As a compliance manager at TriQuint Semiconductor, John Sharp has spent much of the past year focused on one little-known compliance rule before it goes into effect. To satisfy it, he must query hundreds of suppliers to figure out the origin of some 450 materials used in his company's products. It's an unusual burden, he says, because "we've never had to go back through our supply chain to determine the source of something."
Until now. A provision in the Dodd-Frank financial reform law requires publicly traded companies to scour their supply chains for so-called conflict minerals mined in the Democratic Republic of Congo (DRC) and surrounding countries. If a company finds that minerals used in its products or components come from the area, it will need to dig even deeper to determine whether its purchases indirectly help fund ongoing violence in the region. The final version of this rule will likely require that companies publish their findings every year and explain their due-diligence process.
These conflict minerals are used in the manufacture of a variety of everyday products, such as smart phones, laptops, hearing aids, and jewelry. If the Securities and Exchange Commission regulation passes as currently written, public companies that make products containing tin, tantalum, tungsten, and gold will be subject to the rule, no matter how much, or how little, of these metals they use. The estimated 5,550 companies that need to comply include electronics manufacturers, original equipment manufacturers, jewelers, and some retailers that sell private brands.
While they wait for the SEC to finalize its rule, companies hoping to get a start on the process, such as TriQuint and Caterpillar, have surveyed their suppliers for information but haven't always had luck getting all the data they need. Some smaller suppliers are either unaware of the provision, lack the resources to comply, or are convinced it doesn't apply to them. "As you go down your tiers of suppliers, you're going to get very small companies that have not heard about the rule," says Sheryl Toby, a partner at law firm Dykema.
That may change soon. The SEC plans to vote on the regulation by the end of this year, possibly as early as August. Most likely, companies with December 31 fiscal-year ends will make the required disclosures in the early part of 2013, meaning they will need to start their due diligence in fiscal 2012.
Those efforts will have a ripple effect on privately held suppliers when their publicly held customers push them for information. "Even if you think this is an SEC thing that you don't have to worry about, chances are it will end up on your doorstep if you want to sell to the big players," says Frank Murray, senior counsel for Foley & Lardner.
Cost of Compliance
The new disclosure requirement will be a costly, time-consuming project for firms that deal with thousands of suppliers around the globe. The National Association of Manufacturers estimates that public companies and their suppliers will incur a total of $9 billion to $16 billion in compliance costs. Businesses may need to pay employees to travel overseas to scrutinize suppliers firsthand, or join organizations scrambling to get the facilities that process these minerals classified as "conflict-free" by auditors (as of late May, only three smelters fit that description).
Experts who have helped companies begin the process say it is difficult. Rachelle Jackson, director of sustainability practices at STR Responsible Sourcing, which audits supply chains, gives a quick example: "A mineral may be exported and purchased by a trading company in Dubai that sells it to a smelter based in Germany, which extracts the metal from the ore and sells that material to a Malaysian company that uses it in components for laptops."
Even when companies can track their components, there will be some holes. And that's where the new requirement gets more complicated. Namely, questions arise over how the minerals got to a smelter for processing. Could they have been intercepted by a Congolese rebel group and be subjected to illegal taxation? Were conflict-free minerals mixed with those taken from mines owned by armed groups, and does that mean the seemingly clean minerals are now tainted? "There are many steps along the way where ambiguity can be introduced into the supply chain," says Martin Fisher-Haydis, an associate at law firm Fasken Martineau.
Such ambiguity won't help CFOs who sign off on the annual reports that address this matter. Dodd-Frank requires companies that source from the DRC region to provide a separate, audited report to the SEC and, if applicable, certify that their products are "DRC conflict-free."
Being confident about that declaration will not be easy. "We have to determine at this point that anything coming out of the region is likely to be compromised," says Rick Goss, vice president for environment and sustainability at trade association Information Technology Industry Council.
A De Facto Ban
In effect, although the law does not prohibit companies from sourcing from the Congo, it has led to a de facto ban as companies fear the reputational risk outweighs the potential savings.
Ironically, walking away from this source could further harm the Congolese economy — and the very people the Dodd-Frank provision aimed to protect, according to human-rights advocates. However, some companies "are very committed to not only assuring their products don't fund the armed groups' control of mines, but contribute to the economic development of the Congo as well," says Patricia Jurewicz, director of the Responsible Sourcing Network.
Meanwhile, TriQuint's Sharp continues to examine his supply chain as he waits for the SEC's final rule. He spends a lot of his time educating suppliers about the pending regulation. One supplier hemmed and hawed through many versions of a nondisclosure agreement before giving up the basic data that TriQuint needs for compliance.
Although Sharp believes it is highly unlikely that his company uses conflict minerals from the DRC region, he says many more months of work are needed before he can be sure.
Sarah Johnson is senior editor for risk & compliance at CFO.