Must my suppliers be audited for due diligence on conflict minerals?
No. It is up to a company to determine the level of due diligence that is required under the SEC Rule and the OECD Due Diligence Guidance. Both the Rule and Guidance provide flexibility for companies, tailored to their size and position in the supply chain, to determine the level of effort and due diligence. Neither the OECD nor the SEC final rule specifically require that suppliers be audited. The only audits required by the OECD are audits of SORs, and the only audit required by the SEC is the audit of a companies’ conflict minerals report when a company has made a “DRC conflict-free” product determination. The OECD recommends using industry developed programs such as the CFSP, RJC, and LBMA for conducting SOR audits.
Therefore, an organization that participates in the CFSI or equivalent industry-wide program for SOR audits is not required to conduct any further supplier audits. If a company’s due diligence process requires that supplier audits be conducted – which is neither a requirement under Dodd-Frank nor the OECD Guidance – that audit criteria should be defined clearly. While a company can outsource the due diligence services, they still are responsible for their compliance, thus some companies may want to enhance their due diligence process by conducing audits of their suppliers or services that are providing aspects of their due diligence program.