The EU Conflict Minerals Regulation: how blockchain technology is helping importers meet new supply chain diligence requirements
The European Union’s Conflict Minerals Regulation ('the Regulation'), which will come into effect on 1 January 2020, establishes an EU system for supply chain diligence in relation to tin, tantalum, tungsten and gold (3TG). Recital 15 of the Regulation states that the new system is needed because: ‘EU economic operators [face] countless difficulties and practical challenges in the exercise of supply chain due diligence because of lengthy and complex global supply chains involving a high number of economic operators that are often insufficiently aware or ethically unconcerned’.
Requirements for EU importers
The Regulation imposes a range of new obligations on EU importers covering: supply chain due diligence; management systems; risk management; third-party audit; and disclosure. These obligations are set out in Articles 3–7 of the Regulations which contain the main provisions EU importers should pay heed to.
A mineral or metal covered by the Regulation that has been obtained from processing a primary mineral or metal falling outside the scope of the Regulation and which would not have been obtained without the processing of that primary mineral or metal.
Chain of custody or supply chain traceability system
This is defined as the ‘record of the sequence of economic operators which have custody of minerals and metals as they move through a supply chain.’
Conflict-affected and high-risk areas
Areas in a state of armed conflict or fragile post-conflict; and areas witnessing weak or non-existent governance and security, such as failed states, and widespread and systematic violations of international law, including human rights abuses.
Model supply chain policy
A supply chain policy which conforms to Annex II to the Organisation for Economic Co-operation and Development (OECD) Due Diligence Guidance.
OECD Due Diligence Guidance
Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas.
Supply chain due diligence
This is defined broadly by reference to management systems, risk management, independent third-party audits and disclosure of information.
These are systems and processes with the objective of ‘identifying and addressing actual and potential risks linked to conflict-affected and high-risk areas to prevent or mitigate adverse impacts associated with… sourcing activities.’
Article 3 – Supply chain due diligence
Article 3 provides a general obligation to comply with the Regulation’s supply chain due diligence. EU importers must retain documentation to demonstrate compliance with these requirements, including the results of the independent third-party audits.
Article 4 – Management systems
Article 4 goes into far greater detail regarding the management systems which must be implemented by EU importers, the main requirements of which are set out in the following table.
EU importer requirement
Supply chain policy
Adopt and implement a supply chain policy for 3TG potentially originating from conflict-affected and high-risk areas which is consistent with the model supply chain policy.
Clearly communicate information on the supply chain policy to suppliers and the public-at-large.
Internal management systems
Assign senior management responsibility to oversee the supply chain due diligence process; and maintain system records for a minimum of five years.
Incorporate the supply chain policy into contracts and agreements with suppliers.
Establish a grievance mechanism as an early-warning risk-awareness system. Alternatively the grievance mechanism can be provided through:
Chain of custody or supply chain traceability system
Each EU importer must operate a chain of custody or supply chain traceability system.
In relation to minerals, the system must provide:
In relation to metals, the system must provide:
Chain of custody or supply chain traceability system
The information provided by the chain of custody or supply chain traceability system should be documented.
Provide information as from the point of origin of those by-products, namely the point where the by-product is first separated from its primary mineral or metal falling outside the scope of this Regulation.
The information provided must be supported by documentation.
Article 5 – Risk management
EU importers’ primary obligations under Article 5 are to identify and assess the risks of adverse impacts in their mineral supply chain, and implement a strategy to respond to any risks identified. These strategies should incorporate and use the measures and indicators referred to in Annex III to the OECD Due Diligence Guidance and be designed to measure progressive improvement.
Risk assessments should review information provided by the management systems referred to in article 4 with reference to the standards set out in the supply chain policy and consistent with the OECD Due Diligence Guidance’s due diligence recommendations and including Annex II. The response strategy should be designed to prevent or mitigate adverse impacts. The key requirements are:
• report risk assessment findings to designated senior management;
• adopt risk management measures consistent with the OECD Due Diligence Guidance;
• implement the risk management plan (monitor and track performance of risk mitigation efforts, report back to designated senior management, and consider suspending or discontinuing engagement with a supplier after failed attempts at mitigation); and
• undertake additional fact and risk assessments for risks requiring mitigation, or after a change of circumstances.
When putting in place risk management measures, EU importers must consider their ability to influence and where necessary take steps to exert pressure on suppliers who can most effectively prevent or mitigate the identified risk. To do this, EU importers should either:
• continue trade while simultaneously implementing measurable risk mitigation efforts;
• suspend trade temporarily while pursuing ongoing measurable risk mitigation efforts; or
• disengage with a supplier after failed attempts at risk mitigation.
If it continues to trade or temporarily suspend trade, the EU importer must: ‘consult with suppliers and with the stakeholders concerned, including local and central government authorities, international or civil society organisations and affected third parties, and agree on a strategy for measurable risk mitigation in the risk management plan.’
Risk assessments must utilise available third-party audit reports to assess, as appropriate, the due diligence practices of smelters and refiners in the supply chain. If third-party audit reports are unavailable, importers must ensure they identify and assess the supply chain risks themselves as part of their own risk management system by carrying out their own third-party audits. All such audits must comply with Article 6.
Article 6 – Audit
Audits must be carried out using an independent third party and their scope must include all the importer’s activities, processes and systems used to implement supply chain due diligence regarding minerals or metals, including the management system, risk management and disclosure of information required by Articles 4, 5 and 7. The auditor has to determine whether these supply chain due diligence practices comply with Articles 4, 5 and 7 and make recommendations on how the EU importer should improve them. All such audits must respect the audit principles of independence, competence and accountability set out in the OECD Due Diligence Guidance.
EU metals importers are exempt from the obligation to carry out third-party audits provided they make available substantive evidence, including third-party audit reports, demonstrating that all smelters and refiners in their supply chain comply with the Conflict Minerals Regulation. This requirement can be satisfied where the importer can demonstrate that they are sourcing exclusively from global responsible smelters and refiners, as identified and listed by the European Commission.
Article 7 – Disclosure
EU importers must make available all third-party audit reports to relevant Member State authorities or provide evidence of conformity with a supply chain due diligence scheme recognised by the Commission under Article 8. They must also make available all information gained and maintained pursuant to their supply chain due diligence to their immediate downstream purchasers, although paying due regard for business confidentiality and other competitive concerns.
On an annual basis, EU importers must publicly report ‘as widely as possible’ on their supply chain due diligence policies and practices for responsible sourcing. This includes reporting online (ie, on their own website). The report must describe the steps taken to implement the obligations as regards their management system (Article 4) and their risk management (Article 5). It must also contain a summary report of the third-party audits, including the name of the auditor (although again paying due regard for business confidentiality and other competitive concerns).
Where an EU importer can reasonably conclude that metals are derived only from recycled or scrap sources, it shall, again, paying due regard for business confidentiality and other competitive concerns) publicly disclose its conclusion (describing in reasonable detail the supply chain due diligence measures it exercised in reaching that conclusion).
Responsible sourcing blockchain network
At the IBA Digital operations: manufacturing, supply chains and transportation in a digital environment Conference held in Hamburg, 13–14 November 2019, Christian Schultze-Wolters from IBM gave a most interesting presentation which discussed a number of blockchain-based initiatives IBM is pursuing. Most relevant here is IBM’s Responsible Sourcing Blockchain Network (RSBN), which was initially formed with a focus on the cobalt supply chain (involving a number of car manufacturers as well as mining companies, logistics companies and other players in the electric vehicle sector), but is now moving to tackle compliance issues for the 3TG supply chain in response to the Regulation. However, permissioned chains such as RSBN require significant investment in terms of project management and infrastructure, as well as legal input across a wide range of issues including consortium agreements, competition law and privacy, with IBM estimating between three and five years to achieve a return on investment for many of its blockchain initiatives.
Supply chain transparency
The EU system for chain diligence established by the Regulation will impose a range of new obligations and requirements on EU importers which will affect their sourcing strategies and require them to ensure their global supply chains are transparent. This reflects a growing trend, across multiple sectors, towards supply chain transparency driven by increased scrutiny from regulators, trading platforms such as the London Metal exchange, consumers, non-governmental organisations and other stakeholders, in response to undesirable events such as modern slavery, child labour, food fraud, and poor working practices and conditions.
As can be seen, tech solutions such as RSBN can be used to restore trust and transparency to global supply chains, giving end-to-end visibility into the origins and progress of metals and minerals through the supply chain, while discouraging human rights, environmental and labour law violations improving compliance and reducing regulatory risk.
 EU Conflict Minerals Regulation, EUR-Lex Document 32017R0821, available at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2017.130.01.0001.01.ENG&toc=OJ:L:2017:130:TOC, last accessed 23 February 2020.
 OECD, Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, 3rd edition, available at: http://www.oecd.org/daf/inv/mne/OECD-Due-Diligence-Guidance-Minerals-Edition3.pdf, last accessed 23 February 2020.
 London Metal Exchange (LME) Responsible Sourcing documents, available at: https://www.lme.com/en-GB/About/Responsibility/Responsible-sourcing, last accessed 23 February 2020.