter does. The auditor should assess the procedure to identify CAHRAs to ensure that 1. It meets the requirements of the standard; 2. It is reasonable.
If the smelter only select two type of risks from Annex II for its CAHRAs procedure, is this a finding?
The smelter does not select “types of risks” from Annex II for the procedure to identify CAHRAs. Instead, they develop broad criteria, such as human rights, governance, and conflict.
Will smelter define all sources as low-risk? How can the auditor judge whether this is reasonable or not?
It is possible the smelter assesses that all sources are low-risk. Auditors can ask probing questions to better understand and validate the process and procedure to reach that determination, and ensure it is reasonable. However, auditors should not pass judgment on the outcomes of the reasonable process.
What if reports indicate that an area has a number of risks?
The auditor can ask questions related to specific reports or articles and ask how those were assessed during the CAHRA procedure. However, reports or news articles alone are not conclusive evidence that an area is high-risk, and there may be a reasonable explanation as to why a company determined it was low-risk. For example, a smelter may be sourcing from the eastern part of a country with transit directly from the east into their country, while media or NGO reports identify risks in the western part of the country.
What if onsite the auditor and auditee realize the smelter is sourcing high-risk and needs to complete the high-risk assessment workbook?
First the auditor and auditee should talk through the changes. If possible, the auditee can make the updates on site. If not, the auditor may have to return to follow up. This will also be reviewed in the context of continual improvement, understanding that new high-risk sources may take more time to address and integrated into systems and processes.
During the assessment, if the smelter has a system for addressing issues of material origin and transit but not on KYC of suppliers, or if the smelter has systematic issues with documents but not with suppliers, what should the auditor do?
The assessment is a management systems assessment. Thus if there are any systematic concerns – either with suppliers or materials – it is a finding. However, if there are no material issues or the identified concerns are not systematic, it may be an observation.
Does RMI provide any resources for smelter on capacity building?
What are the challenges of the audit firm’s assessment reporting, what are the smelter’s concerns?
Major concerns include language (non-native language to smelter or refiner); grammar and spelling; and completeness.
Are the PAC and workbook that the audit firm received is reviewed by RMI first and then go to auditor?
Yes. RMI receives and reviews all submitted documents before sending them to the audit firms. This is to check for errors, gaps, and glaring issues.
Should the auditor leave the CAP template onsite after finishing the onsite assessment?
RMI will provide the auditee with the official determination of findings and enter them into the CAP template. This will be sent with the determination letter. The auditee then has 2 weeks to return their portion of the CAP template to RMI in order to be assessed by the auditor.