The Red Flag Group®

The concept of including human rights in corporate risk management has broad implications for business across all sectors. One of the more immediate industries affected by this movement is the energy and resources sector. However, we will demonstrate, the sanctions and best-practice recommendations on the energy and resources sector consequently extend to all producers and consumers.

Companies involved in mining and trading minerals are becoming more and more accountable for their ability to minimise the adverse effects of their presence in high-risk conflict-affected areas. Furthermore, all those involved in the global supply chain of minerals are responsible for ensuring that they do not contribute to any conflict through their sourcing decisions and choice of suppliers. This extends to manufacturers who use natural resources in their products. The primary solution being implemented to curb any contribution to ongoing conflicts and human rights abuses is the requirement that all involved along the supply chain of minerals must conduct thorough due diligence on those they engage with. Due diligence in this sense is defined by the Organisation for Economic Co-operation and Development (OECD) as an ongoing, proactive and reactive process through which companies can ensure that they respect human rights and not contribute to conflict. A company should assess risk “by identifying the factual circumstances of its activities and relationships and evaluating those facts against relevant standards provided under national and international law, recommendations on responsible business conduct by international organisations, government-backed tools, private sector voluntary initiatives and a company’s internal policies and systems.” according to OECD.

First, we will deal with the Due Diligence Guidelines set by the UN in relation to the supply chain of minerals from the Democratic Republic of the Congo (DRC), the OECD Due Diligence Guidelines, and various other guidelines and commentaries focusing on the sourcing of minerals from conflict zones. The second section deals with current government initiatives and the likely parameters that businesses must adhere to, whilst the third section deals with human rights risks in corporations more broadly as well as responses from the private sector.

Mineral supply from the Democratic Republic of the Congo


Over the past decade, the DRC has become the focus of the UN and other international organisations in the fallout from the Second Congo War. The war, which commenced in 1998 and has claimed an estimated 5.4 million lives, officially concluded with the signing of peace accords in 2003 when the Transitional Government of the DRC took power. However, since 2003 fighting has continued in the areas of North and South Kivu in the country’s east. Control of natural resources and mineral wealth from this area is cited as being one of the main drivers of the continued conflict.

In addressing this tragic conflict that claims thousands of lives annually, the UN Security Council sponsored a “group of experts” (the Group) to compile a report to investigate possible violations of the arms embargo in eastern DRC, and, amongst other things, to develop measures to curb the funding of various splinter military organisations in the region that are at the centre of the ongoing conflict. The Group was also mandated by the Security Council to provide recommendations to the UN Sanctions Committee for a set of guidelines on the exercise of due diligence by importers, processing industries and consumers of mineral products from the DRC. By consulting various member states, regional and international forums, commercial entities and civil society organisations, and as a result of its own investigations, the Group established a clear linkage between the exploitation of natural resources and the financing of armed groups.

In its final report to the UN Security Council, submitted on 15 November 2010, the Group included “Due Diligence Guidelines for the responsible supply chain of minerals from red flag locations to mitigate the risk of providing direct or indirect support for conflict in the eastern part of the Democratic Republic of the Congo” (the DRC Guidelines). The final report, including the DRC Guidelines, was approved in resolution by the Security Council on 29 November 2010, whereby the Security Council called upon all states to implement fully the measures specified in Resolution 1952 (2010), and to take appropriate steps to raise awareness of, and implement, the DRC Guidelines.

The DRC Guidelines

The process of bringing a raw mineral to the consumer market is described by the UN as involving multiple actors and generally includes the extraction, transport, handling, trading, processing, smelting, refining and alloying, manufacturing and sale of end product. The term “supply chain” refers to the system of all the activities, organisations, actors, technology, information, resources and services involved in moving the mineral from the extraction site (upstream) to its incorporation in the final product for end consumers (downstream).

The Group recommended to the UN a risk-based approach for importers, processing industries and consumers of mineral products, meaning that the risk of adverse impacts associated with their operations must be assessed and mitigated, particularly in the DRC and Great Lakes Region of Africa. In coordination with the OECD and other stakeholders, the Group formulated five steps that companies should adopt when dealing with conflict minerals. They are:

  • strengthening company management systems
  • identifying and assessing risk
  • designing and implementing a strategy to respond to identified risks
  • ensuring independent third-party audits
  • publicly disclosing supply chain due diligence and findings.

1. Strengthening company management systems

As part of this process, entities should adopt, publicly disseminate and clearly communicate a supply chain policy for minerals originating from red flag locations and incorporate this into supplier’s contracts. Individuals and entities should structure their internal management system to support due diligence by assigning sufficient authority and responsibility, providing sufficient resources and ensuring internal accountability in terms of implementing due diligence on suppliers.

2. Identifying and assessing risks in the supply chain

Upstream organisations should gather information via an on-the-ground assessment, either by their own or jointly conducted, as a means of mapping supply chains and assessing risk. As part of mapping the supply chain, companies determine the surrounding factual circumstances, assess the security context, clarify the chain of custody as well as the relationships of upstream suppliers, and identify the locations and qualitative conditions of the extraction, trade, handling and export of minerals. Organisations downstream from red flag areas are required to assess the due diligence practices of their smelters and refineries, which may require spot checks of the refineries themselves.

Any inconsistencies discovered in conducting such due diligence analyses should be considered as a risk of providing direct support of armed groups or sanctioned individuals.

3. Designing and implementing a strategy to respond to identified risks

The first step in devising and adopting a risk management plan involves formulating a strategy for risk management by either:

  • continuing trade throughout the course of measurable risk mitigation efforts
  • temporarily suspending trade while pursuing on-going measurable risk mitigation
  • disengaging with a supplier after failed attempts at mitigation or where a company deems risk mitigation not feasible or unacceptable.

The OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas expands upon these initiatives. The OECD encourages companies in the supply chain, whether upstream or downstream, to consider their ability to influence suppliers and, where necessary, take steps to build leverage over those who can most effectively prevent or mitigate the identified risk. Furthermore, companies should engage their stakeholders and consult with government authorities in finalising their policy and approach.

4. Ensuring independent third party audits

The credibility of a company’s due diligence process should be checked by independent third parties. As an example, refineries and smelters should have an independent audit conducted on their due diligence process to mitigate the risk of providing any support – whether direct or indirect – to armed groups. Such audits should be evaluated to assess whether they capture sufficient information to enable a reasonable inference of an organisation’s compliance.

5. Publicly disclosing supply chain due diligence and findings

As part of ensuring a universal adherence to the DRC Guidelines as well as promoting the flow of reliable information, organisations should publicly and voluntarily report on the due diligence they have undertaken. Organisations may do so by expanding the scope of their sustainability, corporate social responsibility or annual reports to cover additional information on mineral supply chain due diligence. This prerogative allows for a truly widespread approach to due diligence by prompting transparency on all fronts.

OECD recommendations and risk elements

To coincide with the release of the DRC Guidelines, the OECD also produced its own publications in recognition of the risks associated with extracting, trading, handling and exporting minerals from red flag areas. Not only does it expand on some of the practical applications of the UN suggestions, it also provides a “Model Supply Chain Policy for a Responsible Global Supply Chain of Minerals from Conflict-Affected and High-Risk Areas”, and “Suggested Measures for Risk Mitigation and Indicators for Measuring Improvement”.

1. Model Supply Chain Policy

As identified above, the Model Supply Chain Policy (the Policy) is suggested to be adopted by organisations along the supply chain. The main aim is for the Policy to be widely disseminated and incorporated into contracts with suppliers. This way it will be a common reference point for conflict-sensitive sourcing practices and risk awareness for suppliers, from extraction point to end-user. Companies are also encouraged to incorporate the Policy into their existing policies on corporate social responsibility, sustainability or other alternative equivalent. This essentially encompasses a series of overarching statements of commitments to not tolerate, profit from, contribute to or facilitate any form of human-rights abuse in supplying minerals. The Policy dictates the immediate suspension of a business relationship when any suspected malpractice has occurred in the supply chain and adopts zero tolerance to any direct or indirect support of any kind to non-state armed groups. It also addresses some of the complications that can arise when appointing private security forces who illegally control mining sites, transportations routes or trading points, and that when engaged their function should only be to preserve the rule of law, provide security and safe-guard human rights.

2. Risk elements and mitigation

The OECD identifies various risks associated with supply chain of minerals as well as steps to mitigate such risks. The most common source of problems arising from mining operations in the DRC region is the practice of artisanal, or small-scale, mining. Artisanal mining is characterised by low-tech activities such as panning for gold in rivers, fossicking with hand tools, utilising small-scale processing plants and minimal use of complex heavy machinery. Generally speaking, artisanal miners can be officially employed by a mining company; however, they often work independently using their own resources.

In such an environment, issues can easily arise in terms of limited regulatory oversight of a large number of small operations, including, but not limited to, security of land tenure and the enforcement of environment, safety and labour standards.

Artisanal mines – particularly coal, gold and stone mines – have been known to be culpable of child-labour law infringements and dangerous working conditions.

Of greater significance, it is these types of mining sites that are more susceptible to various security breaches and control by splinter military groups. In contrast to large-scale mining, artisanal mining usually requires many more steps in the chain of custody from extraction to consumption, and therefore there are a greater number of risks of association with non-government armed troops and human-rights infringements. Typically, where a large-scale miner liaises directly with mineral refiners and smelters either in country or offshore, produce extracted from artisanal mining will first need to be transferred to consolidators and intermediaries. Therefore, transparency and a higher degree of due diligence is required from downstream companies to gain full knowledge of the chain of custody when materials have originated from less-established operations.

Simply refraining from sourcing from artisanal mines is not something that international organisations are encouraging. Rather, in order to minimise the risk of exposure of artisanal miners to abusive practices, the OECD recommends supporting host countries’ governments’ efforts for the progressive professionalisation and formalisation of the artisanal sector through the establishment of cooperatives, associations or other membership structures. It also encourages mining companies fully cooperating with central government authorities to formalise the security arrangements between the community and public security forces.

There is also the inherent risk to downstream companies of misrepresentations as to the origin of minerals. Upstream companies are encouraged to cooperate through associations, assessment teams or other suitable means to build capabilities of suppliers (in particular small- to medium-sized enterprises) to conduct due diligence for responsible supply chains of minerals from conflict-affected and high-risk areas. Similarly, risks of money laundering can be negated by the identification and verification of all suppliers, business partners and customers and the development of supplier, customer and transactional red flags.

3. Other OECD recommendations

Throughout their publication, the OECD frequently promotes the notion of an intercompany culture of transparency. Stronger intercompany engagements, particularly over a long term, help foster trust and ultimately greater transparency. In the first instance, downstream companies should introduce a supply chain transparency system through which information, such as the true identification the mineral’s country of origin, can be obtained.

Downstream companies should also communicate to suppliers their expectations on the responsible supply chain of minerals from conflict-affected and high-risk areas and incorporate the supply chain policy and due diligence processes into commercial contracts or written agreements with suppliers. Downstream parties could find it difficult to access information other than from direct suppliers, and this is where engaging a third party to conduct a review is beneficial. However, as a means of gaining commitment and understanding, downstream parties should support and build the capabilities of suppliers to improve performance and to conform to recognised standards.

Conversely, upstream parties are of equal obligation to introduce a traceability system and make all information obtained in due diligence investigations available to any prospective purchasers downstream. Such requirements pose significant challenges on all players in the supply and use of minerals. Implementing these measures necessitates strong, open relationships built on the widespread willingness to support the development of legitimate mining operations in these regions.

Government initiatives

US federal legislation

The Dodd-Frank Wall Street Reform and Consumer Protection Act (the Act), the major financial reform bill which was introduced in the United States in 2010, contains provisions which mirror the UN’s stance on conflict minerals. Section 1502 of the Act, the conflict minerals provision, targets the elimination of funding for armed groups in the eastern DRC and directly reflects the recommendations of the UN and the OECD. The premise of section 1502 is that by requiring companies to disclose their efforts to refrain from using minerals known to have funded paramilitary groups in the region, the black market for these minerals could be constrained. Addressed specifically in the Act are the minerals tin, tantalum, tungsten and gold – all essential in the production of technological products.

The conflict minerals provision calls for disclosure of the measures each company has taken to exercise due diligence on the source and chain of custody of minerals. These “measures” include an audit conducted by an independent private sector entity on a company’s due diligence procedures. Companies could therefore be criminally liable for not adopting such measures.

As the regulator of implementing and enforcing this provision, the Securities and Exchange Commission (SEC) was also tasked by the Act to develop subsidiary rules – a task that was supposed to be finalised by early 2011 though is still yet to be completed. As a result, there is a degree of uncertainty surrounding how and when companies will have to comply with these laws. Regardless of the commencement of these regulations, it remains clear that companies will gradually become more and more accountable for their sourcing of conflict minerals.

Californian legislation

On 1 January 2012, the California Government implemented the Transparency in Supply Chains Act (TSCA). The TSCA requires retail sellers and manufacturers doing business in California to disclose their efforts to eradicate slavery and human trafficking from direct supply chains, going well beyond the focus on minerals from conflict zones. Entities that come under this legislation include retailers or manufacturers conducting business in California with annual worldwide gross receipts exceeding US$100 million.

Covered retailers and manufacturers are those entities reporting their primary business activity on their tax returns as retail trade or manufacturing. Whether an entity has global gross annual receipts in excess of $100 million is determined by the amount disclosed on its tax return.

The TSCA only requires disclosure of a company’s efforts, if any, in this regard to fully understand the source of its imported goods and the nature in which they were obtained. It does not require a company to adopt particular policies related to slavery and human trafficking in their supply chains. A company subject to the TSCA that does not do any of the foregoing in terms of implementing policies focused on eradicating human-rights abuses in the supply chain is more likely be scrutinized by consumers, human-rights organisations and investors.

The exclusive remedy under the TSCA for a violation is an action by the California attorney general for injunctive relief. However, the TSCA expressly states that nothing in the section shall limit the remedies available for a violation of any other state or federal law. More so, the legislation is likely to provide a platform for “naming and shaming” corporations who have deficient supply chain monitoring programmes. As such, companies should make all efforts to comply with the statue and disclose their practices accurately.

The European Union

The eradication of the trade of conflict minerals has been a key topic of discussion of the European Commission.

In the Commission’s recent communication to the European Parliament, the Council and European Economic Social Committee on “Trade, Growth and Development”, the focus was placed on developing trade and investment policy for countries “most in need”. The communication identified the problem of conflicts in developing countries being linked to the control of natural resources. It was also stated that the commission will advocate greater support for, and use of, the recently updated OECD Guidelines for multinational companies as well as the OECD’s recommendations on due diligence and responsible supply chain management.

It is highly likely that the EU and its member states will adopt legislation similar to Section 1502 of the Dodd-Frank Act in the near future. However, in the US, the delay in finalising the subsidiary regulations has been attributed to renewed arguments that, at least in the short term, the legislation has, and will, prompt a withdrawal from mining in the DRC and surrounding regions altogether. In other words, it is argued that the regulations to curb the conflict mineral black market will do more harm than good to the economy and the livelihood of locals. The EU is fully aware of this argument, but there is little doubt that this will deter it from implementing similar legislation. Instead, commentators suggest that they are likely to wait until the outcome in the US and produce statute which has a much broader focus in its application – not simply the DRC and surrounding countries. Companies will inevitably have to comply with some kind of European controls on due diligence being performed on the supply chain of minerals.

United Kingdom Modern Slavery Act

In March 2015, the UK Modern Slavery Act (UK Act), was approved seeking to address the role of businesses in preventing slavery from occurring in their supply chains. The UK Act requires companies to publish a written statement on their website, failure to comply may lead to a warning from the Home Secretary or an injunction in the High Court. The UK Act obliges all providers of products and services to disclose their anti-slavery efforts and supplements the provisions of the UK Companies Act amended on 1 October 2013 to make certain listed companies in the UK report aspects of human rights issues within their businesses every financial year.

Australia Modern Slavery Act

In January 2019, the Australia Modern Slavery Act (Australia Act) came into effect requiring large corporations report on the risks of modern slavery in their operations and supply chains, as well as provide actions to address such risks, and for related purposes on a mandatory basis.  According to the Australia Act, “entities based, or operating, in Australia, which have an annual consolidated revenue of more than AU$100 million, to report annually on the risks of modern slavery in their operations and supply chains, and actions to address those risks. Other entities based, or operating, in Australia may report voluntarily.”

The UN guiding principles and current trends

The supply and trade of conflict minerals are not the only areas in which human rights compliance is developing. In response to the rapid global expansion of the private sector over the past two decades, the United Nations also commenced an initiative to impose upon companies the same range of human rights duties that states are subject to under international law. In 2005, a mandate was established by the UN for a Special Representative of the Secretary-General “on the issue of human rights and transnational corporations and other business enterprises” to undertake a new process. Between 2005 and 2011 Professor John Ruggie of Harvard University compiled a report to the Secretary-General of the UN Human Rights Council (HRC) on the issue of human rights and multinational business. In June 2011, the HRC endorsed and released the publication, “Guiding Principles on Business and Human Rights: Implementing the United Nations ‘Protect, Respect and Remedy’ Framework”. The concept of the “Protect, Respect and Remedy” Framework was a concept developed by Ruggie in compiling his report and is the foundation for the set of Guiding Principles (GPs) that the UN expects multinational corporations to adhere to.

The GPs were developed in consultation with all stakeholder groups, including:

  • governments
  • business enterprises and associations
  • individuals and communities affected by the activities of enterprises in various parts of the world
  • experts in the many facets of law and policy that the GPs address.

In all there are 31 GPs that provide guidance on a state’s duty to protect human rights, the corporate responsibility to respect human rights and a state’s overarching obligation to remedy human-rights abuses in their jurisdiction. GPs 16 to 24, or the “Operational Principles”, have direct impact on corporate behaviour. Principle 17 deals with due diligence procedures for all industries; similarly, to the DRC Guidelines, the due diligence procedures should:

  • address human-rights impacts that are caused or contributed to by a company’s own activities, which that company should prevent, mitigate and, where appropriate, remediate
  • address human-rights impacts directly linked to a company’s own operations, products or services through business relationships, which that company should seek to prevent and mitigate
  • recognise that due diligence processes may vary in complexity with the size of the company, the risk of severe impacts and the nature and context of a company’s operations
  • be ongoing, recognising that human-rights risks may change over time.

To effectively gauge human rights risks, the GPs recommend that businesses conducting assessments should draw on independent external expertise, involve consultation with potentially affected stakeholders and utilise qualitative and quantitative analyses. Just as the OECD and DRC guidelines recommend, transparency in the communication of results is cited as being key to overall mitigation of risk. Company policy must promote readily available information on business partners and suppliers, with assurances of confidentiality, in particular, to help build trust. This is part of what Ruggie describes as moving away from “naming and shaming” when dealing with human-rights issues, and toward the practice of “knowing and showing”.

Showing requires communication, transparency and accountability to stakeholders who may be impacted by the knowledge of potential human rights violations. Communication is most affective through detailed reporting that is independently verified and showing how risk areas were identified.

Private sector responses

Conflict-mineral and human rights issues have become a major topic for corporations, particularly in the technology sector, in response to increasing investor concern. Despite the lack of clarity on specific regulatory requirements, many corporations have taken the initiative in addressing the principles put forward by the UN, OECD and US government by implementing their own conflict-free mineral policies. Major industry conglomerates and programmes such as the Electronic Industry Citizenship Coalition (EICC), the Global e-Sustainability Initiative (GeSI) and the Conflict-Free Smelter (CFS) Validation Programme have provided the impetus for many corporations to improve efficiency and social, ethical and environmental responsibility in their global supply chains. Members and signatories of these coalitions have in recent years subjected themselves and their suppliers to audits to ensure the validity of their minerals.

Major technology metals corporation H.C. Starck recently engaged a third party auditor to inspect their tantalum processing plants in the United States, Germany, Japan and Thailand, all of which met CFS requirements. As early as 2010, H.C. Starck introduced an internal Responsible Supply Chain Management System in their procurement of raw materials. Software giant Intel has also made pledges to ensure the production of a microprocessor that is completely conflict-free for gold, tantalum, tin and tungsten by the end of 2013. In its declaration, Intel acknowledged that without a proper due diligence and validation system on all suppliers, it is not possible to be certain that smelters and miners in their supply chain are conflict-free.

On the mining side, bodies such as the International Council on Mining and Metals (ICMM) have developed their own set of standards for integrating human-rights issues into corporate risk management processes. The ICMM not only advocates the UN Guiding Principles, it has also provided guidance on practical approaches to addressing human-rights issues in the mining industry.

Investment houses are now placing greater emphasis in “ESG risks” (environmental, social and governance) – a reflection of the increasing perception that companies have a basic responsibility to respect human rights. Not only do investors gain a clearer understanding of their involvement in the company, a corporation’s positive image is drastically enhanced by being able to show it is sourcing clean minerals and putting ESG issues at the forefront.

With a variety of control mechanisms and due diligence procedures existing to discourage the use of ores and metals which benefit armed groups in the DRC region, corporations have the ability to drastically minimise the reputational operational risks associated with supply chains in unstable regions. Human-rights issues are at the forefront of risk analysis for many companies, and the level of responsibility in complying with international laws and best practice standard is only going to increase.

The call to action

For any company carrying out business internationally, there has been drivers to conduct due diligence on third parties that the company engages for some time. Over the years this due diligence has developed from simply conducting credit checks on sales agents through to a very in-depth and diverse assessment of the integrity of the third parties that the company is about to engage with; the assessment considering all aspects of integrity and compliance. In effect, the due diligence is to determine whether or not that third party has the commitment to integrity, compliance, and abiding, and sometimes exceeding, their legal requirements.

The changes identified above are yet another risk that must be put into the equation when conducting due diligence. Here are five key things to think about:

  1. Focus on the red flag countries and key risk areas. Suggesting that every supplier or every third party needs to undergo due diligence is a mistake. At the start of the exercise look at the universe of third parties and consider how what they do for you may have human-rights or conflict-mineral issues. Think hard about the countries, the environment, the workforce and the source of the supply and then look at what level of due diligence will need to be conducted to manage that risk.
  2. Expand the scope of your due diligence. Many companies already conduct due diligence on third parties. This could be for anti-corruption risks, export controls, sanctions, or simply on credit and worthiness. Whatever programmes you have, do not reinvent the wheel and create yet another company-wide due diligence programme. Simply add this risk into the current due diligence programme and expand it to embrace and manage these risks. Most corruption- or sanction-type programmes can easily be expanded to cover any additional risks. Make sure your due diligence team can handle the extra skillset required to uncover and report on potential human rights, supply-chain or conflict-mineral issues.
  3. Your due diligence needs to be thorough. Due to the proliferation of sanction and blacklist databases by countries and NGOs, there has been a tendency for some compliance officers to simply “check the databases” and call that due diligence. Unfortunately, in this area, there are not comprehensive databases that list companies or people who may have been involved in illegal or non-compliance violations of human rights or other laws. In fact, in many markets, third parties do not even work through corporate entities or, in those that do; they can change the names and the structure of those entities virtually overnight to avoid appearing on blacklists. Due diligence in this area is not a “blacklist” or a database check – It involves the careful collection of publicly-available information from a range of sources on the entity, the individuals that operate and manage it, the directors, the shareholders and any other stakeholders, and also a review of the operations in those markets in which they operate. This involves skill and time to build a comprehensive profile on that entity or person. Simply relying on database checks is grossly inadequate.
  4. Due diligence is not a “one-off” exercise. Due diligence needs to be done continually. How often is determined by a number of factors, however, it is always risk-based and probabilities-based. Risks change; businesses change; third parties change in their ownership, approach, level of sophistication and approach to compliance. Your due diligence should be at the start of the engagement and continue on until the end of the relationship.
  5. Engage your supply chain. The best due diligence process must be coupled with a broader third party compliance programme. This would include helping the third party improve their compliance, giving them assistance in doing so, and making sure that their compliance is monitored and part of an overall improvement programme. Due Diligence is just the first step.