OECD to SEC: Make us the Conflict Minerals Due Diligence/Audit Standard for the US

ITRI reported the following yesterday:

The Organisation for Economic Co-operation and Development (OECD) is expected to make a formal request that the US Securities and Exchange Commission (SEC) makes explicit reference to existing, internationally agreed due diligence guidelines when it releases new “conflict minerals” reporting rules shortly. The SEC is in the final stages of considering the interpretation of the US Dodd-Frank Wall Street Reform and Consumer Protection Act and may release the new ‘rules’ sometime in August. The OECD believes that its own guidelines, together with those set out by the UN Group of Experts on the Democratic Republic of Congo, can be used to help clarify definitions of “not DRC conflict free” and “DRC conflict free” under the US law.

OECD has drafted a letter to SEC and is looking for companies or associations willing to support the concept of progressive due diligence and improvement of mining circumstances in the central African region, and to request clarification of the expectations for company reporting in terms of the ‘conflict mineral’ issue.

Elm recently reported on certain US industry views on the OECD standard, which includes general concerns about potential inconsistencies with SEC auditor standards.  These concerns are relevant to not only the audits themselves, but the scope of the supply chain management programs, audit preparations and a range of potentially significant liabilities.  Elm shares these views; the following table highlighting the main points.

OECD Guidance	Comments
Step 2.II  DOWNSTREAM COMPANIES Downstream companies who may find it difficult to identify actors upstream from their direct suppliers (due to their size or other factors), may engage and actively cooperate with other industry members with whom they share suppliers or downstream companies with whom they have a business relationship to carry out the recommendation in this section in order to identify the smelters/refiners in their supply chain and assess their due diligence practices or identify through industry validation schemes the refiners/smelters that meet the requirements of this Guidance in order to source therefrom.	Supply chain due diligence activities undertaken with suppliers/others with business relationships or members of industry association-sponsored conflict minerals audit programs conflicts with the Auditor Independence elements in Step 4.A.3.a.
Step 4.A contains the OECD’s standards for independent third party audits of smelter/refiner due diligence practices, but continues (Step 4.B.1): … all actors in the supply chain should cooperate through their industry organisations to ensure that the auditing is carried out in accordance with audit scope, criteria, principles and activities listed above [in Step 4.A.]. Also provides additional SPECIFIC RECOMMENDATIONS for exporters, traders, re-processors and downstream companies within the context of the smelter/refiner audit scope.	Creates significant ambiguity in the intended audit scope: are the audits of exporters, traders, re-processors and downstream companies to be included as part of – or directly involved in – the smelter audit? Additionally, this conflicts with the Auditor Independence elements in Step 4.A.3.a.
Step 4.A.3.a    The Audit Principles: Independence To preserve neutrality and impartiality of audits, the audit organisation and all audit team members (“auditors”) must be independent from the smelter/refiner as well as from smelter/refiner’s subsidiaries, licensees, contractors, suppliers and companies cooperating in the joint audit. This means, in particular, that auditors must not have conflicts of interests with the auditee including business or financial relationship with the auditee (in the form of equity holdings, debt, securities), nor have provided any other services for the auditee company, particularly any services relating to the due diligence practice or the supply chain operations assessed therein, within a 24 month period prior to the audit.	SEC has long-established standards and regulations for auditor independence in the US.  Those standards have been tested/validated in the US legal system.  There is no need for untested duplicative standards that do not specifically reflect US law and that apply only to a single set of SEC audits. Other forms of impairments to auditor independence from SEC’s “Yellow Book” (GAO-07-731G) not indicated by OECD: Personal impairments including preconceived ideas toward individuals, groups, organizations, or objectives of a particular program that could bias the audit; and biases, including those resulting from political, ideological, or social convictions that result from membership or employment in, or loyalty to, a particular type of policy, group, organization, or level of government.  Given the emotional nature of underlying issues (human rights atrocities, subsistence livelihood of artisanal miners), personal impairments are highly relevant in these audits. External impairmentsare pressures, actual or perceived, from management and employees of the audited entity or oversight organizations, which includes: external interference or influence that could improperly limit or modify the scope of an audit or threaten to do so; external interference with the selection or application of audit procedures or in the selection of transactions to be examined; the authority to overrule or to inappropriately influence the auditors’ judgment as to the appropriate content of the report. Direct involvement in audit processes by industry associations, NGOs, business competitors and customers alike create a high likelihood of these (and similar) external impairments. As is detailed in other sections of this comparison table, this OECD auditor independence standard conflicts with other elements of the Guidance and increases annual audit costs for companies by mandating “rotating auditors” for annual audits.
Step 4.A.3.b.  The Audit Principles:  Competence Auditors should conform to the requirements set out in Chapter 7 of ISO 19011 on Competence and Evaluation of Auditors.	ISO is not meaningful within the context of legally-mandated audits under SEC jurisdiction.  Such audits are no longer a voluntary standard as is ISO. The audited companies – and auditors themselves – face significant risks related to SEC compliance, reputation and a broad range of consequential liabilities that are addressed far better by specific SEC audit/auditor standards than a general voluntary framework with no direct governmental involvement or support.
Step 4.A.4.b.  The Audit Principles:  Document Review … all records on business partners and suppliers, interviews and on-the-ground assessments…	SEC audit standards are based on “reasonable assurance” and “representative sampling”.  Audit tasks seeking 100% certainty or review are not appropriate/feasible except in limited circumstances. Where expectations are based on 100% certainty or review, auditors face significant and unreasonable liabilities.
Step 4.A.4.c.  The Audit Principles:  In-site Investigations In-site investigations should include… ii.  A sample of the smelter/refiner’s suppliers (both international concentrate traders, re-processors and local exporters), which includes supplier facilities	Suggests the auditors visit another company’s facilities. The auditor faces multiple uncontrolled business liability risks in this “extended audit” scope unless the auditor has a separate specific contract with that supplier.  Such a contractual relationship conflicts with the Auditor Independence elements in Step 4.A.3.a.
4.A.4.c.  The Audit Principles:  In-site Investigations In-site investigations should include… iv.  Consultations with local and central governmental authorities, UN expert groups, UN peacekeeping missions and local civil society.	Suggests direct involvement of external parties in the audit process, an inappropriate extension of audit scope. An auditor may not be able to confirm/verify the information presented by these external parties.  This also presents a potential for inadvertent breach of confidential business information.
4.A.4.d  The Audit Principles:  Audit Conclusions Auditors should generate findings that determine, based on the evidence gathered, the conformity of the smelter/refiner due diligence for responsible supply chains of minerals from conflict-affected and high-risk areas with this Guidance.	The findings envisioned by OECD are based on conformity and not fully consistent with the requirements of Section 1502(b), which requires the audit to include additional information (“compliance”). A substantial body of information over more than 15 years related to ISO14010/14011 (Environmental Management Systems Auditing, now superseded by ISO 19011) demonstrates there is typically a significant gap between the outcome of conformity audits versus compliance audits.
4.B.1.d  SPECIFIC RECOMMENDATIONS – For all downstream companies It is recommended that all downstream companies participate and contribute through industry organisations or other suitable means to appoint auditors and define the terms of the audit in line with the standards and processes set out in this Guidance. Small and medium enterprises are encouraged to join or build partnerships with such industry organisations.	As explained above, this program element conflicts with the Auditor Independence elements in Step 4.A.3.a.
Step 4.B.2  INSTITUTIONALISED MECHANISM FOR RESPONSIBLE SUPPLY CHAINS OF MINERALS FROM CONFLICT AFFECTED AND HIGH-RISK AREAS. All actors in the supply chain, in cooperation and with the support of governments and civil society, may consider incorporating the audit scope, criteria, principles and activities set out above into an institutionalized mechanism that would oversee and support the implementation of due diligence for responsible supply chains of minerals from conflict-affected and high- risk areas. The institution should carry out the following activities: a)  With regard to audits: i)  Accrediting auditors; ii) Overseeing and verifying audits; iii)Publishing audit reports with due regard to business confidentiality and competitive concerns. b)  Develop and implement modules to build capabilities of suppliers to conduct due diligence and for suppliers to mitigate risk. c)  Receive and follow-up on grievances of interested parties with the relevant company.	This takes key audit oversight out of SEC’s hands and places the responsibilities directly with a group of representatives from the regulated community, creating a major gap in auditor standards and dramatic potential for auditor impairment as discussed above in Step 4.A.3.a. Research indicates there is no precedent in any other legally-mandated audit program under SEC that defers this level of direct management and oversight to an industry group or other non-governmental organization.