Conflict Minerals: Lessons Learned for a Smoother Year Two Compliance Program

We are now well into the second year of the enforcement of Dodd-Frank section 1502, otherwise known as the “Conflict Minerals Provision”.  Year one was a bit of a roller coaster, with legal challenges and rulings that adjusted – although ultimately did not eliminate – the reporting requirements for SEC filers.

In early July, RGP’s Conflict Minerals Practice Leader, Kevin Deely, presented a webinar that presented the results of a careful analysis of the first year of SEC Conflict Minerals filings.  If you are subject to the conflict minerals provision, I encourage you to take time to listen to the recording of the session, as the results were extremely interesting.

Having a Conflict Minerals Policy is Key

CMPolicyStatsOne of the most interesting statistics that came from the research was that 25% of the companies that filed the Form SD report with the SEC indicated that they did not have a formalized Conflict Minerals Policy.  As Mr. Deely mentions in the session, this is surprising both because of the critical nature of having a policy that governs your conflict mineral program, as well as how simple it can be to create that policy.

Your company’s policy does not need require conflict free materials – nor does it need to enforce full reporting compliance for all suppliers.  The policy will define ownership of the initiative, outline your tolerance for non-compliance, set thresholds for suppliers above which you will require responses, and outline corrective action that should be taken for non-compliance.

Data Quality Makes a Huge Difference

In year one, RGP found that dealing with poor data quality created a large amount of effort for many organizations.  Companies that had poor tracking of suppliers, parts or contact information spent far more time on compliance, as they had to first track down information from multiple sources.  Organizations that spent that time wisely in year one creating more complete and consistent records of suppliers and parts will have a much easier time with year two compliance.

Supplier Outreach

Suppliers are not operating on even playing fields.  Large publicly held manufacturing companies who are SEC filers themselves had different challenges than small, independent suppliers in non-English speaking countries.  Language, timing, technology and urgency varied across the population.

Year one taught us that the supplier outreach is critical – and needs to be tailored to the audience.  Some suppliers will need more hand-holding through the process, and others will simply need more time to gather their response together.

Third Party Assistance and Technology

RGP’s Conflict Minerals Practice and our Reasonable Country of Origin Center of Excellence (RCOI COE) team have helped a number of clients through the year one process, developing policies, creating governance structures and serving as the outsourced team to manage the supplier survey process.  In year two, even more organizations are looking to partnerships to help them be more efficient and to provide the most cost-effective solutions.

If you need a partner or the technology to manage your surveys, please contact us today and we’ll connect you with our Conflict Minerals Practice to discuss those needs!

RCOICOE

8 Panels, 7 Keynotes and a Head Full of Ideas: Compliance Week 2014

logo-cw2014I am just returning from Compliance Week’s 2014 conference, held in Washington DC this past Monday through Wednesday.  I’m leaving with a new tote bag, a t-shirt, 36 pages of notes taken during the sessions and a head bursting with ideas that I want to share with all of you.  I participated in CW 2014 strictly as an attendee, to learn from the best in class compliance officers.  8 breakout session panels, 7 key note addresses and a whirlwind of conversations later – I’m happy to report that I accomplished that mission.

While there are some specific topics that we’ll dig into deeper in the coming weeks (after I’ve had a chance to digest those 36 pages of notes), I wanted to provide a couple of highlights in time for our May newsletter!

Cyber Security is a Hot Topic

For many compliance executives, it doesn’t feel like cyber security should belong in the compliance department’s realm.  Alan Brill, Senior Managing Director at Kroll, agrees that the domain of cyber security is unclear, but stresses that it is a compliance issue.  He suggests that compliance teams and IT security teams partner more closely in this age of “everything cyber” to put compliance tools in the hands of the IT resources who need them.

One very practical suggestion made by Mr. Brill was to partner with IT to issue employee communications about good data security practices, using the compliance mindset to provide guidance and understanding of why the topic should be taken seriously.  (The example used was the number of employees who likely have a personal DropBox account, where they store work in progress to be accessible from multiple locations.)

My takeaway: How can we help organizations to push their compliance processes-controls, testing, reporting, employee communication-to the IT security side?  In some cases we already work with both financial compliance and IT compliance, but where we don’t, can we help to foster more coordination?

Third Party Risk Management is Critical

It is surprising, to be honest, how many organizations are still underestimating the exposure they face due to third parties.  The actions of suppliers, partners, contractors and sometimes even customers can bring risk onto your organization.  The need for effective – and efficient – third party risk management and due diligence was a key theme through many Compliance Week 2014 sessions.

How to do third party due diligence and risk management in a reasonable, cost-effective and resource-efficient way was a matter of much discussion – both during panel events and in the hallways over breaks.  Panel experts stressed the need to push the due diligence process down to the business units and owners of the third parties, while having compliance oversight – and audits – to make sure the process is working.

My takeaway: policyIQ can help organizations to build a 3rd party due diligence process.  Over the next couple of months, we should illustrate more specifically so that our clients can see the process in action in a practical – and cost-effective – way.

Compliance Should Be Embedded in the Business

This theme ran through virtually every session at the conference – and while it is definitely a desire of most attendees, there did seem to be some skepticism about how to accomplish it.

One session specifically focused on “Tone at the Middle”, taking the common idea of “Tone at the Top” to a new level.  It is the middle-managers that are closer to the majority of the workforce, and the commitment to compliance and ethical conduct at this level can be even more critical.  (Of course, it is clear that “Tone at the Top” is critical to THIS level of commitment.)  The idea boils down to the concept that if you have an ethical environment that is committed to compliance, compliance shouldn’t feel like a hurdle that has to be overcome.

The other side to this coin is the concept that in the ideal world, compliance can be seen as a revenue positive activity.  Compliance departments can work within the business to identify opportunities for process improvement – in line with compliance initiatives.  Risk management and issue management can also be viewed within a revenue-positive light.

Practical advice on this subject was a bit thin, however it is clear that everyone wants compliance to be seen as a positive force, rather than a revenue-restriction.

My takeaway: How can we talk about processes like risk management and issue management in revenue-positive language?  Consider ways to identify opportunities rather than issues.

So much more…

I have notes on issue management, creating a positive “speak up” culture, ideal issue escalation processes, risk-focused issue management, suggestions for creating better relationships with regulators, and much more.  Stay tuned for more notes and ideas!  If you have a specific question or if you are curious about a specific area, don’t hesitate to reach out to us.

ALERT: SEC Releases Updated Conflict Minerals FAQ

The following alert was issued by RGP’s Supply Chain Practice’s Senior Practice Leader, Kevin Deely on April 8, 2014.  Please feel free to contact us with any questions and we’ll put you in touch with the Supply Chain Practice leadership in your local region.

ALERT: SEC Releases Updated Conflict Minerals Frequently Asked Questions (FAQ)

RGP-Logo-for-blog-post

In a much-anticipated update to the Securities Exchange Commission (SEC) May 2013 Frequently Asked Questions (FAQ), the SEC released nine new questions and answers relating to conflict minerals. To view the SEC’s FAQ page, please click here.

The release of information addressed a number of lingering questions since the initial release of the FAQ. One of the most anticipated points of clarification included how companies should treat a hybrid of ‘DRC undeterminable’ and ‘DRC conflict free’ products in its Conflict Minerals Report (CMR). The SEC said that companies can only describe products that are ‘DRC conflict free’ if the issuer determines that the conflict minerals did not finance or benefit armed groups in the region based on its due diligence. In addition, that due diligence requires an Independent Private Sector Audit (IPSA) of the CMR, for filings describing products as ‘DRC conflict free’. Key excerpts from the release include:

  • If, after exercising due diligence on the source and chain of custody of its conflict minerals, an issuer determines that at least one of its products may be described as “DRC conflict undeterminable,” is the issuer required to obtain an IPSA of its Conflict Minerals Report during the temporary transition period?

    No. The Commission stated in the adopting release that, during the transition period, issuers with products that may be described.

  • If an issuer does not obtain an IPSA of its Conflict Minerals Report because one of its products is “DRC conflict undeterminable,” may it describe any of its other products as “DRC conflict free” in its Conflict Minerals Report?

    No. An issuer is not required, under the rule, to describe any qualifying products as “DRC conflict free” in its Conflict Minerals Report. The rule defines due diligence as including an IPSA of the Conflict Minerals Report. Therefore, to be able to describe qualifying products in its Conflict Minerals Report as “DRC conflict free,” an issuer must have obtained an IPSA.

  • During the temporary transition period, an issuer has products that it manufactured or contracted to have manufactured with conflict minerals that are necessary to the functionality or production of those products. Each product is composed of a number of conflict minerals from different sources. In its Conflict Minerals Report, how should the issuer describe any particular product based upon the various combinations of conflict minerals in the product?

    During the temporary transition period, if an issuer has a product that would qualify as “DRC conflict free” except that the product contains a conflict mineral that the issuer is unable to determine did not originate in the DRC or an adjoining country, or is unable to determine did not directly or indirectly finance or benefit armed groups in those countries, the issuer may not describe that product as “DRC conflict free.”

  • The nationally or internationally recognized due diligence framework used by an issuer may include procedures for obtaining information about a conflict mineral’s country of origin. If so, this aspect of the nationally or internationally recognized due diligence framework would encompass the reasonable country of origin inquiry requirement under the rule. In that situation, would the IPSA also include the issuer’s reasonable country of origin inquiry?

    No. The IPSA does not need to include the reasonable country of origin inquiry because, under the rule, that inquiry is a distinct step separate from the due diligence process.

 

The release of the updated FAQ is helpful, but still does not address a range of questions companies have before the first filing. Companies should evaluate how this new information may affect their current draft Form Specialized Disclosures (SD) and CMRs.

For additional information, please contact your RGP Client Service Director, visit RGP.com or call +1.800.900.1131.  (Or contact our policyIQ team and we’ll put you in touch with the local RGP Directors in your area.)

Challenges of conflict minerals compliance benefits ALL policyIQ clients

challengeHere on the policyIQ team, we are always talking about how we love a good challenge – and Dodd-Frank’s Conflict Minerals provision has provided us with challenges in spades.  We are learning to be careful what we wish for!

If your company is subject to the Dodd-Frank Conflict Minerals rules, you are likely well-aware of some of the challenges that organizations like yours are facing.  The regulation requires that any publicly listed company who manufactures (or contracts to manufacture) a product containing Tin, Tantalum, Tungsten or Gold – referred to as 3TG (also a great name for a boy band) – trace the origin of those minerals to the source, reporting on whether the minerals originate from the Democratic Republic of the Congo or some surrounding countries.

Survey your suppliers!  Wait…how many suppliers do you have?

After identifying those suppliers who may supply products containing one of the 3TG minerals, the next step for most organizations is to conduct a Reasonable Country of Origin analysis – typically involving sending a survey out to those identified suppliers.

Surveys and policyIQ go together like chocolate and peanut butter, so we know we have that survey part covered!

The challenge, of course, is the aggregation of responses on every unique part that a supplier supplies.  Consider an organization with over 300,000 unique parts supplied to them that may contain one of the 3TG minerals – and you can understand the challenge of effectively capturing, aggregating and reporting on that data.

policyIQ continues to perform faster for ALL of our clients

In addition to building unique functionality to manage the aggregation of large amounts of part-level data – our policyIQ development team has also been busy working to optimize the entire application, so that handling half a million (or a million) records becomes child’s play.  In fact, we’re close to releasing version 7.1, with even more functionality and performance enhancements than the just-released version 7.0.  (policyIQ clients who have not yet upgraded from version 6 will always be upgraded to the latest and greatest version of policyIQ!)

CMReport

Table filters – introduced in version 7.0 – become essential, so that a conflict minerals project manager can filter out the relevant responses for follow-up.  Bulk changes – to update status or follow-up actions – are performed on thousands of records at a time.

The best part?  Every policyIQ client benefits from these improvements.

So if anyone asks you if you are impacted by Dodd-Frank’s Conflict Minerals regulation, you can accurately say, “Yes!” – even if that impact might just be in the technology enhancements you enjoy as a policyIQ client.

Let our experienced Conflict Minerals team help you

RGPRGP has put together an incredible team of experienced professionals who have gone through the Conflict Minerals compliance process with organizations across the country.  Reach out to us and we’ll put you in touch with the regional expert to help you understand the impacts and put a plan in place for your compliance program!

Lessons learned from Conflict Minerals compliance

goldsmeltingIf you have been wishing that the Conflict Minerals compliance requirement of the Dodd-Frank Act was going to just go away, I am afraid that your wish has not come true.  This provision – applicable to any SEC filer who manufactures or contracts to manufacture products with Tin, Tantalum, Gold or Tungsten (or their derivatives) – are directly impacted, with companies all over the globe finding themselves impacted as suppliers to these organizations.

Already four months into 2013, companies who are subject to the provision need to act now to prepare for reporting.  For those just getting started, the good news is that many companies have already had these efforts under way for some time – and as more companies begin the detailed work of getting compliance, there are more lessons learned and best practices to share.

Challenges, Lessons Learned, and Practical Considerations

This Tuesday, Resources Global Professionals partnered with the law firm of Crowell & Moring to do just that.  Thought leaders from both organizations teamed up to present “Conflict Minerals & Gaining a Competitive Advantage: Challenges, Lessons Learned, and Practical Considerations”.

Danielle Sugarman, an associate at Crowell & Moring, reviewed the details of the Conflict Minerals provision, while Jon Wesoky, the Global Managing Director of RGP’s Supply Chain Practice, illustrated some critical lessons learned by companies who have begun their efforts to become compliant with Dodd-Frank’s Conflict Minerals provision.  Through countless discussions with companies across the globe – both SEC filers who are directly subject to the rule and companies who supply materials to those subject to the rule – Mr. Wesoky and the RGP Supply Chain Practice are able to share best practices to overcoming common strategic and logistical challenges of conflict minerals compliance.

As a partner at Crowell & Moring, Morris Defeo leads their Middle East and North Africa practice, and is a thought leader in the area of Conflict Minerals compliance and reporting.  Mr. Defeo provided an overview of the risks and responsibilities of organizations – and illustrated some practical ways to manage expectations appropriately.

Review the webinar at your convenience

If you are just getting started with your Conflict Minerals compliance program – or if you have not taken any action just  yet – I would encourage you to check out the recording of this highly informative webinar.  You can access the webinar here at your convenience.

Contact us and find out how RGP and policyIQ can help!

We also encourage you to reach out to us and the team at RGP if you want to learn more about your obligations under the Conflict Minerals provision, how RGP subject matters experts can help, or how policyIQ can provide the technology you’ll need to gather relevant data – contact us today!

Tip Sheet: Implement the WhistleBlower Module for Free in Five Easy Steps

whistleDid you know that policyIQ has a built-in WhistleBlower feature that allows for the anonymous reporting of issues to designated agents?  Did you now that it can be implemented and rolled out to all of your company’s employees for free?  Did you know that you could rename that module and use it for other types of anonymous two-way communication, such as feedback, suggestions, or cost-saving ideas?

If you answered yes to all of those questions, you get a gold star.

policyIQ has included a WhistleBlower feature since the early days of Sarbanes-Oxley legislation.   The WhistleBlower feature was designed to meet the SOX requirement to protect whistleblowers or those that report concerns over possible fraud or wrongdoing.  Over the past several years, the Dodd-Frank Act has added even more urgency to this concept, with more incentive provided to whistleblowers whose reports are not acted upon internally.

With that in mind, we want to make it easy for YOU to implement WhistleBlower in policyIQ – for free and in just a few easy steps.  We have created a tip sheet that walks through how to set up WhistleBlower, designate the Agents who handle cases, and roll-out the feature to your entire company.   (The tip sheet is available under the Attachments and Linked Pages area.)

Even if your organization already has a solid reporting hotline, consider using the policyIQ WhistleBlower feature as a mechanism to collect anonymous feedback, accept suggestions or field cost saving ideas that employees might otherwise be reluctant to share.  And as always, if you need help getting started, don’t hesitate to contact us!

Conflict Minerals Regulations: Don’t underestimate the impact on YOUR organization

I am willing to bet that there are less than a handful of policyIQ blog readers out there right now who haven’t heard of the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”).  Dodd-Frank has been a news-worthy item before it was even signed into law in 2010 for both the regulation that it now imposes on companies doing business in the United States, as well as the regulations that it has so far failed to implement.

But how much do you know about the Conflict Minerals Provision of Dodd-Frank that requires public companies to provide transparency around where specific minerals in their products or production process originate from?  Even if you think you aren’t affected, keep reading.  The impact may be larger than you think.

goldWhat are Conflict Minerals – and what does the “Conflict” refer to?

Conflict Minerals is a term that refers to gold, tin, tungsten and tantalum – and any of their derivatives.  These specific minerals are identified as “conflict” minerals, because it is widely recognized that profits from the primary sources of these minerals go to support violence and repression in the Democratic Republic of the Congo (“DRC”) and some neighboring countries.  The materials may not all be common names, but they are widely found in consumer products and they are frequently used in the manufacturing process.  Electronics, jewelry, solder, wires – even packaging and promotional materials – often contain these minerals.

The goal of the Conflict Minerals Provision of Dodd-Frank is to minimize the use of these minerals from the DRC or find “conflict-free” sources from which to purchase.

So what does Dodd-Frank’s Conflict Minerals Provision require?

The Conflict Mineral Provision aims to create a more transparent supply chain – to require companies to disclose their use of Conflict Minerals and from where those minerals originate.  The details have not been finalized, but essentially all public companies will be required to a.) determine if they use the conflict minerals in their products or production process (even in trace amount), and if so, b.) follow the supply chain back to the source.  If a company does use minerals sourced from the DRC (or if they cannot determine the source), that company will be required to provide an audited Conflict Minerals Report within their Annual Report.  Companies who do not source minerals from the DRC can include a simple disclosure (along with their methods of making that determination) within the Annual Report.

There are no penalties or requirements for an organization to discontinue the use of minerals sourced from the Democratic Republic of the Congo, but by requiring that a company expose their supply chain and disclose the source, the expectation is that there will be pressure from various stakeholders for a company to be “conflict free”.

What does this mean to you? 

If you are an SEC filer and you produce or sell a product that contains these conflict minerals – or uses these conflict minerals as a part of your production process – you will be impacted.  These minerals might be found in packaging for your product.  They might be in promotional materials for your product.  They might be found in trace amounts, but in critical parts of your production process, such as the soldering of parts or wiring of components.  The bottom line is this:  If you produce or sell a physical product, you need to be educated on the Conflict Minerals Provision.

Get up to speed and plug into Resources Global Supply Chain Practice

scm_facebookThere are lots of online sources of information, but if you need to learn more about how the Conflict Minerals Provision affects your businesss – and what you can do to prepare today – let us put you in touch with experts from the Resources Global Professionals’ Supply Chain Practice.  This team recently published a Client Alert, which can be found on our Resources’ website, with lots of great information about Conflict Minerals – and they will continue to provide updates and guidance as the SEC refines the details.  If you are not already receiving updates from Resources Global, let us know and we’ll introduce you to our colleagues in your local Resources’ office.  They will make sure that your contact information is included on the mailing list for future alerts!

We’ve also recently launched a Facebook page for our Supply Chain Practice, so that our experts can update and interact with supply chain professionals across the globe.  Check out the page, “Like” it to see updates in your own feed, and join the conversation!

Issue Reporting: Take Action Now!

whistleLet’s face it; several companies could have avoided public scandals if they had functioning, efficient whistleblower functions in place to catch issues early. Not only is an effective whistleblower function a key element of corporate governance, but the Sarbanes-Oxley Act mandates that a company has a whistleblower function designed to protect the reporter.

We know that corporations have spent a lot of time and money in setting up these functions but unfortunately it seems that some companies still aren’t doing a good enough job at “policing” themselves.   In come the whistleblower bounty rules under the Dodd-Frank Act, allowing a whistleblower to earn as much as 30% of any settlement the SEC wins based on the information provided to the SEC by the whistleblower.

I’m sure this has plenty of compliance officers frustrated.  Not only do they need to convince people that reporting these issues early is the right thing to do, now they must find a way to compete against potential multi-million dollar payouts to get that information from whistleblowers!

So what can you do?  You can start by making sure that your internal channels of issue reporting are easily accessible and that your corporate culture encourages open and honest feedback.

Did you know that policyIQ has a whistleblower module?   I realize that all SOX compliant companies already have something in place, you might even be using the module in policyIQ already, but I wanted to share some benefits of this module with the rest of you who might be interested in a way to capture anonymous feedback or even those that may be looking for a different tool.

    1. WhistleBlower is not a separate system. Since WhistleBlower is in a system used frequently by employees, there is no risk that employees do not know where to go when they have an issue. Plus, it’s not going to cost you any extra money! Read Only Users (which are always free) can submit cases.
    2. Consider renaming the module and using it for other types of anonymous feedback. You could rename the module something like “Feedback”, “Suggestion Box” or “Issues” and provide a great tool to gather information that individuals might otherwise be hesitant to provide.
    3. policyIQ’s unique design allows for an anonymous two-way communication between the employee reporting the issue and the designated “agent”. When an issue is submitted, policyIQ generates a random alphanumeric key and encrypts the contents of the issue so that only the designated “agent” can access it. The submitting employee can use that same key to open the issue to read or add follow-up comments.
    4. Board and Management reporting provides a snapshot of issues either by status code (i.e. Open, Closed), or by the “agent’s” name. The reports display the last activity date of each issue to ensure that issues reported are investigated on a timely basis.

whistleblower

If you are interested in learning more about the WhistleBlower module in policyIQ, here are some suggestions to get you started: