A Final Conflict Minerals Obstacle Awaits: Form SD

So much work has been put into vetting suppliers and assessing products for compliance with new conflict minerals disclosure requirements that many companies may have not yet fully considered the actual filing protocol that is the end game for those supply chain reviews.

When companies do crack into the Securities and Exchange Commission's new Form SD—a new form created for conflicts minerals reporting and other “special disclosures”—it may feel unfamiliar. Rather than straightforward quantitative and check-the-box reporting, the atypical form asks for narratives and open-ended discussion of the issue.

Companies may also be unprepared for the level of inspection the SEC may bring to the forms.  “Companies are so focused on trying to meet the bare minimum requirements of the law, I don't think they have necessarily thought ahead to the level of scrutiny that will accompany the disclosures,” says Kirsten Wallerstedt, senior regulatory analyst for data management company 3E. “That's starting to rise to consciousness now.”

As part of the Dodd-Frank Act, the SEC issued rules that require public companies to disclose their use of tantalum, tin, gold, or tungsten that originated in the Democratic Republic of the Congo or an adjoining country. The mining of such metals has been used to fund militia groups that have committed human rights abuses. Public companies must conduct a “reasonable” country-of-origin inquiry to determine if the minerals in their products originated from those countries; track and document their source and chain of custody; and include findings in a public report. Information must also be published on the company's public Website.

A second draft of Form SD, filed through the SEC's EDGAR system, was released in January, “but I don't think companies are confident that this will be the final version,” says Paul Martyn of BravoSolution, a supply management software provider. Issuers must file their first Form SD, and accompanying conflict minerals reports and auditor attestations, by June 2 for the 2013 calendar year (the SEC's annual May 31 deadline gets bumped back because it falls on a Saturday).

A pending decision by an appeals court on a legal challenge against the rule by the National Association of Manufacturers and U.S. Chamber of Commerce could drive further changes to what's required from a reporting perspective.

The filing itself is a narrative exercise, with companies required to distill their supply chain due diligence into explanatory responses. “The key parts of the form are free-flow writing, not checking a box to say you did something,” says Wallerstedt, who oversees regulatory research and analysis for her firm's supply chain compliance solution. “Companies need to figure out not only what they did that demonstrates compliance, but how to express it in Form SD. There are a lot of landmines they can step on if they aren't aware of all the different audiences that are going to be evaluating what they write and how they write it.”

Among the form's requirements are providing a description of the measures taken to exercise due diligence on the source and chain of custody of conflict minerals and filing a statement that it obtained an independent private sector audit of the conflict minerals report.

Guidance Emerges

Beyond guidance offered by the SEC, which companies have complained lacks specifics, detailed assistance has come from other sources. The rule's very existence comes from pressure put upon Congress by activist groups. Much of the affect on companies after they file will come in the form of “name and shame” reports they are expected to publicize based on the submitted data. This makes it wise to yield to their expectations, experts say. In September, for example, the Responsible Sourcing Network and the Enough Project published the paper, "Expectations for Companies' Conflict Minerals Reporting," that describes the content human rights activists want to see in Form SD filings.

“Companies are so focused on trying to meet the bare minimum requirements of the law, I don't think they have necessarily thought ahead to the level of scrutiny that will accompany the disclosures.”

—Kirsten Wallerstedt,

Regulatory Analyst,

3e Company

They expect issuers to undertake the due diligence measures outlined in frameworks developed by the Organization for Economic Co-operation and Development. The groups also want company policies and programs clearly stated in SEC reporting, making it “easy to determine if an issuer's conflict minerals system and procedures are consistent with its policy,” the groups state in the paper. In reporting, companies should describe their process for communicating, implementing, or contractually obligating their sourcing policies throughout subsidiaries and suppliers.

Reporting should include percentages or numbers for employees reached by training programs; affected products for each mineral; suppliers not in compliance with their policy; suppliers adhering to OECD guidance; suppliers undergoing remediation to bring them into compliance with their program; smelters in the supply chain not participating in an independent verification program; and validated smelters not sourcing from the covered countries.

Red flags in the collection of country-of-origin information from suppliers—such as incomplete reporting templates, responses not backed with supporting documentation, and failure to identify smelters—should be itemized.

“You can draw a lot of inferences from that document,” Wallerstedt says. “Companies should be equally cognizant of the scrutiny from stakeholder groups as they are of actual compliance, because reputational risk may end up being as important as legal compliance if these groups do what they say they are going to do and evaluate programs.”

What Auditors Will Look For

The SEC's requirement for auditor attestation of conflict minerals reports led to similar guidance from the American Institute of CPAs. “In order for the description of the due diligence measures performed to be suitable, the entity's description must be objective, measurable, complete, and relevant,” it says. The narrative should be free from bias and refrain from using words like “best practice” or “industry standard.”

INTERNAL STANDARD OPERATING PROCEDURES

The following, prepared by Assent Compliance, offers sample text for conflict minerals responses to Form SD. It bases the sample on a fictitious company, Acme Corp.

Risk Assessment and Risk Mitigation

As part of Acme Corp.'s compliance plan design, all products and suppliers were assessed in order o identify conflict minerals scope and risk. High-risk suppliers and products were flagged in a database for prioritization of due diligence chain sourcing activities.

High-risk suppliers and products are required to provide a greater level of poof, in order to demonstrate a reason to believe that their conflict minerals do not originate in the covered countries.

In addition, Acme has established a separate risk mitigation committee which will specifically address high-risk suppliers and products that do not meet the minimum requirement for Acme's conflict mineral compliance program. This committee is responsible for resolving these supply chain issues by assisting the supplier, mapping mine or origin, or changing the source of materials in question.

Supplier Responses

No conflict minerals in materials provided to Acme Corp.: 200

Conflict minerals do not originate from DRC or adjoining countries: 1,200

Conflict minerals source is unknown: 100

Through its conflict minerals compliance program, Acme was able to determine that over 94 percent of all its suppliers either do not provide materials that contain conflict minerals, or do not provide any reason to believe that their conflict minerals originate in the covered countries.

The 100 suppliers that were unable to provide sufficient conflict minerals source information as part of the initial Reasonable Country of Origin inquiry underwent additional OECD Due Diligence activities, which are described in Acme's conflict minerals report.

Source: Assent Compliance.

The AICPA guidance adds that “words used in the description of the due diligence measures need to be precise and specific, not vague or subjective.” Inappropriate descriptions for attestation purposes would include “some, reasonable, substantive, or exhaustive, or ‘to the best of our efforts.'” Due diligence measures that are detailed should be those actually performed, not ones that haven't been implemented yet, it adds. Like the stakeholder groups, AIPCA agrees that conflict minerals reports should draw upon a nationally or internationally recognized framework, such as the one from OECD.

Wallerstedt stresses the importance of the AIPCA's edict to choose words carefully. “It explicitly tells you not to use some of the words that are found in the law,” she says. “The regulations by the SEC state that you need to undertake a ‘reasonable' country of origin inquiry, or a ‘reasonably designed inquiry.' But then the auditors come in and say that describing a ‘reasonable program, done in good faith,' is not good enough. They need actual concrete metrics, numbers, and data. Avoid using words that are vague or maybe indicate compliance, but don't demonstrate compliance.”

While companies must demonstrate efforts to hold suppliers accountable, they shouldn't shy away from detailing failures, says Wallerstedt. “Companies shouldn't see mis-steps they made in the past year as a bad thing to report,” she says. “If they haven't gotten the results they wanted, or uncovered red flags in the supply chain they were able to address, or plan to address, these are really good things to lay out, especially in the first reporting period. It shows you are taking measures to address problems. You want to be able to show progress year-to-year. If you spin and try to make things look rosier than they are, you'll have a harder time next year showing that you improved.”

Obstacles Persist

Verifying supplier data—making sure what they report is accurate, truthful, and provable—is a continuing challenge, says Jon Hughes, director of Assent Compliance, a provider of compliance software and consulting services. “This is a key step with respect to reporting, as you need to have some methodology in place for verifying supplier responses, identifying red flags, and mitigating risk,” he says.

“Many companies did not structure their program with this in mind and looked at conflict minerals compliance as a race to get through as many [industry-suggested reporting templates] as possible, which isn't a bad thing in and of itself,” Hughes adds. “The issue many are facing now, however, is they have no way of analyzing that data, which hinders their due diligence process and limits their reporting capabilities.”

Many companies “grotesquely undershot” the effort it takes to engage suppliers, obtain usable data, and package it for Form SD, agrees Kami Blake, solutions engineer for 3E.

Beyond these immediate concerns, companies should look to the future, and not just forthcoming conflict minerals disclosures, she adds. Form SD was designed to be a template for other disclosures with a social issue flavor. Lessons learned now will be important going forward.

 “We are moving the discussion from free trade to fair trade,” Blake says. “All of the effort that has gone into collecting information from suppliers to satisfy the conflict minerals requirement should be put into some kind of organized system. You are going to have to call on that system and those resources again, probably many times over, as we move into an environment of compliance obligations that are driven by social responsibility initiatives.”