Responsible Minerals Assurance Process (RMAP)

The Responsible Minerals Assurance Process (RMAP) is the conformity assessment scheme operated by the Responsible Minerals Initiative (RMI), a programme of the Responsible Business Alliance (RBA). RMAP exists to cultivate transparent mineral supply chains and to prevent the extraction, processing and trade of minerals from contributing to conflict, human rights abuses, money laundering, or other significant adverse impacts.

This document is the scheme-level summary of RMAP. It describes what RMAP is, the profiles it offers, how assessments are operated, and how the scheme aligns with international due diligence frameworks. Detailed conformance requirements live in each profile (see profiles/), and the operational procedures in full are maintained in the RMI RMAP Operations Manual.

1. Purpose and scope

RMAP is a third-party, audit-based conformity scheme for facilities at the upstream pinch points of mineral supply chains — refiners, smelters, processors — and, through the Supply Chain Due Diligence Plus module, for downstream supply-chain actors managing broader ESG risks.

The scheme provides a consistent, repeatable way to:

• Verify a facility's supply-chain due diligence management system against the OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas (OECD DDG).
• Evaluate financial controls (KYC, AML-CFT, sanctions screening) where the mineral and risk profile demand it (notably gold).
• Apply mineral-specific risk indicators for gold, tin, tantalum and tungsten.
• Extend, on an opt-in basis, into broader Environmental, Social, OHS and Governance (ESG) risk topics through the Supply Chain Due Diligence Plus module.

RMAP is recognised under and cross-referenced by the EU Conflict Minerals Regulation (2017/821), the US Dodd-Frank Act §1502, the LBMA Responsible Gold Guidance, and several national supply-chain due diligence laws.

2. The five RMAP profiles

RMAP is delivered through five conformity profiles, each a versioned composition of criteria targeted at a specific facility type or risk scope. All profiles share the same OECD-aligned core; each adds the controls relevant to its scope.

Each profile has its own meta.yml (identity, scope, conformity topics, alignment, scoring), i18n.yml (localized labels in English, Spanish and Chinese), and one or more versioned manifest lockfiles in manifests/. Profiles are versioned independently using semantic versioning.

How profiles relate

                        ┌────────────────────────┐
                        │  OECD DDG 5-Step Core   │
                        │  (DD + Annex II Risks)  │
                        └───────────┬────────────┘
                                    │
        ┌──────────┬────────────────┼────────────────┬───────────────┐
        │          │                │                │               │
   rmap-gold  rmap-tin-tantalum  rmap-tungsten  rmap-all-minerals  rmap-supply-chain
   + AU       + SN, TA           + W           (superset of        + broader ESG
   + full FC                                    metal-specific)     (SCDDP add-on)

The mineral-specific profiles target the upstream pinch point at which raw mineral becomes a tradeable metal. rmap-all-minerals is for facilities processing more than one of the 3TG metals. rmap-supply-chain is the downstream complement: it assumes the upstream OECD baseline is in place and adds environmental, labour, community, OHS and governance risk topics.

3. Operating model

RMAP is an independent third-party assessment scheme. The basic flow is the same for every profile:

1. Initiation. A facility (the auditee) registers an assessment on RBA-Online and selects the applicable profile.
2. Assessor selection. An RMI-approved assessment firm and individual assessor are assigned. Independence and qualification requirements are governed centrally by RMI.
3. Pre-assessment. Document review, scoping, scheduling and agenda agreement. Sourcing and risk profile are reviewed to determine which conditional steps (e.g. OECD Step 3 risk management) apply.
4. On-site assessment. Evidence is gathered against every applicable criterion through document review, interviews and physical observation. Sensitive information handling follows a confidentiality commitment.
5. Reporting. The assessor produces a structured assessment report against the criteria in the locked profile manifest.
6. Corrective Action Plan (CAP). Non-conformances trigger a CAP cycle, with defined timelines for remediation and closure.
7. Conformance determination. Each facility is assigned one of three conformance statuses (see §5).
8. Public listing. Conformant facilities are published on the RMI website.
9. Surveillance and re-assessment. Each profile defines a validity period (typically 36 months) after which a full re-assessment is required.

A grievance mechanism is operated centrally by RMI and applies across all profiles.

RMAP vs RMAP+

Assessments against the mineral-specific or all-minerals profiles are referred to as RMAP assessments. When a facility additionally elects to be assessed against the Supply Chain Due Diligence Plus module (rmap-supply-chain), the combined assessment is referred to as RMAP+. The procedural flow is the same; RMAP+ extends the scope of evidence collection and reporting.

4. Conformance to the OECD DDG five-step framework

Every RMAP profile is structured around the OECD DDG five-step framework for responsible supply chains of minerals. Steps 1, 2 and 5 apply to all auditees regardless of sourcing; Step 3 (risk management) applies when red flags are triggered or when sourcing originates from Conflict-Affected and High-Risk Areas (CAHRAs). Step 4 is the third-party audit itself — i.e., RMAP.

The Supply Chain Due Diligence Plus profile additionally incorporates the OECD Guidelines for Multinational Enterprises, the OECD Due Diligence Guidance for Responsible Business Conduct, the OECD Handbook on Environmental Due Diligence in Mineral Supply Chains, and the UN Guiding Principles on Business and Human Rights, applying a six-step due diligence model that adds an explicit grievance/remedy step.

5. Assessment outcomes

RMAP uses a single three-level conformance status scheme, applied consistently across all profiles:

Conformance is determined against the locked criterion manifest for the profile version under which the facility was assessed. This makes every published conformance statement reproducible: the profile id, profile version and manifest together fully define what the facility was assessed against.

6. Conformity topics and scope

Each profile declares one or more UNTP conformity topics that reflect the sustainability dimensions it addresses. The mineral-specific profiles (gold, tin-tantalum, tungsten, all-minerals) cover human rights in conflict-affected sourcing, regulatory compliance, public transparency, and business ethics (anti-bribery / AML). The Supply Chain Due Diligence Plus profile broadens this set to include environmental topics (emissions, water, waste, biodiversity), labour rights, community impact, and occupational health and safety.

Each profile also declares its scope in terms of industry sector (UN ISIC) and geographic coverage (ISO 3166), so that downstream credentials issued under RMAP can be programmatically filtered and matched against buyer or regulator requirements.

7. Governance and versioning

• Scheme owner. Responsible Minerals Initiative (RMI), a programme of the Responsible Business Alliance (RBA).
• Subject of assessment. Facility (refiner, smelter, processor, or downstream supply-chain actor).
• Assessment level. Independent third-party.
• Validity period. Defined per profile (typically 36 months).
• Versioning. Each profile is independently versioned using SemVer (MAJOR.MINOR.PATCH). Each version of a profile pins the exact set and version of criteria in an immutable manifest, so historical assessments remain reproducible.
• Languages. English is canonical; Spanish and Chinese translations are maintained for scheme- and profile-level metadata.

The scheme as a whole is not separately versioned; governance changes are expressed by issuing new profile versions and/or new manifests.

8. Where to look next