Category Archives: Compliance

The No-Fluff Latest “Must Read” on Conflict Minerals Filings for 2016

The conflict minerals disclosure is still required for calendar year 2016. No Executive Order has been issued, nor has SEC eliminated or modified the rule. Acting Chairman Michael Piwowar did direct the Staff to “to reconsider whether the 2014 guidance on the conflict minerals rule is still appropriate and whether any additional relief is appropriate” but no action has been taken as yet.  Any action that may be taken would most likely follow standard rule making procedures (proposal publication, public comment, Commission adoption of final rule).  Given the timing typically required for the entire process, it is highly unlikely that a rule change will occur before the end of calendar year 2017.

The use of specific product determination wording it still voluntary. The 2014 SEC Guidance remains in effect.

An IPSA is required only when a company voluntarily chooses to use the product determination wording of “DRC Conflict Free” or “Not DRC Conflict Free”. The 2014 SEC Guidance remains in effect.  We expect the number of IPSAs to rise slightly for the 2016 filing.

Companies continue to confuse the smelter/refiner location country with the country of origin.  Quite simply, the country of origin is where the rocks come out of the ground; the smelter/refiner location country is  where those rocks are processed.  These are  frequently different countries.

Companies also continue to report countries of origin that are not plausible sources of production or reserves (e.g., Hong Kong and UAE).  A plausibility review of all countries should be conducted before submitting the Conflict Minerals Report (CMR) to the SEC.  We have developed a comprehensive list of plausible countries of origin from a range of sources including USGS, Department of State and experts in each of the metals trade.  This is used as part of our smelter/refiner verification services.  Contact us if you would like more information.

Six high-risk smelters/refiners are frequently identified by suppliers.    Three of these are related to US-sanctioned entities (Fidelity Printers, Sudan Gold Refinery and Central Bank of DPRK), not conflict minerals.  Issuers need to determine how they will address these within their conflict minerals disclosure, if at all.

The EU conflict minerals regulation has been finalized and differs from the US regulation in that it applies to companies with more than 500 employees, importers of 3TG, contains applicability thresholds and goes into effect in 2021.

Just over 12,000 comments were submitted to the SEC in response to Acting Chairman Piwowar’s request for comments. More than 11,700 of those comments were form letters and just over half of the remaining 300 were submitted by concerned citizens. Approximately 130 comments were submitted by company representatives, industry groups, Congolese society, NGOs and investors. In our view, opinion reflected in the 130 was split relatively evenly for and against the rule. We noted that several of the comments against the rule cited erroneous and outdated information, specifically concerning costs of rule implementation.

The Senate Foreign Relations Committee, Subcommittee on Africa and Global Health Policy is holding a public hearing on April 5 titled A Progress Report on Conflict Minerals.  Yes we will be there.

The US State Department announced they are “seeking input from stakeholders to inform recommendations of how best to support responsible sourcing of tin, tantalum, tungsten and gold.”

Some DC pundits believe that, in the aftermath of the Trump administration and Republican Party failure to succeed on healthcare, Democrats are emboldened to resist efforts to revamp Dodd-Frank. Perhaps, similar to what Mark Twain once wrote, “reports of its death are greatly exaggerated”.

New Comments to SEC Show Ongoing Misunderstanding, Excess Spending for Conflict Minerals Rule

The new public comment period initiated by SEC Acting Chairman Michael Piwowar is now closed and we have reviewed almost all the submittals.  What is surprising is that there still seems to be significant misunderstanding or interpretations of the rule, and some issuers are spending far more than is likely necessary.  The following comments and estimates that caught our attention:

  • Two industry groups cite a company spending $10 million in initial implementation costs and $3 million in ongoing costs (most likely the same company).  We were shocked to see those numbers.  No client of ours, nor any of the many Fortune 500 we have direct or indirect contact with, has expended that much in relation to the Rule.  
  • One company is cited as needing 7 months to survey 300 suppliers.  If that is indeed current information, there are most likely program implementation approaches available that the company is unaware of, or has chosen not to pursue.
  • Another commenter privately disclosed their cost and associated scope of their efforts to us in an email dialogue.  Based on our understanding, that company is expending approximately 90% more effort than needed.  They have received poor guidance on the rule or made a voluntary decision to go down that path.
  • There are multiple references to an estimate of an IPSA costing $250,000 – $350,000 and taking six months.  This estimate appears to reflect the original proposed rule rather than the IPSA objectives and scope of the final rule and the subsequent guidance.  During the proposed rule phase, little guidance was available on the IPSA and the auditing community anticipated full supply chain audits, or audits that confirmed product determinations. The final rule made it abundantly clear that the actual IPSA objectives/scope are far narrower.  

If you think you are spending more than is necessary for your conflict minerals program, give us a call.  We can probably find ways to reduce your effort and costs.

BREAKING: Leaked Draft Executive Order Suspending Conflict Minerals Law

Yesterday, several news outlets reported on what was claimed to be a leaked draft Executive Order that would, if signed by President Trump, suspend Dodd-Frank Section 1502 for a two year period by claiming it is in the US national security interest to eliminate US corporate due diligence activities concerning tin, tantalum, tungsten and gold (3TG).  The document offers no explanation as to  the reasoning behind the conclusion that national security interests are either currently threatened or how national security would improve by the action.  Further, the Executive Order cites incorrect and outdated information about the costs of the Rule.  In the end, none of that may matter as President Trump will almost certainly sign such an Order regardless.

Would that mean all conflict minerals traceability and reporting processes would immediately come to a halt?

No.

First, there will continue to be customer demands for the information regardless of the SEC disclosure requirement, and you will have to meet your customer information requests or possibly jeopardize the business relationship. Second, the Order will very likely be challenged in court as was the President’s recent travel “ban” Executive Order.  Once it goes to court, who knows what will happen and how fast or slow.

We recommend continuing to move forward on the due diligence and reporting activities already underway for calendar year 2016.  But stay tuned – the situation is changing more rapidly and drastically than anyone had imagined.

 

You Are What Your Suppliers Do: Supplier Actions Make Headlines, Break Business

With companies facing increasing pressure for the actions of every part of their supply chain, demand for – and reliance on – supplier/corporate social responsibility (CSR) audits conducted by third parties has grown rapidly.

Shirts, Phones, Rocks and Shrimp

But there is concern about the quality, reliability and credibility of these audits.

CSR Auditing and Toilet Paper

Is Social Auditing Really Auditing?

Harvard Professor Identifies Factors for Meaningful CSR and Supply Chain Audits

You Don’t Know What Your Suppliers Are Hiding

Companies rely on their CSR audit firm to utilize qualified auditors, employ adequate QA/QC processes and expend adequate time to conduct a reasonable audit. Yet there are no generally-accepted professional CSR audit practitioner standards. Moreover, due to cost pressures, lowest cost audit providers are frequently selected that may not have appropriate auditing skills or training – the largest CSR audit firms conduct tens of thousands of these audits each year. Increasing audit time and costs to improve quality or credibility is typically not realistic – the business model is inherently high-volume, low margin.

Are these audits effective at findings supplier actions that create risks for you? Can a company gain confidence in their CSR audits without adding costs? Is a change in auditors necessary?

Improve Credibility for Disclosures, Media and Customers

Changing audit firms is not necessary, nor is another layer of auditing. Instead, a formalized auditor training program can be a low cost yet effective solution.

The Elm Consulting Group International is expanding our well-proven auditor training program to companies who use CSR/supply chain auditors. The intent of this program is for brands to provide detailed communication and training to their current CSR/supply chain auditors about the company’s requirements for auditor competence, audit quality and processes in order to enhance the credibility of audit information.

Our formalized training for existing CSR auditors builds their client’s confidence in the quality of the work provided. The program is not intended to provide training on specific audit topics such as child labor or worker rights. Instead, the focus is on proven audit techniques such as:

  • Understanding and applying professional skepticism
  • Interviewing and active listening
  • Identifying and responding to non-verbal cues within multi-cultural contexts
  • Evidence sampling methodologies
  • Using information from different sources
  • Verification and recomputation techniques
  • Judging audit evidence quality and limitations
  • Fraud detection
  • Using working papers and audit protocols
  • Writing effective and complete audit findings
  • Audit quality expectations, requirements and processes
  • Maintaining auditor independence, including auditor rotation

Our Qualifications as The Leader in Auditor Training

Our HSE auditor training experience began in the 1980s and we have successfully trained hundreds of external and internal auditors. Elm Principals hold auditor certifications from the US Board of Environmental, Health and Safety Auditor Certification (BEAC, now wholly merged into the Institute of Internal Auditors) and UK Institute of Environmental Management & Assessment, are approved trainers for the IIA EHS auditor certification program and are subject to annual continuing education requirements ourselves. Further, Elm Principals have served in various Board positions in The Auditing Roundtable (merged into the IIA in 2016) and BEAC, including the current BEAC Chair.  More information about our internal audit quality and auditor competence standards is available here.

Give us a call at 678-200-3424 or contact us via email to discuss how we can help you increase confidence in your CSR audits.

Dr. Seuss Essay on Auditing Updated

In the early 1970s, buried in one of his books, Dr Seuss penned a little known essay on auditing. For those not familiar with it, the full text follows:

Oh, the jobs people work at!


Out west near Hawtch-Hawtch
 there’s a Hawtch-Hawtcher Bee-Watcher. His job is to watch…
is to keep both his eyes on the lazy town bee. A bee that is watched will work harder, you see.

Well… he watched and he watched. But, in spite of his watch, 
that bee didn’t work any harder. Not mawtch.

So then somebody said,
“Our old bee-watching man
just isn’t bee-watching as hard as he can. 
He ought to be watched by another Hawtch-Hawtcher!
 The thing that we need
is a Bee-Watcher-Watcher!”

 The Bee-Watcher-Watcher watched the Bee-Watcher.
 He didn’t watch well. So another Hawtch-Hawtcher
had to come in as a Watch-Watcher-Watcher!


And today all the Hawtchers who live in Hawtch-Hawtch are watching on Watch-Watcher-Watchering-Watch,
Watch-Watching the Watcher who’s watching that bee.


You’re not a Hawtch-Watcher. You’re lucky, you see!”

Words of wisdom from an unlikely source.  And for a little amusement, Elm takes Seuss a little further.

We decided to try our own hand at rhyme
And update the story to these current times.

Auditors watch the things clients do
And also suppliers when they’re in scope too.
They see if the list of everything bought
Was made in conditions just like it was thought
Or from those hoping they’re not getting caught.

The Hawtch-Hawtch bee watcher failed as you know
Since audits alone don’t work, we shall show.
What can we learn from those watching the bee?
I see two things – well, actually three.

The bee – when watched – was supposed to work more
But that’s not what bee itself had in store.
Instead what it did was kept right on doing
Not a thing – the watcher was just cud-chewing.
The town of Hawtch-Hawtch thought things would be fine
As long as an auditor watched all the time.

That, my dear friends, is flaw number 1 –
Audits alone are but one part of the fun,
After the watching, there’s more to be done.

The next wrong expectation in this story I find
Is the scope of the watching is not well defined.
What does it mean to “Watch as hard as you can?”
The watchers weren’t sure – down to the last man.
Had they been told, they could do the job well
And not let past problems fester and swell.

Today, what of CSR, governance and sustainability?
The words are unclear – I think they’re meant to be.
No clarity was given those Hawtch Hawtch bee watchers
So they all failed, got sore feet and bad postures.

And now, my beloved, we’re at flaw number three
Which is simply bad audit and auditor quality.
Bad bee watching – at least supposedly so –
Made the line of watch-watchers grow – grow – grow
That perpetuated the flaws that all went before
Meaning Hawtch-Hawtch kept getting more, more and MORE
Of the same watch watchers already there
Who did nothing more than stare, stare and stare
At the same old thing day after day,
Focused on billable hours, bonus and pay.

Most of them ranked low and were unqualified
To be a watch watcher – they weren’t certified.
Maybe because that would cost a bit more
Than the ineffective work that had been done before.
But Hawtch-Hawtch didn’t care to look into this
Not concerned with things that were possibly missed.

Now Hawtch-Hatwch is not a maker of stuff
That uses slave labor and treats their folks rough
And whose business will shrink when good auditors see
What unscrupulous companies do with glee.

In sum, Seuss told us of things one through three
These things – for auditing – are important and key.
But, I say friend, don’t take it from me
Go back and look that old Hawtch-Hawtch bee.

CSR Auditing and Toilet Paper

In the 1990s I worked for a large paper company and one of the products we made was a name brand toilet paper. As TP goes, this was nice stuff – 2 ply, thick and soft. We marveled that the product didn’t sell well in markets dominated by products that were thin, had holes and fell apart too easily. It baffled us that so many people didn’t care about what ends up on their hands.

Today there is a surprising demand for third party environmental/safety/social/supply chain audits that are equivalent to cheap TP – thin, single “ply” (i.e., one dimensional) and full of holes.   Yet even in the midst of so much reliance on audits, very few buyers of these audit services seem to be concerned. Its not only us that sees this – a fascinating article published earlier this week called out Amazon, The Children’s Place, Gap, Hanes, J-Crew, JC Penny, Kohl’s, Macy’s, Nike, Pink, Polo, Target, Walmart and Zara for “ineffective … CSR monitoring, corporate codes of conduct and industry ‘social audits’ … in protecting the rights, health and safety of millions of workers in global supply chains.”  This, after a decade of CSR audits, is the author’s conclusion.

The article goes on to discuss related failures and inconsistencies in certifications and audit scopes. Our own experiences support this – all too frequently we have seen companies pursuing various certifications solely in order to have a certificate to frame and hang in their lobby. One unfortunately memorable experience came a week after a client had completed their ISO14001 recertification audit. The ISO auditor passed the site with flying colors and was highly complimentary of their program. However, our compliance audit found – with little effort – criminal environmental violations that resulted in the site environmental manager losing his job and one of the few instances where self-disclosure to EPA was warranted without question. This isn’t necessarily a problem with the standards themselves – the problem rests completely with the auditors responsible for assessing the sites.

This criticism shouldn’t be a surprise to anyone who is familiar with current CSR audits and auditors. Certainly there are excellent and conscientious practitioners in the field, but the pricing model of these audits tends to support minimalism all the way around. In a recent article on this topic, we stated our belief that the pricing of CSR audits is directly in response to severe operating cost pressures placed on the manufacturers by the brands. But that circles back to consumer buying preferences as we pointed out six years ago. If attributes other than price and product performance were truly key buying criteria, then the entire economic ecosystem (eco-ecosystem??) would be different.

We do not offer typical CSR/supplier audits because we flatly refuse to compromise our professionalism in order to be cost competitive in this market. Our respect for clients and concern for the risks they face exceeds our desire to compete for revenue from these services in the current market. But, as evidenced by what the article states is an $80B year CSR industry, many people are okay with using cheap toilet paper and don’t seem to care what will end up on their hands.

A few key things you should do to help prevent continuing CSR audit failures:

  • Ensure the audit scope matches the auditor(s)’ backgrounds.  For example, after Raina Plaza, CSR auditors have been increasingly asked to provide information on structural engineering and local electrical code compliance.  These matters require specific technical knowledge beyond that of a typical CSR auditor.
  • Explore the auditor(s) professional qualifications. Do they hold a relevant third-party certification?  How much continuing education do they require on an annual basis?  What fraud detection training have they had?  What are the audit firm process for ensuring independence of the individual auditors, not just the firm as a whole?  Auditors should consider themselves professionals and hold themselves accountable to appropriate standards for qualifications.  If they don’t, that speaks volumes about their attitude toward their work.
  • Test the auditor(s) technical knowledge beyond their checklist.  Does the auditor understand the applicable requirements beyond what is written in the audit checklist or protocol?  There are few times when reality matches the criteria on paper.  You want a professional who is prepared to apply knowledge and expertise objectively and pragmatically, not just check boxes on paper or a screen.
  • Find out how much time the auditor(s) spend onsite, and on each audit activity.  Generally speaking, one day (or less) total on-site is too little for any credible audit scope.  The auditor should reasonably balance their time between document reviews, interviews and visual observations.  If you don’t feel there is adequate time spent or balance in the activities, make your auditor change their practices.
  • Observe – or get feedback on – the auditors’ bedside manner.  An auditor’s attitude and non-verbal cues have a significant impact on the amount and quality of information they are able to gather from the audited entity, and how that entity responds to the audit and corrective actions.  Interviews conducted by the auditor should be non-threatening.  Using active listening techniques without sounding condescending or like a robot is an art form not easily mastered.
  • Look at audit report findings and the cited evidence.  Are findings based solely on interviews?  While this can be acceptable in some settings/situations, information from interviews should be corroborated with another type of audit evidence such as documentation, recomputation or direct visual observations.  If findings are not based on objective and repeatable evidence, make your auditor change their practices.  Issues based on interviews alone should be brought forward in a mechanism outside the audit report as those don’t meet the requirement for a formal finding.
  • Determine how audit reports are peer reviewed – or are they peer reviewed at all?  Does the review require the auditors’ original notes so the reviewer can confirm that the audit evidence supports the findings?  All audit reports should go through a formal internal quality check.
  • Don’t get swayed by broad company or program certifications such as ISO.  While these certifications can be an indicator of internal process formalization, understanding the reality of auditor performance in your specific need is far more important.
  • When considering an auditor, call client references and discuss their experiences, both positive and negative.  Obviously, references are specifically selected to present a positive image.  Expressly ask the reference to offer comments about matters or situations that are not so positive.

ALERT: European Parliament Announces Conflict Regulation for Finalization

In a press conference concluded minutes ago, Bernd Lange, Chair of the International Trade Committee, Iuliu WINKLER, rapporteur with Cecilia MALMSTRÖM, Member of the EC in charge of Trade and Council presidency and Ivan LANČARIČ, Ministry of Economy of Slovak Republic announced what is called “informal deal on a regulation” for the EU conflict minerals scheme. This action will be legally binding and is aligned with the June 2016 political understanding. The final text will be voted on by the member states on December 7, 2016, with a vote in the plenary expected in the first half of 2017.

Details are forthcoming, but what is known now is:

  • Due diligence is based on the OECD Guidelines.
  • The scheme is mandatory for importers of 3TG and applies to companies with more than 500 employees but small volume importers will be exempt from these obligations.  The “small” threshold was not provided in the public announcements. Previous reports place the threshold at 100kg for gold.
  • The regulation allows companies to become a responsible importer by declaring in writing to the competent authority in a member state that it follows the due diligence obligations set in the regulation. A list of these importers will be published by the Commission. The competent authorities will carry out checks to ensure that EU importers of minerals and metals comply with their due diligence obligations. Details about the checks were not provided in the public announcement.
  • The legal deadline for implementation is January 1, 2021 but the EP specifically invites voluntary early entry into the program by EU manufacturers and sellers not otherwise subject to the law.
  • The Commission will draft a handbook including non-binding guidelines to help companies, and especially SME’s, with the identification of conflict-affected and high-risk areas.

Press releases from the EP are available here and here.  A more detailed press release is here.

We will continue to follow these developments and will post updates as they are available.

Cobalt is the New Conflict Mineral

Conflict minerals information requests from customers increasingly include cobalt.  While cobalt is not an official conflict mineral, and the basis for the recent public attention is not the funding of armed groups, it is nonetheless being included in conflict minerals CMRT requests.

But cobalt is not one of the CMRT metals, and the CFSI smelter/refiner lists and audits do not include cobalt.  What do you do?  You can build on your existing conflict minerals program, but you need new data collection/verification tools, business criteria and customer reporting methodologies.

These are fundamental issues that every company will have to resolve before meaningful responses to customers can be provided, and it will likely take time.

For Conflict Minerals, It’s Spring in October

In past years, most companies really geared up their conflict minerals supplier engagement activities after the first of each year.  This allowed companies to fully capture the complete calendar year of manufacturing and generally provided adequate time to meet the SEC filing deadline of May 31.

This year is different.  There are a significant number of companies who began their reasonable country of origin processes in earnest last month.  They are facing a new and earlier deadline for their conflict minerals information – from their customers.  A deadline that is 7 months sooner than the regulatory filing date presents its own challenges.  Among other things, it is now more critical that the RCOI and due diligence programs be efficient and that risk mitigation strategies are used and function as they should.

More than ever, additional and knowledgable support is needed for many of these companies facing customer-required early deadlines.  We can help.  Give us a call to discuss.

SEC’s Latest Update on Conflict Minerals Rule

This is the latest in our on-going efforts to provide updates on the US conflict minerals rule.  We haven’t sent any news in some time and many companies are asking us for a status report.

To sum it up, there is nothing new.  The official statement from the SEC Staff is that updates are “forthcoming”.  That is the same word they have used since 2014, and given the upcoming elections, “forthcoming” may be quite a way down the road.

So to be clear:

  • The rule as a whole, including Reasonable Country of Origin and Due Diligence efforts, remains in place and required for those SEC issuers subject to the rule.
  • There remains no mandate to use any specific product classification/determination wording.  Because of that, the original 4-year deferral of IPSAs for smaller companies is essentially moot since ALL companies are free to use wording other than the “magic words”, or to use no product determination wording at all.
  • Conversely, there is no prohibition on using any specific product classification/determination wording either.
  • Should a company choose to voluntarily use the words “DRC Conflict Free” or “not DRC Conflict Free” an IPSA is required.  Dr. Chris Bayer’s report on the CY15 filings found a number of filers using these words but did not conduct an IPSA.  We are curious to see how – or if – the SEC Enforcement staff react to such a public call-out of noncompliance.  We caution against using language that strongly implies the “DRC Conflict Free” determination unless an IPSA will also be conducted.

Other related matters of interest:

  • One bill is pending in Washington to repeal Section 1502 and another is pending to eliminate funding for SEC to enforce Section 1502.  Neither of these have moved past the initial filing stage and are generally seen as symbolic by Beltline insiders we have spoken with.  Don’t get your hopes up.
  • Regardless of the recent publicity and outcry concerning cobalt mining, it is not a conflict mineral within the rule, nor must cobalt be included in Form SD or Conflict Minerals Reports.
  • The technical content of the EU Conflict Minerals Directive is still not finalized, but some sources expect movement on that by the end of 2016.
  • The draft OECD Alignment Assessment Methodology and Tool have been published.  These are to be used in evaluating the various industry programs with regard to their conformance to/alignment the OECD Due Diligence Guidance Framework.  Elm has been selected as a key external stakeholder to provide input to the Methodology, Tool and the industry programs.