FOR AN UPDATE ON SEC’S DELAY OF THE FINAL RULE, CLICK HERE.
As veterans of regulatory research, we are accustomed to spending hours poring over a plethora of governmental regulations, background documents, guidance and other reports. Our work with conflict minerals supply chain traceability and SEC’s regulations has been no different. In addition to having completed such audits, we have read and re-read
- the proposed SEC regulation and its preamble;
- the OECD Due Diligence Guidance for Responsible Supply Chains of Materials from Conflict-Affected and High Risk Areas, and the Supplement on Tin, Tantalum and Tungsten;
- the ISO 19011 standard;
- comments submitted to the SEC on the proposed regulation (approximately 700 total comments were submitted, of which 433 were standard form letters. Of the remaining 270, approximately 75% provide substantive content);
- hundreds of relevant media reports, legal advisories and NGO documents;
- various auditor standards under SEC, including Government Accounting Office Government Accounting Standards GAO-07-731G, AICPA Statements on Standards for Attestation Engagements (SSAEs); and
- industry commentary and alerts on the topic.
Yesterday, we completed an analysis of the 263-page report from the Boston Consulting Group (BCG) titled US Securities and Exchange Commission Organizational Study and ReformMarch 10, 2011 to see what insight might be hidden therein on the upcoming final conflict minerals regulations.
BCG’s report establishes the ultimate context for the other documents which, in turn, essentially provides a preview of the final rule. Our opinion is that SEC will meet the statutory deadline of April 15 with a rule that will:
- clarify procedural aspects, such as applicable audit standards (i.e., GAO-07-731G, AICPA SSAE, etc), the need for annual audits and the question of “furnishing” versus “filing” the report;
- establish a materiality threshold for conflict minerals content in products;
- specifically exclude retailers and contract manufacturing arrangements under certain conditions;
- defer most substantive compliance requirements to allow further study; and
- defer the initial reporting compliance date.
By doing this, SEC can meet competing priorities with which it is currently struggling. Such a rule would appease the regulated community and buy SEC time, while allowing SEC to claim victory in meeting the legal deadline. During the deferral period, we expect SEC will implement its overarching organizational restructuring and internal risk assessment processes spelled out in the BCG report, then come to a final position on Section 1502(b).
What does this mean for companies impacted by the due diligence/audit requirements?
We have written and directly counseled clients and others on business risks associated with completing the audits in advance of the final SEC rules. As we see it, the risks are somewhat different depending on your company:
- Companies directly regulated by SEC. Audits conducted “pre-rule” risk being non-compliant with the final SEC requirements. Early adopters may be faced with paying for audits a second time to achieve compliance. Reputational damage is possible where companies publicize or market the results of audits that are non-conforming to the final rule. At an extreme, companies could face lawsuits over nonconforming audits in a manner similar to lawsuits filed for non-GAAP financial reporting or certain corporate social responsibility reports.
- Privately-held companies responding to customer demands. For these companies, the risk is not compliance oriented, but centers on unnecessary costs and reputational damage. Where customers demand this information of suppliers, the demands must be met. The question becomes is SEC compliance driving the customer’s request? If so, (assuming our prediction is correct) the customer’s need may not be so urgent or burdensome as originally thought; and early adopter efforts on the supplier’s part may be overkill/overly expensive in light of a rule deferral period. Legal action from customers who rely on the “pre-rule” audit information and reputational damage are both possible where companies publicize or market the results of audits that are non-conforming to the final rule. Suppliers would be wise to work with customers to find an acceptable balance between the drivers, timing, scope and cost.
Companies want to be proactive and responsible corporate citizens. But we live in a command-and-control legal setting – combined with third-party lawsuits and governmental performance metrics that incentivize fines, penalties/aggressive enforcement. Early action in a time of regulatory uncertainty carries risk. In US corporate sustainability activities, this is perhaps most vividly demonstrated by last year’s complete collapse of the voluntary US GHG emissions trading market – specifically established in advance of US legal requirements on GHGs to create “first mover advantage”.
Elm continues to recommend that companies move forward with implementation evaluation, scoping and planning activities, but wait for SEC’s rule to be finalized before conducting audits.