Confusion is still widespread about the distinction between RCOI and due diligence. This is not simply an academic discussion – the SEC has noted this and blurring the lines between the two will almost certainly result in higher IPSA costs. As a long-time advocate of minimizing IPSA costs, we offer the following thoughts on how to practically separate the two.
What is RCOI?
At its core, RCOI revolves around the process of identifying and communicating with suppliers. This is the initial information gathering stage, which includes ensuring that information meets the issuer’s completion, consistency and reasonableness criteria – equivalent to OECD Step 2 – Identifying and Assessing Risks in the Supply Chain. On pages 150 and 271 of the final release of the conflict minerals rule, the SEC stated:
“The reasonable country of origin inquiry is consistent with the supplier engagement approach in the OECD guidance where issuers use a range of tools and methods to engage with their suppliers. The results of the inquiry may not trigger due diligence. This is the first step issuers take under the OECD guidance to determine if further work outlined in the OECD guidance – due diligence – is necessary”.
Additional text on pages 148-150 continues discussing RCOI in the context of receiving representations from suppliers. The following excerpts from CFSI Five Practical Steps to Support SEC Conflict Minerals Disclosure (version 2.0, Feb. 2015) are also helpful:
The RCOI involves determining if the company has reason to believe that SORs in its supply chain are sourcing minerals from a [Covered Country]… the completeness of that list of smelters is advanced through the RCOI process and is not considered a part of risk management as contemplated by the OECD Guidance…
Lastly, Question #18 of the SEC FAQ:
The IPSA does not need to include the reasonable country of origin inquiry because, under the rule, that inquiry is a distinct step separate from the due diligence process. As a result, the independent private sector auditor need only opine on whether the design of the issuer’s due diligence framework is in accordance with the portion of the nationally or internationally recognized due diligence framework beginning after the country of origin determination. With regard to the second part of the IPSA objective, the issuer’s conflict minerals report is required to describe the due diligence measures it undertook. As such, the independent private sector auditor need only opine on whether the issuer actually performed the due diligence measures described in the report after the issuer determined it had reason to believe its conflict minerals may have originated in the DRC or an adjoining country.
What is Due Diligence?
Clearly, SEC’s view is that due diligence occurs after supplier engagement and an issuer uses the suppliers’ final answers from the RCOI as the basis for determining whether additional efforts – due diligence – are needed.
“The conflict minerals statutory provision specifically contemplates due diligence, which goes beyond inquiry and involves further steps to establish the truth or accuracy of relevant information…”
Page 271 of the Final Release. It is notable that “completeness” of the relevant information is not included, as mentioned above in the CFSI document.
In contrast to RCOI, in due diligence the issuer is not communicating with the supplier at this point, but is conducting its own internal verification activities on information that was provided by suppliers’ final answers.
Due diligence comprises two broad activities that take place after communication with the suppliers concludes. The first is verifying “the truth or accuracy” of smelter/refiner information provided by suppliers – specifically, the smelter/refiner status and country(ies) of origin. Think of this as confirming or denying whether there is “reason to believe” that materials originated from Covered Countries. As further illustration, recall that the final release contains a provision whereby if the outcome of RCOI indicated an issuer had reason to believe a supplier sourced from Covered Countries, but the further due diligence proved otherwise, that issuer does not have to file a CMR or conduct an IPSA. Or at least does not have to include that supplier in a CMR they would otherwise have to file. See Filing Instructions, Item 1.01 (c)(1)(vi) (pages 350 – 351).
Generally, this information verification involves the issuer comparing the identified smelters/refiners to various lists and conducting additional efforts where necessary to determine the sources of the ores processed by those facilities. It is not uncommon for a supplier’s final answer to be missing this information; therefore it is up to the issuer to make efforts on its own to fill in the blanks, or confirm information that was presented.
The second element of due diligence is making internal decisions based on the smelter/refiner and country of origin information. Will business relationships continue with suppliers that have materials confirmed as originating in the Covered Countries? Will business relationships continue with suppliers that have materials sourced from smelters/refiners that have not been audited? What action plan will be put in place to encourage these non-conforming suppliers to meet expectations about smelters/refiners and countries of origin? This also includes deciding what to do about suppliers who are nonresponsive.
In our view, these activities are aligned with OECD Step 4 – Independent Third Party Audits of Supply Chain Due Diligence at Identified Points in the Supply Chain and OECD Step 3 – Design and Implement a Strategy to Respond to Identified Risks (respectively). While it may not be readily apparent, an issuer’s use of, reliance on and encouragement of third party audits of smelters/refiners is aligned with Step 4 for downstream companies. This was outlined in OECD’s January 2013 Final downstream report on one-year pilot implementation of the Supplement on Tin, Tantalum, and Tungsten.
Keeping it straight
Hopefully, these thoughts help. Consider that RCOI is where all supplier engagement activities occur. In due diligence, an issuer is no longer communicating with suppliers, but is using that information for internal purposes.
Be mindful that confusion still exists, even in the ranks of those considered to be experts. Just last week, Deloitte issued a newsletter with some very good information, including a discussion on separating RCOI from due diligence. Unfortunately, their example of how an auditor may approach the description of due diligence measures undertaken used text describing RCOI activities. <Sigh>.
Contact us if you’d like to discuss this further. We are happy to take the time to help.