Investigative Due Diligence: Achieving Responsible Business Conduct in Mineral Supply Chains


Photo by Jeangagnon / CC BY

By Carsten Giersch and Sam Pothecary

It is the reality of modern-day technology that at its source a number of unacceptable human rights abuses are taking place. Not all raw materials are affected by any means, but shady origins persist for a select few important minerals used in many digital technology products: they have been mined through the hands of a child, or by a man threatened by the barrel of a gun, or the process has contaminated water supplies, or deprived indigenous populations of their native lands. As the media continues to bring these disturbing sourcing practices to the public’s attention, the regulatory landscape is changing, with international law now in place – and more on its way – to stamp out the abuses staining the mineral supply chain. It’s no longer just a matter of corporate social responsibility, but has evolved into a mandatory compliance topic.

As recently as March 2017 the EU adopted a new law upon responsible business conduct in sourcing minerals, dubbed the Conflict Minerals Regulation, while at the same time the US Securities and Exchange Commission (SEC) is expected to modify the reporting requirements under its Conflict Minerals Rule. Both these regulations are based on the recognized standard set by the OECD ‘Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High- Risk Areas’. In May 2017, at its 11th Forum on responsible supply chains, the OECD published new guidance on ‘Practical actions for companies to identify and address the worst forms of child labour in mineral supply chains’, thus responding to what companies fear most; association with incidents of exploitation of children in sourcing the material ultimately used to manufactured their goods.

Other than the obvious outrage over the abuses taking place, companies might well ask themselves why it is so relevant to them. The answer is many-fold, but not least because of the critical role certain minerals play in modern digital technology. While the focus of conflict minerals regulation has rested on tantalum, tin, tungsten and gold (3TG), this is not the end of it. Take cobalt for example, a crucial ingredient in rechargeable lithium-ion batteries used in smartphones, renewable energy integration and electricity vehicles. This huge market is set to double over the coming years, as reliance on these batteries is set to increase. But cobalt has found itself in the media as of late, as a significant portion of the mineral is being mined in illegal mines in the Democratic Republic of Congo (DRC), where child labour is rife. Independent of the legal dimension, such failure in responsible business conduct through complicity with these practices entails serious reputational damage for companies sourcing from such locations.

A lot is being done by international organisations, institutions, regulatory bodies, and the companies themselves to address the problem. But many holes still exist, while incidents of human rights abuses and compliance breaches are gaining prominence in an ever more watchful media. To have a chance of successfully eradicating the problem, companies at the downstream end of the chain should take more responsibility, and apply a risk-based approach to their own due diligence. Fully relying on supplier due diligence and third party audit schemes may be insufficient, as, according to the OECD due diligence guidance, individual responsibility for due diligence remains with the company. In fact, companies can adopt investigative due diligence themselves to find out whether their products are linked to human rights violations. As a rule of thumb, if NGOs and reporters can find out about the abuses taking place in the supply chain, the company should be able to find out first and remediate the problem.

Under the concept of responsible business conduct there is no reason to apply less rigorous due diligence measures on human rights requirements than on compliance with anti-corruption law and anti-money laundering. Moreover, corruption, money-laundering, human rights violations, environmental pollution and other illicit practices are often interlinked, and ‘red flags’ are therefore easier to detect if investigated together within a joint integrity due diligence approach. Best practice is to establish a risk-based due diligence scheme in order to be able to focus limited resources on identified risks. But should increased risk emerge during the assessment stage, the enhanced diligence operation must be undertaken and conducted in an investigative manner. This includes discreet enquiries with local experts, in order to be able to gain real insights into relevant incidents of possible non-compliance with standards of responsible business conduct.

The figure below depicts the key features of the holistic approach to Investigative Due Diligence. For more details on the approach see section ‘Know your supply chain’ with investigative due diligence’ below.

Grafic IDD

Regulatory approaches: where it all began

The framework for responsible business conduct dates back to the ‘OECD Guidelines for Multinational Enterprises’ first issued in 1976 and updated several times to also include human rights due diligence in 2011. The issue of responsible sourcing of minerals from conflict-affected areas has become increasingly pressing since then, and has since added a renewed focus on alleviating incidents of child labour. The purpose of the relevant OECD due diligence guidelines was to set out a risk-based due diligence methodology with detailed recommendations on how due diligence is to be conducted to assess and address threats of economic crime and human rights violations along the supply chain of minerals stemming from high-risk regions.

Following on from the OECD Guidelines, in 2012 a series of national laws in the DRC region and the US, partly based on the guidelines, were passed in relation to conflict minerals. In particular, the SEC adopted the Conflict Minerals* Rule within the Dodd-Frank Wall Street Reform and Consumer Protection Act, which requires all public companies listed with the SEC, including of foreign, companies, to conduct supply chain risk assessments, disclose their use of conflict minerals (tantalum, tin, tungsten and gold 3TG) and possible links to armed conflicts. Overall, supply chain transparency requirements have been becoming consistently more demanding in various global jurisdictions, with a particular focus on reporting requirements and supply chain disclosure.

*The term “conflict minerals” is defined as columbite-tantalite, also known as coltan (from which tantalum is derived); cassiterite (tin); gold; wolframite (tungsten); or their derivatives; or any other mineral or its derivatives determined to be financing armed conflict.

In the face of the initial supply chain mineral regulations and laws, a number of initiatives were established by proactive companies and organisations that aimed to eliminate the human rights violations taking place at the end of their supply chains and to fit in with new regulatory requirements. Worth noting is the establishment of third-party verifications and audits of the smelters as well as a series of mechanisms for reporting risks associated with the relevant upstream companies. The role of the smelters and refiners in the supply chain is considered to be essential in the entire due diligence process, as they represent a point of transition from upstream to downstream. Therefore, some initiatives have sought to focus on the smelters and the refiners, as a point in which the appropriate due diligence should take place.

A third-party verification system, in addition to the validation of traceability measures, requires smelters to be compliant with the OECD guidelines according to the Conflict-Free Smelter Program or equivalent certifying bodies, including the London Bullion Market Association, the Responsible Jewellery Council (RJC) and ITRI through its Tin Supply Chain Initiative (iTSCi). These third-party certifying bodies, which conduct audits of minerals, require the companies to conduct due diligence from the raw material to the mineral processing level in order to determine whether relevant minerals originate from high-risk regions.

Persistence of incidents

Despite early efforts from the companies leading the way in supply chain due diligence, a large number of incidents have been reported in the media and open sources over the last few years that highlight serious human rights abuses taking place in high-profile company supply chains. It may be that the regulatory focus on the issue over the last few years has helped to zero the media in on the topic. It may also be that the previous focus on making sure that minerals are “conflict-free” has ignored more general human rights abuses in the supply chains, such as child labour, which are equally disturbing and are now being subjected to the scrutiny of the media and regulatory bodies. The newest set of OECD Guidance is indicative of that. Alongside efforts to ensure conflict-free minerals, it is now being suggested that companies should focus on responsible business conduct, dealing with each risk and human rights violation individually.

Some of the high-profile incidents that have been reported in mainstream news recently include the 2014 BBC report of tin coming from illegal mines on the Indonesian island of Bangka, where children were found to be digging tin out by hand in extremely dangerous conditions; a 2016 Washington Post report highlighting the environmental damage, such as damaged crops and polluted drinking water, caused by the graphite mines in various Chinese villages that supply the consumer tech industry; a 2016 Reuters report stating that a number of big Chinese suppliers are using tin mined in the rebel-held Man Maw mine in Myanmar; and the 2016 Washington Post report of lithium being mined on indigenous peoples land in Argentina, Bolivia and Chile, without sharing profits with the indigenous peoples and worsening existing water shortages.

The highest-profile contemporary example is of cobalt mining in DRC, as noted in the introduction. This story first broke in 2015, when it was discovered that a large percentage of the cobalt miners in DRC – where 60 percent of the global supply comes from – are subject to terrible working conditions, where deaths and injuries are common. Worst of all, it was revealed that children are also working on these mines. The media scrutiny of these mines and the companies whose products were using this mineral was so staunch that some fundamental questions about appropriate supply chain due diligence remained.

Clearly, the challenge of responsible sourcing of minerals is not limited to defined conflict zones of the DRC region, but concern conflict regions world-wide; it is not limited to the mining of traditional conflict minerals 3TG, but applies to other minerals such as cobalt as well; and the relevant question is not just whether minerals are conflict-free, but whether they are sourced in compliance with human rights.

Changing regulatory landscape

After discussions that went on for years, the EU finally released its own law in March 2017, which will apply across the EU as of 1 January 2021. Interestingly, it has stuck to conflict minerals, specifically tin, tantalum, tungsten and gold, rather than all human rights violations in all mineral supply chains. But it will have a global reach, different form the US SEC rule. However, in contrast to the SEC rule, the EU has adopted a different approach to the due diligence process, and instead of obliging the Original Equipment Manufacturers (OEMs) to report about their supply chain due diligence system, it has applied its rules to the importers of minerals or metals in the EU only.

To support the due diligence requirements the European Commission is expected to provide a list of conflict-affected and high-risk areas, which it claims will also include “useful information for companies carrying out due diligence,” which should be ready by 2019. It also plans to provide a “global list of responsible smelters and refiners that are deemed to fulfil the requirements of the regulation.” The regulation covers both individuals and companies, and requires EU importers of the selected metals to carry out due diligence on their supply chain in line with the OECD Guidance.

The controversial provision appears to be letting the OEMs off the hook and saving them from assuming the responsibility of making sure their supply chains are in line with the OECD Guidance. However, should relevant human rights violations be reported and affected supply chains be thoroughly scrutinised by the media in the future, it will not be the name of the importer companies in the headlines, but that of the OEMs. OEMs are therefore facing the risk of serious reputational damage should the importers fail to conduct the appropriate due diligence themselves, which is not unlikely given limited resources. OEMs that import the minerals themselves or through their subsidiaries, are in any case directly liable under the new law.

In a reverse twist, the SEC has recently suspended its reporting requirement for companies doing business in the US. This requirement had meant that it was compulsory for listed companies to release a report each year that stated whether it could or could not confirm that its minerals were conflict-free, and what steps the company had taken to try and improve their own supply chains in relation to conflict minerals. The SEC suspended this specific requirement, because of a court ruling in favour of a corporate association complaint, which stated that it was a violation of the 1st Amendment, freedom of speech.

In the face of the ruling, some companies have already assured that they will continue with the reporting regardless, but it remains to be seen whether they will release reports with the same level of detail as before. It is too early to say to what extent the new US administration might be able to modify the SEC conflict minerals rule. What is sure is that the companies are aware that they are under scrutiny, and a number of such companies are equally aware that they will benefit in the long run from being proactive today.

International regulation for responsible supply chains is, unsurprisingly, subject to political controversies and negotiations and not always a linear process. At the same time, national businesses’ attempts to address human rights violations are now gaining momentum in other, more progressive European countries.

For example, in 2015 the UK adopted the Modern Slavery Act 2015 which obliges certain commercial organisations and public bodies to ensure that human rights violations and human trafficking is not taking place in their supply chains. In February 2017, the French National Assembly voted in favor of the “corporate duty of care” law which obliges parent companies to conduct due diligence upon its supply chain with the aim of identifying any risks and of preventing any violations of human rights and fundamental freedoms, and any threats to the health and safety of people and the environment. Also in February 2017, the Dutch parliament approved the “due diligence child labour” law which applies to companies registered in the Netherlands and to all companies selling goods to Dutch consumers. These companies are required to undertake due diligence based on the OECD guidelines in order to ensure that child labor is not being used to manufacture products or provide services.

‘Know your supply chain’ with investigative due diligence

Human rights compliance within the supply chain is turning, irreversibly, into a matter of strategic risk management, similar to anti-corruption and anti-money laundering obligations. It is no longer acceptable to entertain relationships with suppliers who are involved in gross human rights violations. There are a number of NGOs that specialise in the topic and adopt professional investigative skills in exposing such practices. Potential reporting by influential media outlets continues to be a serious reputational threat, as investigative reports will linger for long periods of time. In addition, the exposure, speed and enormous reach with which social media campaigns can damage the reputation of a company could affect end-customer choices.

Therefore, companies today face a choice between exposure to possible reputational damage from negligence towards their supply chain, on the one hand, and sure reputational gains from compliance with responsible business conduct on the other.

The OECD due diligence guidelines are helpful in advising companies that want to be proactive. OEMs at the end of the supply chain should, however, beware of some problematic assumptions that feature in supply chain due diligence guidance. Shifting the burden of due diligence to the supplier down the chain is based on the somewhat optimistic assumption that the OEM is capable of controlling and verifying the due diligence processes of suppliers. The same is true for shifting responsibility to collective industry organisations, including auditing processes, which might also be vulnerable to fraud.

While suppliers’ due diligence and collective auditing of critical links in the chain, such as smelters and refineries, do increase the transparency of the supply chain, reliance on such procedures should be evaluated against the criminal energy which often drives human rights violations and related offenses in supply chains. Given the challenges posed by the quest of “knowing your supply chain”, the appropriate due diligence procedures should be regarded as a compliance function rather than merely a CSR function. Looking ahead it is foreseeable that responsible human rights due diligence will take the route of anti-corruption, anti-money laundering or sanctions due diligence, which are recognised compliance functions today and include enhanced investigative due diligence based on solid risk assessment frameworks

Investigative due diligence in human rights also starts with the assessment of the specific risk exposure of a company, depending on its product, size, structure, countries of operation, manufacturing components and processes, and the complexity of the supply chain used to maintain the production. If there are red flags or suspicions of inappropriate behaviour upstream, adopting an enhanced integrity due diligence investigation can clarify the matter. An integrity due diligence investigation into the supply chain differs from a basic human rights due diligence in that it is conducted as a confidential intelligence operation with knowledgeable and reliable human sources on the ground who conduct their own discreet interviews in order to find out any issues of concern. Obviously, to be able to conduct such operations, a network of in-country sources with local knowledge is required.

Alongside red flags derived from a company’s own risk assessment, another trigger for starting an investigative due diligence operation might be external information about human rights violations stemming from global and local NGOs. Taking their warning signals seriously and investigating whether a company is linked to these incidents through its supply chain does help. In the case of confirmed violations, the company is in a position to mitigate the issue before it leads to a more serious embarrassment in the media. Should the integrity due diligence investigation not reveal any violations, taking such active crisis management precautions will help the company to rebuff the allegation.

A third channel of information about possible incidents in the supply chain might actually be provided through a company’s own grievance mechanism. Grievance and complaint mechanisms are by their very nature confidential procedures through which witnesses to incidents of human rights violations, as well as to any other illegal activity, can provide the relevant information directly to the company. If set up correctly, a grievance mechanism can also become a critical element in monitoring processes, and alert a company in real time to new incidents in the supply chain. To compliment the grievance mechanism, investigative due diligence is required to verify the information. This must also be done in a discreet manner in order to protect the whistle-blower or complainant. Should the incidents be confirmed, remediation action can be taken without alerting international attention.

Responsible business conduct is not just about declaring good intentions, but also about behaving in an ethical manner. The will to achieve integrity includes taking the necessary measures to actively eradicate improper practices such as corruption, financial crime, and human rights violations. Risk-based investigative due diligence is a critical element in building a reputation of genuinely aspiring towards a clean supply chain. Making this extra effort will be rewarded by gaining a competitive advantage compared to companies which continue to be negligent towards their supply chain. Implementing human rights due diligence is not only the right thing to do, it is also a smart sustainability decision, as working with the appropriate suppliers is conducive to protecting the integrity and continuity of the supply chain. Finally, similar to fighting corruption, being able to demonstrate a clean supply chain will also increase a company’s value and make it a more attractive partner for both customers and like-minded business partners and investors.