Profile: RMAP Global Responsible Sourcing Due Diligence Standard for Mineral Supply Chains - All Minerals

Version 1.0.0 | Released: 2025-02-04 | Status: Active

Subject Type: Facility | Criteria: 0

Comprehensive scheme for multi-mineral processors handling gold, tin, tantalum, and/or tungsten. Includes full financial controls (FC1-FC5) and all metal-specific criteria. Applicable to facilities processing multiple mineral types under a single assessment.

Full Description

RESPONSIBLE MINERALS ASSURANCE PROCESS

GLOBAL RESPONSIBLE SOURCING DUE DILIGENCE STANDARD FOR MINERAL SUPPLY CHAINS

ALL MINERALS

The Responsible Business Alliance (RMI)

Version: 1.1
Publication Date: 15 December, 2021 (minor revisions Sept 15, 2024)
Effective Date: 1 January, 2022

I. Introduction
II. Standards And Assessment Scope
III. Standards And Conformance Criteria
IV. Cross-recognition
V. Limitations
VI. Upstream Assurance Mechanism
VII. Supply Chain Due Diligence
VIII. Annexes

I. Introduction

NOTE: Terms that are bold and italicized have specific definitions set forth in Annex A.

The Responsible Mineral Initiative (RMI) encourages the responsible sourcing of minerals from Conflict-Affected and High-Risk Areas (CAHRAs), and, where relevant, artisanal and small-scale mining (ASM) producers. This document sets forth the criteria for determining conformance with RMI program requirements for responsible minerals supply chain due diligence applicable to all minerals and metal products as specified in Chapter II of this document.

The criteria in this document establish operational and procedural standards for companies. The standard is used by an RMI-approved audit firm and their approved individual auditors to assess whether a company has implemented OECD-aligned supply chain due diligence adapted to the circumstances and type of its operations, reflecting its position in the supply chain.

This supply chain due diligence standard follows the OECD Guidance Annex I five-step framework for risk-based due diligence, combined with elements of the OECD 3T Supplement that expand on, clarify or support the basic Annex I framework.

The Standard was developed based on the OECD Due Diligence Guidance and a number of existing industry resources, including the Regulation (EU) 2017/821 of the European Parliament and of the Council of 17 May 2017 laying down supply chain due diligence obligations for Union importers of tin, tantalum and tungsten, their ores, and gold originating from conflict-affected and high-risk areas. The Standard was adapted from the ITA-RMI Assessment Criteria for Tin Smelting Companies[^1], existing RMI's RMAP mineral specific standards, and the Joint Due Diligence Standard for Copper, Lead, Nickel and Zinc[^2].

Companies are expected to undertake relevant steps of their due diligence process on a continual and ongoing basis and these activities are expected to result in improved understanding of supply chain risks, risk management performance, and risk mitigation within reasonable timescales. Companies are expected to use good faith and reasonable efforts in their due diligence and are expected to adapt the nature and extent of their process to their individual circumstances such as company size, location, sector, and the likelihood and severity of identified risks. Companies are expected to proactively carry out due diligence and to react to changes of circumstances and risks in the supply chain.

RMI utilizes independent third-party assessments of company management systems and sourcing practices to validate conformance with RMAP requirements. The criteria in this document form the basis of the independent third-party assessments to determine a company's conformance in accordance with the ISO 19011:2018 audit standard. Companies can use the assessment results to support customer requests, meet regulatory requirements, inform sourcing practices and continually improve due diligence management systems.

RMAP follows the International Organization for Standardization (ISO) 19011:2018 auditing standard in conducting an independent third-party assessment. ISO 19011:2018 is issued by the International Organization for Standardization and provides guidance on auditing management systems, including the principles of auditing, managing an audit program and conducting management system audits, as well as guidance on the evaluation of competence of individual auditors involved in the audit process.

Auditors shall apply professional judgment and obtain reasonable assurance that evidence is sufficient and appropriate when conducting the assessment. In these standards, the word 'must' is used where a matter is a requirement for achieving conformance to RMAP standards. The word 'must' is also used to indicate activities or tasks that are mandatory for an auditor to conduct as part of an assessment that meets the quality assurance requirements.

[^1]: © 2021 Responsible Business Alliance, Inc. and International Tin Association, Ltd. All Rights Reserved. [^2]: © 2021 The Copper Mark Company, the International Lead Association (ILA), the Nickel Institute (NI), the International Zinc Association (IZA), and the Responsible Business Alliance, Inc. All Rights Reserved.

II. Standards And Assessment Scope

A. Companies Within the Scope of the Audit

ELIGIBILITY CRITERION

Companies with facilities that meet the definition of a processor, integrated processing and mining operation, independent mining operation, upstream trader and/or exporter are eligible to use these standards with the exception of companies that fall under the definition of Artisanal and Small-scale Mining (ASM). All company activities, processes and systems used to implement supply chain due diligence and manage operations regarding covered minerals, including the management system, risk management, and disclosure of information are in scope for the assessment.

Where a company makes claims that receipts or operations are not covered by the standard, assessment or out-of-scope for any step of due diligence, those claims shall be verified during an assessment.

B. Minerals and Materials in Scope

ELIGIBILITY CRITERION

All covered minerals and materials, physically produced, received, held, traded, exported, and/or processed at an in-scope company during the assessment period, regardless of origin, storage location and type, are included.

Where tin, tantalum, tungsten, gold (3TG), are also processed at a facility along-side covered minerals where this standard is applied, separate mineral-specific standards for those minerals apply. These are described in relevant RMAP standards which include mineral specific requirements of the Supplements to the OECD Due Diligence Guidance for Responsible Mineral Supply Chains from Conflict-Affected and High Risk Areas, Edition 3 (OECD Guidance). For the detailed requirements on these minerals (3TG), refer to the dedicated standards[^3].

When the covered minerals fall under precious group metals, an assessment against this standard will include mineral specific requirements based on the Supplement on Gold of the OECD Guidance, as per guidelines provided in the related OECD Monitoring and Evaluation Framework.

Legacy materials that are received and entered into inventory by the company one year prior to the All Minerals Standard effective date do not require a determination of origin or other due diligence evaluation unless an earlier date is specified by a relevant RMI mineral-specific standard. Companies must provide sufficient documentation to demonstrate the materials have been received and entered into inventory prior to the specified legacy period (also referred to as grandfathered).

If the company identifies a red flag during the KYC review of the immediate supplier of the legacy material additional due diligence is required to ensure that the material is not associated with any risks described in Annex II.

Assay samples do not require due diligence evaluation provided that the company can produce a description of the type of samples, sufficient documentation on the quantity of mineral received and a verification that this quantity is less than 0.03% of the total receipts from the same producer over the same period. For mineral assay samples received from CAHRAs, the company may obtain a declaration from the exporter, producer and another party, such as government, or the on-the-ground assessment team, that such quantities are plausible, and taken from mineral batches traceable by that party. The company must provide reasonable evidence to demonstrate that the material is intended for purposes of testing and development and not production.

This standard is global in scope.

[^3]: Reference standards are available at http://www.responsiblemineralsinitiative.org/minerals-due-diligence/standards/

Figure 1: Applicability of All Minerals Standard

flowchart TD
    A["Is the auditee mining,<br/>trading, processing<br/>minerals?"] -->|No| B["Use RMI Downstream<br/>Audit Program"]
    A -->|Yes| C["Is the auditee a single<br/>metal company?"]
    C -->|No| D["Use Global Responsible Sourcing Due Diligence<br/>Standard For Mineral Supply Chains All Minerals"]
    C -->|Yes| E["Is the auditee a<br/>pinch-point processor?"]
    E -->|No| F["Is the auditee an<br/>upstream company (a,<br/>trader, processor)?"]
    F -->|Yes| G["Check applicability of an upstream program.<br/>RMI recognized upstream programs can be consulted here."]
    E -->|Yes| H{Mineral Type}

    H --> Sn["Sn: Tin Smelter: Responsible Minerals Assurance Process,<br/>ITA-RMI Assessment Criteria for Tin Smelters"]
    H --> Ta["Ta: Tantalum smelter: Responsible Minerals Assurance<br/>Process, Tin and Tantalum Standard"]
    H --> W["W: Tungsten smelter: Responsible Minerals Assurance<br/>Process, Tungsten Standard"]
    H --> Au["Au: Gold fine and crude refiners: Responsible Minerals<br/>Assurance Process, Gold Standard or a cross-<br/>recognized LBMA or RJC standard"]
    H --> Mica["Mica: Global Responsible Sourcing Due Diligence Standard For Mineral Supply Chains. All Minerals<br/>or Processor: Global Workplace Responsible Sourcing, Environmental, Health & Safety<br/>Due Diligence Standard for Mica Processors"]
    H --> Co["Co: Global Responsible Sourcing Due Diligence Standard For Mineral Supply Chains. All Minerals<br/>or Cobalt fine & crude refiners: Cobalt Refiner Due Diligence Standard 2.0"]
    H --> CuZn["Cu, Zn, Ni, Pb: Joint Due Diligence Standard for Copper, Lead, Nickel and Zinc (JDD)<br/>or Global Responsible Sourcing Due Diligence Standard For Mineral Supply Chains. All Minerals"]
    H --> Other["All other minerals: Global Responsible Sourcing Due Diligence Standard<br/>For Mineral Supply Chains. All Minerals"]

    D --> ESG["Does the auditee additionally aim to<br/>assess ESG performance?"]
    ESG -->|Yes| ESGStd["Environmental, Social & Governance (ESG)<br/>Standard for Mineral Supply Chains"]

    subgraph "ALL MINERALS IF PROCESSING INCLUDES 3TG"
        Plus["Requirements based on metal-specific<br/>RMAP standard +"]
    end

C. Add-on

This responsible minerals supply chain due diligence standard can be used as a foundation for a broader management program that includes environmental, social, health & safety, governance ("ESG"). RMI has developed a separate ESG Standard that can be integrated into a company's responsible minerals program and verified through the Responsible Minerals Assurance Process (RMAP).

The company may choose to undergo an assessment that combines the RMAP ESG criteria and the supply chain due diligence criteria. In these cases, separate reports may be issued for each standard.

III. Standards And Conformance Criteria

The standards of this document also form the conformance criteria and consist of Annex I of the OECD Due Diligence Guidance and elements of the OECD 3T Supplement for company's supply chain of covered minerals that are processed.

The OECD conformance criteria specify that steps to establish policies and management systems that are global in scope, conduct a red flag review based on the collection of relevant supply chain information, and report on due diligence must be implemented by all companies, regardless of the source of their minerals.

In instances where covered minerals are known or suspected to be from a CAHRA, steps to collect additional supply chain information, to conduct an OECD Annex II Risk Assessment, to establish an on the ground assessment team to assist in reporting and managing identified risks, as well as undergoing an independent third-party assessment must be implemented or supported by the company.

In the process of audit, auditors will assess:

Conformance criteria that consist of OECD aligned requirements
Conformance criteria that consist of Standard Setting Organization requirements. Those are instrumental to the implementation of the OECD Guidelines and associated programmatic and regulatory requirements such as Section 1502 of the US Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd Frank Act) and Regulation (EU) 2017/821 of the European Parliament and of the Council of 17 May 2017 laying down supply chain due diligence obligations for Union importers of tin, tantalum and tungsten, their ores, and gold originating from conflict-affected and high-risk areas (EU Regulation)

Figure 2: Applicability of Supply Chain Due Diligence (OECD) Conformance Standards

flowchart TD
    subgraph Step1["STEP 1"]
        S1A["A. Establish a policy"]
        S1B["B. Establish a management system"]
        S1C["C. Collect information on suppliers, minerals &<br/>materials for red flag review"]
        S1D["D. Engage with suppliers"]
        S1E["E. Establish a grievance system"]
    end

    Step1 --> Step2

    subgraph Step2["STEP 2"]
        S2A["A. Perform red flag review including by:"]
        S2A1["• Recording anomalies in deliveries"]
        S2A2["• Understanding plausible supply"]
        S2A3["• Determine CAHRA"]
    end

    Step2 --> Confirm1["Confirm & describe<br/>out-of-scope<br/>operators, legacy or<br/>assay materials"]
    Step2 --> Confirm2["Confirm & describe<br/>out-of-scope secondary materials"]
    Step2 --> Confirm3["Identify partially<br/>processed material<br/>such as slags or<br/>non-secondary metal<br/>product & confirm if<br/>supplying smelter has<br/>been assessed for<br/>due diligence"]
    Step2 --> Confirm4["Identify mineral types,<br/>including by-products,<br/>their origin, transport, &<br/>suppliers & determine<br/>red flag review outcome<br/>for Annex II risks"]

    Confirm3 -->|No| Confirm4

    Confirm1 & Confirm2 & Confirm3 -->|Yes| NoFlag["No red flags, or, red flags with Annex II risks not confirmed"]
    Confirm4 --> AnnexRisk["Annex II risk requiring on-the-ground assessment"]

    NoFlag --> Step5
    AnnexRisk --> Step123CAHRA

    subgraph Step123CAHRA["STEP 1, 2 & 3 (CAHRA)"]
        C1C["1C. Establish traceability from the mine"]
        C2B["2B. Establish an on-the-ground team"]
        C2C["2C. Carry out Annex II risk assessment"]
        C3A["3A. Report risk to management"]
        C3B["3B. Decide risk management strategy & plan"]
        C3C["3C. Implement & monitor risk management"]
        C3D["3D. Re-assess risks & revise management plan"]
    end

    Step123CAHRA --> Step5CAHRA

    subgraph Step5["STEP 5"]
        S5["A. Annual public report describing:"]
        S5A["• Company policy and management structure"]
        S5B["• Method outcomes of red flag review"]
        S5C["• Improvement in due diligence"]
        S5D["• Record keeping and disclosure"]
        S5E["• Publication of audit summary"]
        S5F["• Publication of policy"]
    end

    subgraph Step5CAHRA["STEP 5 (CAHRA)"]
        S5C1["A. Supplementary annual public report describing:"]
        S5C2["• Traceability and EITI support"]
        S5C3["• On-the-ground assessment & results"]
        S5C4["• Disengagement strategy or mitigation action"]
        S5C5["• Publication of audit summary"]
    end

IV. Cross-Recognition

In some cases, the Responsible Minerals Assurance Process may evaluate the cross-recognition of other third-party auditing programs and recognize these other programs as meeting the standards set forth in this document. Information on current cross-recognized programs and RMI recognition requirements can be found here: http://www.responsiblemineralsinitiative.org/minerals-due-diligence-container/recognized-standardsor-programs/audit-cross-recognition/

V. Limitations

This standard covers certain risks that companies may be faced with as part of their operations and responsible sourcing practices. However, these are not exhaustive. A successful assessment must not be used to imply operating performance beyond the strict scope of this standard.

Assessment of information disclosure among supply chain actors, to auditors, other stakeholders and the public will take into account the protection of business confidentiality and other competitive concerns. This includes price information and supplier relationships.

VI. Upstream Mechanism

The implementation of due diligence is the responsibility of the company. If sourcing from CAHRAs or if supplier red flags are identified, the company may in parts utilize upstream mechanism to carry out due diligence on its high-risk supply chains.

However, the use of Institutionalized Mechanisms or multi-stakeholder initiatives does not release companies from being responsible for the scope and quality of due diligence in their own supply chains.

Examples of systems and service providers are listed here: http://www.responsiblemineralsinitiative.org/minerals-due-diligence-container/recognized-standards-or-programs/upstream-assurance-mechanisms/

Where the company utilizes one or more upstream mechanism, the company must, at a minimum:

Understand the scope of activities of the upstream mechanism and understand any gaps between the scope of the mechanism's activities and the requirements of the OECD Guidance. For those parts of the company's due diligence process that are covered by the upstream mechanism, the company must:
- Ensure that all information generated by the upstream mechanism, and which is expected to be shared with the company, is received and records are maintained for at least five (5) years and made available to the auditor.
Have sufficient understanding of the context of conflict-affected and high-risk areas to be able to:
- Review and understand all information generated by the upstream mechanism, whether directly shared with the company or made available publicly.
- Assess their ability to exercise influence over actors in high-risk supply chains who can most effectively prevent or mitigate identified risks.
Where possible, actively participate in the upstream mechanism to mitigate identified risks in its supply chains.

VII. Supply Chain Due Diligence

A. Step 1 – Establish Strong Company Management Systems

OECD STEP 1 GUIDANCE REFERENCE:

Companies should:

A. Adopt and publish a supply chain policy for covered minerals.

B. Structure internal management to support supply chain due diligence.

C. Establish a system of controls and transparency over the covered minerals supply chain.

D. Strengthen company engagement with suppliers.

E. Establish a company-level grievance mechanism.

OECD Step 1A - Adopt and commit to a supply chain policy for minerals

A company must publish a policy, applicable to itself and its suppliers, which demonstrates that it is familiar with and committed to, performing OECD-conforming supply chain due diligence on risks described in Annex II (see Box 1). A policy may be developed at a company or group level that covers all facilities or at a facility level. The policy must also describe due diligence management processes and be adequate to be used by the company to assess itself and its suppliers' activities.

A company must:

Adopt a written supply chain policy with an effective date.
Include in the policy the standards against which the company will make assessments of itself and its suppliers' activities.
Ensure the policy and standards are consistent with those in the Annex II model supply chain policy or equivalent, including timescales for disengagement or progressive improvement through mitigation.
Include in the policy a clear and coherent description of the management process for identifying and managing risks.
Include in the policy a commitment to the due diligence steps relevant to its supply chain and operations.
Ensure the policy covers all covered minerals relevant to company activities.
Have and implement a process for periodically reviewing the policy and updating as necessary.
Ensure that policy is publicly available and communicated to suppliers.

Box 1. Risks Included in the OECD Guidance Annex II Model Supply Chain Policy

Note: Refer to the OECD Guidance document for all required information, including on recommended responses to identified risks.

Serious abuses associated with the extraction, transport or trade of minerals:
- Any forms of torture, cruel, inhuman and degrading treatment;
- Any forms of forced or compulsory labor;
- The worst forms of child labor[^4];
- Other gross human rights violations and abuses such as widespread sexual violence;
- War crimes or other serious violations of international humanitarian law, crimes against humanity or genocide.
Direct or indirect support to non-state armed groups[^5].
- For example, financial or logistical support to non-state armed groups who illegally control, tax or extort benefits at mines, trading points, transportation routes or supply chain actors.
Direct or indirect support to public or private security forces.
Bribery and fraudulent misrepresentation of the origin of minerals.
Money laundering.
Non-payment of taxes, fees and royalties to governments in accordance with the principles set forth under the Extractive Industry Transparency Initiative (EITI).

[^4]: See ILO Convention No. 182 on the Worst Forms of Child Labour (1999). [^5]: To identify non-state armed groups, companies should refer to relevant UN Security Council resolutions as well as other credible information sources and reports. This may include governmental sources and non-governmental organization reports.

Immediate action is expected when risks relating to serious human rights abuses and non-state armed groups are identified. Mitigation may be pursued while maintaining the business relationship with the aim of achieving significant measurable improvement within six months. Upon failure of mitigation, a temporary or permanent disengagement is expected[^6].

[^6]: The company may take decisions regarding risk mitigation strategy, disengagement, suspension or mitigation according to their own circumstances.

OECD Step 1B – Structure internal management to support supply chain due diligence

A company must have a system in place which assigns responsibility for each relevant aspect of the company's due diligence management process to identified and accountable staff. The nominated staff must be competent and have authority and resources to implement the process, which must include organizational structures that ensure communication to employees and suppliers.

A company must:

Assign responsibility for each part of the due diligence management process to appropriate staff
Provide authority to staff at a senior level to oversee due diligence
Ensure responsible employees have sufficient knowledge and experience of due diligence through training, including as part of new hire and refresher, on the due diligence management system to relevant personnel
Allocate adequate resources and staff for due diligence operation and monitoring
Implement communication processes to ensure that critical information – including the company supply chain policy, management processes and information on risks – reaches relevant employees and suppliers,
Report findings on actual and/or potential risks identified in the supply chain to the appointed senior manager; and
Put in place accountability for senior management expected to oversee due diligence.
Maintain records on how senior management has incorporated risks and assessments into company decisions.

OECD Step 1C – Establish a system of controls and transparency over the covered minerals supply chain

The company must have in place a chain of custody or traceability system or a system which enables them to identify upstream actors in the supply chain to the extent necessary to allow a red flag review of covered minerals and suppliers in Step 2A.

A company must collect and retain information for red flag review for a minimum of five years.

A company sourcing and processing precious group metals, including secondary material sourcing, must assign a unique reference number to each input and output and adopt tamper proof physical security measures as set out in the OECD Guidelines, Supplement on Gold.

Standards Setting Organization Requirements for mineral sourcing

In order to meet additional programmatic or regulatory requirements, a company must:

Collect and retain available information regarding covered minerals, their origin, transport and transit in order to determine if the known or suspected origin of the mineral is a CAHRA as follows:
1. Form, type and physical description of mineral type, including for by-products
2. The stated mineral origin (location of extraction, country or regional mining area within a country)
3. The type of operations (Artisanal and Small-Scale Mining - ASM and/or Large-Scale Mining - LSM) of the mined mineral used
4. Determine if LSM purchase covered materials from other sources, including ASM and whether this may trigger a red flag
5. Quantities and dates of extraction, if available, expressed in volume or weight. Note: not all suppliers will have this information available
6. Countries through which minerals have transited (in sealed shipping containers)
7. Countries through which minerals have been transported (not in sealed shipping containers), or in which they have been reprocessed, repacked or handled
Collect and retain available information regarding immediate suppliers, and any known actors further upstream in the supply chain identifiable through general business dealings or public reports in order to determine if supplier trading activities related to covered minerals is associated with known or suspected CAHRA as follows:
1. Name, addresses and type of business of immediate suppliers
2. Aggregated lists of countries in which the supplier has shareholder or company interests
3. Aggregated lists of countries of origin, transport and transit of minerals from which suppliers have sourced over the last 12 months
4. Declaration of the countries or areas determined by the supplier to be a CAHRA
5. Declaration of individuals and entities that hold direct or indirect beneficial ownership stakes in the supplier and review of these parties against relevant national and international sanctions lists and law[^7]
For by-products from other metal ores, have a process to obtain and retain information to determine the point of separation of covered minerals from those other ores and all information required for red flag review from that point.
For material sourcing of precious group metals seek to engage directly with legitimate ASM producers or their representatives where possible

[^7]: RMI guidance on beneficial ownership is as follows: Gold + Precious metals:

Recycled: all beneficial owners or at least 25% of ownership stake
Mined and intermediate material: all beneficial owners or at least 5% of ownership stake

3T+ C and All other minerals:

Recycled: at least 25% of ownership stake
Mined and intermediate material:
- Low risk all beneficial owners or at least 25% of ownership stake
- High-risk all beneficial owners or at least 5% of ownership stake

Standards Setting Organization Requirements for partially processed material sourcing

In order to meet additional programmatic or regulatory requirements, a company must obtain and retain information to evaluate which intermediate materials are produced by a supplying processor which has undergone a due diligence assessment equivalent to these criteria, or otherwise demonstrate that reasonable due diligence has been performed on the source of minerals in a supply chain:

For intermediate materials received from supplying processors the company must have and implement a process to obtain and retain the following information as follows:
1. Description of materials including composition, physical form and, if available, production date
2. Name and address of the immediate supplier
3. Name and address of the supplying processor that produced the material
4. Transport documentation from the supplying processor if material is from high-risk supply chain, unless the transport documentation has already been evaluated as part of the supplying processor audit scope
5. Records of confirmation of the independent third-party audit completion of the supplying processor under the Responsible Minerals Assurance Process or equivalent Standard and Assessment. Or, if the supplying processor has not undergone an independent third-party assessment under the Responsible Minerals Assurance Process or equivalent Standard and Assessment, the following additional information:
  1. Records identifying mineral or material inputs used for the production of intermediate materials received from the supplying processor together with information required for red flag review in Step 2A, and further information for full due diligence on covered minerals if inputs are known or suspected to be from a CAHRA.
    1. If specific inputs cannot be identified by the supplying processor, all inputs of the supplying processor must be validated.
For non-secondary metal products unused for their primary purpose[^9], have a process to obtain and retain the following information as follows:
1. Description of the metal products including composition, physical form and, if available, production date
2. Name and address of the immediate supplier
3. Name and address of the supplying processor who produced the metal in the metal product
4. Transport documentation from the supplying processor if material is from high-risk supply chain, unless the transport documentation has already been evaluated as part of a supplying processor audit scope
5. Records of confirmation of the independent third-party audit completion of the supplying processor under the Responsible Minerals Assurance Process or equivalent Standard and Assessment. Or, if the supplying processor has not undergone an independent third-party assessment under the Responsible Minerals Assurance Process or equivalent Standard and Assessment, the following additional information:
  1. Records identifying mineral or material inputs used for the production of materials received from the processor together with information required for red flag review in Step 2A, and further information for full due diligence on minerals if inputs are known or suspected to be from a CAHRA.
For materials received from downstream companies have and implement a process to obtain and retain the following information as follows:
1. Description of materials including composition, physical form and production date
2. Name and address of the immediate supplier
3. Records of confirmation of the independent third-party audit completion of the supplying Downstream Program conforming companies. Or, if the downstream company has not undergone an independent third-party assessment under the Downstream Assessment Program (DAP) or equivalent Standard and Assessment, the following additional information:
  1. Name and address of the supplying processor that produced the material
  2. Records identifying mineral or material inputs used for the production of materials received from the downstream company together with information required for red flag review in Step 2A, and further information for full due diligence on minerals if inputs are known or suspected to be from a CAHRA.

[^9]: An auditee may receive material which is not in ingot or a bar form from a supplying processor or a product manufacturer, the composition of which is mainly the covered mineral and which is unused for its primary purpose. Examples include products returned to the processor, e.g., for not meeting manufacturing specifications.

Standards Setting Organization Requirements for out-of-scope mineral or material sourcing

In order to meet additional programmatic regulatory requirements, a company must:

Obtain and retain information to demonstrate which receipts of minerals or materials are out-of-scope as follows:
1. For legacy receipts, have sufficient documentation to describe the type of mineral or material and demonstrate that the covered minerals were received and entered into inventory by the company on a verifiable date more than one (1) year prior to the All Minerals Standard effective date.
  1. Covered minerals that fall under precious group metals, for investment (ingots, bars, coins), the company shall identify the refiner that produced the precious metals investment product supplied. The refiner shall obtain sufficient information to reasonably confirm that the precious metal:
    1. Originated at the supplying refiner during a period that the supplying refiner was conformant with this Standard (or equivalent). For any investment products produced by a supplying refiner that was not conformant with this Standard (or equivalent), the refiner shall conduct due diligence in accordance with the requirements of the OECD DDG Step 4.
    2. OR is legacy material as defined by this Standard - verifiable date one (1) year prior to the All Minerals Standard effective date for all precious metals with the exception of gold. For gold legacy period shall be in line with the OECD DDG Gold supplement - verifiable date prior to 1 January 2012. Verified legacy materials will not require information on their origin; however, investment products will require "Know Your Counterparty" due diligence to ensure the trade in legacy stocks is not carried out in violation of international sanctions or does not enable money-laundering resulting from, or connected to, the sale of gold reserves in conflict-affected and high-risk areas.
2. For assay samples, have a description of the type of samples and sufficient documentation on the quantity of covered mineral received and a verification that this quantity is less than 0.03% of the total receipts from the same supplier over the same period.
  1. For mineral assay samples received from CAHRAs the company may obtain a declaration from the supplier and another party, such as government, aligned joint initiative or the on-the-ground assessment team, that such quantities are plausible, and taken from mineral batches traceable by that party.

Standards Setting Organization Requirements for secondary material sourcing

In order to meet additional programmatic regulatory requirements, a company must:

Obtain and retain information to demonstrate receipts are secondary and out-of-scope for CAHRA assessment:
1. Description of the secondary material including composition, physical form and any other information such as analysis data and/or photos.
2. Name and address of the immediate supplier
3. Transport documentation from the immediate supplier
For secondary material sourcing of precious group metals:
1. Sufficient information to reasonably exclude false representations made to hide the origin of newly mined materials in recycled supply chains.
2. For materials sourced from a location outside of a CAHRA, additional due diligence shall be carried out by the company for transactions beyond the threshold of 15,000 USD cash per transaction. Such due diligence shall be proportional to the value of the transaction.

Standards Setting Organization Requirements for all companies, covered minerals and materials

In order to meet additional programmatic regulatory requirements, a company must:

Implement a Know Your Counterparty (KYC) process to determine the identity, type of business relationship and legality of business operations for each supplying counterparty. The process must include:
1. Establishment of the identity of the supplying counterparty
2. Identification of ownership of supplying counterparty and corporate structure
3. Verification of supplying counterparty and their owners against relevant government sanction lists
4. KYC must be conducted before entering into a business relationship with a supplying counterparty and throughout the business relationship
5. Have records of assessment of suppliers prior to entering into business with new suppliers, including assessment of risks[^10].
Identify and document each individual transaction of material received. The process must record the date the material is physically received or the date the material is received in the company's material control system.
1. Companies may physically receive the material but only enter it into their material control system after initial analysis, finalization of contracting and/or transfer of ownership
Calculate a mass balance as a means to substantiate the total material processed by the company, taking into account receipts, inventory, losses, and sales quantities. For the purpose of this Standard, the mass balance calculation shall provide the following information:
1. The closing inventory (declared) and the closing inventory (calculated) must be within the allowed maximum margin of error of 10%. A negative (-10%) margin of error must be investigated and a reasonable justification must be provided to the company. For the purposes of the assurance process, the margin of error % will be calculated as follows:

[^10]: Such risk may be reported by a joint initiative.

Mass Balance Formula:

(Closing inventory (calculated) - Closing inventory (declared)) / Total material processed × 100 < 10%

Where:

closing inventory calculated = closing inventory at the end date of the assessment period as calculated by the auditor based on transactions reported over the audit period by the company.
closing inventory declared = actual closing stock based on physical material inventory in existence at the end date of the assessment period as determined by the company's normal inventory calculation and reporting processes.
total material processed = the total metal content of the material processed by the company during the audit period. This will include (as relevant) ore, secondary material and internal recycle/reclaim, whether the company's own material or material received for tolling.

Unreasonable changes to inventory (losses or gains) must be investigated and the findings established in writing.

Any discrepancies observed during internal material control processes and/or a mass balance calculation are investigated and findings recorded.
A company sourcing or processing precious group metals shall:
1. inspect all shipments for completeness of documentation and conformity to the information provided by the supplier on the types of material, verify weight and quality information, and make a business record of such verification.
2. Verify the physical security practices used by the immediate supplier to confirm that shipments have not been tampered with, unsealed or opened. The extent of such investigations may vary based on the risk profile of the material source.
3. Report any inconsistency, with no further action taken until the inconsistency is resolved, and physically segregate and secure any shipments with unresolved inconsistencies;
4. Record and render all material outputs identifiable with the following information:
  1. Name and / or stamp / logo of the refiner,
  2. Year of refining / production
  3. A unique reference allocated to each output (e.g. serial numbers, electronic identification or other practicable means).
5. Maintain inventory and transaction documentation that can be retrieved and should include material physical descriptions, supplier details including KYC information and unique references for processing, purchases and sales.
6. Ensure the total weight of material received and in inventory during the audit period can be reconciled with movements in and out of inventory for the same period. In support of this requirement, the company shall:
  1. Have a reconciliation process for receipts, inventories, losses, outsourcing and sales.
  2. Record the total material content of receipts within the audit period as well as the total content of products shipped within the audit period to demonstrate the ability to reconcile the totals and account for any reasonable losses.
7. Use reasonable and good faith efforts and steps proportional to risk, to determine whether the covered mineral is mined, recycled or grandfathered stocks in accordance with the applicable definition of the OECD Guidelines, Supplement on Gold.
8. Fully and transparently cooperate with law enforcement agencies regarding covered mineral transactions, provide customs officials with access to complete information on all international shipments.

OECD Step 1D – Strengthen company engagement with suppliers

The company must aim to establish positive long-term relationships with their immediate suppliers in order to increase leverage over the due diligence performance of those suppliers. The company must also communicate requirements to immediate suppliers, help build their capabilities, and consider measuring improvement over time.

A company must:

Establish, where practicable, long-term relationships with immediate suppliers
Confirm that immediate suppliers commit to a supply chain policy consistent with Annex II and the OECD Guidance
Communicate to immediate suppliers the company supply chain policy and their expectations on responsible supply chains of covered minerals, in particular for the management of risks identified in the supply chain.
Incorporate disclosure requirements and the requirement to comply with the company's supply chain policy, or where materially comparable, the immediate supplier's policy, into contracts and/or agreements with immediate suppliers, in a way that can be readily applied and monitored.
Consider ways the company can support and build capabilities of immediate suppliers to improve performance and conform to company supply chain policy, especially if carrying out Step 3 risk mitigation.
Support the implementation of the principles and criteria of the Extractive Industry Transparency Initiative (EITI) individually or through joint efforts and through company participation in appropriate reporting.
Design measurable improvement plans with immediate suppliers, with the involvement, if relevant and where appropriate, of local and central governments, international organizations and civil society when pursuing Step 3 risk mitigation.

Standards Setting Organization Requirements

In order to meet additional programmatic or regulatory requirements, a company must:

Require immediate suppliers to conduct basic Know Your Supplier (KYS) screenings of their suppliers including verification of individuals and entities that hold direct or indirect ownership stakes in the supplier against relevant sanctions lists[^11]
Avoid cash transactions where practicable and ensure cash transactions are supported by verifiable information
Monitor the performance of the immediate supplier against the expectations set out in the contract and /or agreements with the company.

[^11]: See footnote 5 for guidance on the verification of beneficial ownership

OECD Step 1E – Establish Company Level Grievance System

The company must:

Have a mechanism allowing any internal or external interested party, including affected parties and whistle-blowers, to voice concerns regarding the circumstances of extraction, trade and handling of covered minerals in order to alert the company to possible risks. The mechanism may be provided through collaborative arrangements with other companies, or by facilitating recourse to an external expert or body, such as an ombudsman.

Standards Setting Organization Requirements

In order to meet additional programmatic regulatory requirements, a company must:

Record concerns received through the company mechanism and the results of follow-up.

B. Step 2 – Identify and Assess Risks in the Upstream Supply Chain

OECD STEP 2 GUIDANCE REFERENCE:

Companies should identify and assess risks on the circumstances of extraction, trading, handling and export of covered minerals

A. Identify the scope of the risk assessment of the covered minerals supply chain

B. Map the factual circumstances of the company's supply chains, underway and planned

C. Assess risks in the supply chain

Note that companies may cooperate to carry out the requirements in this section through joint initiatives. However, companies retain individual responsibility for their due diligence, and should ensure that all joint work duly takes into consideration circumstances specific to the individual company.

OECD Step 2.A. – Identify the Scope of the Risk Assessment of the covered minerals Supply Chain

A company must review relevant information generated from Step 1 to conduct a red flag review of locations of covered minerals origin and transit, and supplier red-flags (See Box 2) in order to determine the need for Annex II risk assessment. The company must ensure that the scope of risk identification and risk assessment extends to all risks set out in Annex II and the recommendations in the OECD Guidance.

A company must:

Have and implement a process to review information gathered in Step 1 to determine whether there are any discrepancies or inconsistencies
Have and implement a process to review information gathered in Step 1 to determine whether further steps of due diligence are triggered.

Standards Setting Organization Requirements

In order to meet additional programmatic Regulatory requirements, a company must:

Design and implement a process to validate information on covered minerals and materials received as follows:
1. Confirm that the type, weight, composition and quality of covered minerals and materials received are consistent with accompanying documentation
2. Confirm that information required for red flag review as set out in Step 1C has been collected and/or provided by the immediate suppliers and any known actors further upstream
3. Investigate and address any discrepancies or inconsistencies identified during the above review
Design and implement a process to understand plausibility of covered mineral supply as follows:
1. Maintain a reasonable understanding of reserves, production and export statistics and trends for all mining countries and/or regional mining areas within a country
2. Consider available information on the mining site such as geological studies, on-site visits or other data where the company has a direct relationship with a mine
3. Consider the type, volume and chemical content received for secondary materials[^12]
4. Investigate and address any higher-than-expected volumes of covered mineral supplied from any area compared to the potential for production in that area
5. For covered minerals that fall under precious group metals, a company must:
  1. consider anomalies or unusual circumstances are identified through the information collected in the refiner's due diligence system which give rise to a reasonable suspicion that the material may contribute to conflict or serious abuses associated with its extraction, transport or trade.
  2. assess the plausibility of the volume, content and type of material supplied by the immediate supplier
  3. using reasonable and good faith efforts and steps proportional to risk, determine whether the material is mined, recyclable or legacy stocks.
Design and implement a process to determine any CAHRAs. The list of CAHRAs must include, at a minimum:
- The Democratic Republic of the Congo (DRC) and its nine adjoining countries as outlined in Section 1502 of the Dodd Frank Act, namely Angola, Burundi, Central African Republic, Republic of the Congo, Rwanda, South Sudan, Tanzania, Uganda, and Zambia
- the indicative list of CAHRAs provided by the European Commission pursuant to Article 14.2 of the European Union Regulation 2017/821
The process to determine any CAHRAs must include, at a minimum:
1. The types of resources used by the company to identify CAHRAs[^13];
2. The criteria used by the company to determine a CAHRA;
3. The frequency within which the determination is reviewed and updated;
4. A record of all the countries and/or areas identified as a Conflict-Affected or High-Risk within the Company's supply chain; and
5. Include in the process a general consultation of relevant national and international sanctions lists.

[^12]: Chemical content refers to the identification of minerals contained in secondary materials by means of assay testing [^13]: Companies may refer to available resources to determine CAHRAs, such as those listed by the US Dodd-Frank Act Section 1502 and the indicative list of CAHRAs provided by the European Commission pursuant to Article 14.2 of the EU Regulation (EU) 2017/821, or those provided by OECD-aligned initiatives, or assurance mechanisms.

For any origin or transit red flag, the risk is increased when anti-money laundering laws, anti-corruption laws, customs controls and other relevant governmental oversight laws are weakly enforced; informal banking systems operate, and cash is extensively used. In each of the supplier-based red flag considerations, the risk increases if the immediate supplier refuses to provide requested documentation or information.

Design and implement a process for red flag review in which the company compares the supplier and country of origin information gathered in Step 1C with the recorded results of the documentation check, the plausibility assessment, and the CAHRA determinations made by the company as above.
The responsible person must record the findings of the red flag review and report them to the senior management team.

OECD Red Flags

Red flag locations of covered minerals origin and transit:

The covered minerals originates from or has been transported via a CAHRA.
The covered minerals are claimed to originate from a country that has limited known reserves, likely resources or expected production levels of covered minerals (i.e., the declared volumes of covered minerals from that country are out of keeping with its known reserves or expected production levels).
The covered minerals are claimed to originate from a country through which covered minerals from a CAHRA are known or reasonably suspected to transit.

For covered minerals that fall under precious group metals, red flags also include:

The covered mineral is claimed to originate from recyclable / scrap or mixed sources and has been refined in a country where material from conflict-affected and high-risk areas is known or reasonable suspected to transit
Anomalies or unusual circumstances are identified through the information collected which give rise to a reasonable suspicion that the material may contribute to conflict or serious abuses associated with the extraction, transport or trade of the material.

Supplier red flags:

The immediate suppliers or other known upstream companies have shareholder or other interests in companies that supply covered minerals from or operate in a red flag location of covered minerals origin and transit.
The immediate suppliers or other known upstream companies are known to have sourced covered minerals from a red flag location of origin and transit in the last 12 months.

As part of the red flag review the company must also review information received according to Step 1C on all covered minerals for discrepancies or inconsistencies and record their determination of receipts as follows:
1. Byproducts and their associated risks from the point of separation.
2. Materials from supplying processors, traders, mine owners, individual or groups of collectors and evidence of third-party assessment of that company and whether covered minerals processed by those suppliers is from CAHRAs, and information and actions equivalent to these full relevant standards.
3. In situations where a supplier provides covered minerals or materials to other customers, the company or facility need only conduct a red flag review of those covered materials or minerals that are purchased or obtained by the company or facility, if other minerals or materials can be clearly segregated by the supplier. Minerals or materials that are outside of the company's or facility's individual supply chain are not expected to be included in the red flag review.
4. Covered minerals products and evidence of third-party assessment of the supplying processor producing the covered minerals and whether covered minerals processed by that company are from CAHRAs, or otherwise information and actions equivalent to these full relevant standards
5. Secondary materials verified to be out of scope
In performing the red flag review, the company must make a reasonable assessment of anomalies and likely risks and explain the findings which may conclude the outcome of the red flag review to be:
- Red flag locations or suppliers are not identified and so no Annex II risk assessment is required;
- Red flag locations or suppliers are identified but the review does not indicate a significant probability that the source of covered minerals is a red flag and this can be reasonably confirmed without on-the-ground investigation so Annex II risk assessment is not justified;
- Annex II risk assessment is necessary when red flag locations or suppliers are identified and the level of risk is unclear or the review indicates that:
  - The source of covered minerals is a CAHRA, or suspected to be a CAHRA rather than the stated origin;
  - The supplier has trading activities for covered mineral, relating to a CAHRA that could impact risks for covered minerals declared to be from non-CAHRA sources.

OECD Steps 2.B and 2.C are triggered only when the red flag review indicates the presence of CAHRAs in the company's supply chain and are addressed in the section below applicable to when CAHRAs are identified.

C. Step 3 – Design and Implement a Strategy to Respond to Identified Risks

(Where red flag review confirms the need for Annex II risk assessment on covered minerals)

OECD STEP 3 GUIDANCE REFERENCE:

Companies should:

A. Report findings to designated senior management.

B. Devise and adopt a risk management plan.

C. Implement the risk management plan, monitor and track performance of risk mitigation efforts and report back to the designated senior management of the company and consider suspending or discontinuing engagement with a supplier after failed attempts at mitigation.

D. Undertake additional fact and risk assessments for risks requiring mitigation or after a change of circumstances.

E. Request and support implementation of workplace standards for covered minerals mines or covered minerals collection.

OECD Step 3.A. – Report findings to designated senior management

The company must ensure that all risks identified during Step 2 are reported to a senior manager with designated responsibility for due diligence.

A company must have and implement a process to ensure that on an ongoing basis, an outline of information gathered and the actual and potential risks identified in the supply chain risk assessment are reported to senior management with designated responsibility for due diligence.

OECD Step 3.B. – Devise and adopt a risk management plan

The company must develop a plan to manage identified risks taking into account the options of continuing trade, suspending trade while managing risks, or disengaging from trade if risks are not manageable. The company should determine a risk management strategy appropriate for their own circumstances by reviewing their supply chain policy. If the company is not disengaging then it must constructively maintain a risk management plan explaining possible company strategies in response to risks which include: engage with stakeholders to promote progressive improvement to eliminate negative impacts over a reasonable timescale. This must include consulting with affected suppliers, local authorities, civil society and third parties and providing them with assessments and plans for discussion. The company must ensure that the plan for risk mitigation has actions from which the outcomes are measurable.

A company must have and implement a process to:

Continue trade throughout the course of measurable risk mitigation efforts; OR temporarily suspend trade while pursuing ongoing measurable mitigation efforts; AND/OR disengage with a supplier in cases where mitigation appears not feasible or unacceptable.
Review identified risks against the company policy to determine the relevant risk management strategy and a relevant risk management plan.
When mitigating risks, include in the risk management plan a description of means to achieve progressive improvement within reasonable timescales.
In order to support progressive improvement, build and/or exercise leverage over the actors in the supply chain who can most effectively and most directly mitigate the risks.
Consult with suppliers and affected stakeholders to agree on the strategy for risk mitigation in the risk management plan including qualitative or quantitative measures of improvement.
Publish the supply chain risk assessment and risk management plan with due regard to business confidentiality and other competitive concerns (refer to Step 5).
Include in the risk management strategy and plan, responses to risks associated with relevant national and international sanctions, including notification of those risks in the annual due diligence report and to customers.

Fulfillment of relevant standards may be demonstrated by confirming the company has and implements a process to review identified risks reported by the on-the-ground assessment team in order to clarify and confirm:

A. Risk mitigation measures recommended are appropriate for the company plan; B. There is direct engagement with relevant stakeholders to pursue mitigation; C. Progress is reviewed on the ground against the recommended actions; D. Information on risks and progress of mitigation is shared while taking into account due regard to business confidentiality and other competitive concerns E. Whether additional responses or actions by the company are needed, including disengagement, suspension or to increase leverage on suppliers or other stakeholders.

When the covered minerals fall under precious group metals, a company must intensify the system of controls and transparency over the supply chain and specifically:

Increase engagement with the immediate suppliers to effectively mitigate risks identified.
Establish a chain of custody or traceability system to gather and maintain the information collected under Step 1C. above for each covered mineral input. The chain of custody information may be required retrospectively for transactions received and held physically segregated by the company subject to further investigation.
Ensure the physical security (e.g. security of transport, sealing, tamper-proof container) over shipments of covered minerals.
Incorporate the right to conduct unannounced spot-checks on immediate suppliers and have access to their documentation as relevant to the exercise of due diligence in written agreements.

OECD Step 3.C. – Implement the risk management plan

The company must, in cooperation with the internal and external relevant stakeholders mentioned in Step 3B, ensure that the risk mitigation plan is implemented, and its progressive success monitored. The company may wish to establish community networks to assist with this monitoring. Once the senior manager responsible for due diligence receives updated information on the management of identified risks they must confirm or re-consider the company strategy as appropriate.

A company must:

Have and implement the risk management plan.
Monitor and track performance of risk mitigation. This may be done in cooperation and/or consultation with local and central authorities, upstream companies, international or civil society organizations and affected third parties.
Report back to designated senior management and consider suspending or discontinuing engagement with a supplier after failed attempts at mitigation.
Consider establishing or supporting a community monitoring network to monitor or track performance of risk mitigation.
Implement the risk management strategy and plan for risks associated with relevant national and international sanctions.

A company may demonstrate fulfillment of relevant standards by confirming it has and implements a process to review the progress and results of mitigation of identified risks by the on-the-ground team in order to confirm:

A. Direct engagement with relevant stakeholders to pursue mitigation has continued B. Whether a community monitoring network is in place (if established) C. The results of mitigation six months from the identification of any risk. D. Whether additional responses or actions by the company are needed, including disengagement, suspension or to increase leverage on suppliers or other stakeholders.

Immediate disengagement is expected when risks relating to serious human rights abuses and non-state armed groups are identified. Mitigation may be pursued for other risks with the aim of achieving significant measurable improvement within six months. Upon failure of mitigation, disengagement is expected for a minimum of three months[^14] E. Report suspicious transactions and suspicious behavior of criminal activity to local, national, regional and international law enforcement agencies.

[^14]: The company may take decisions regarding risk mitigation strategy, disengagement, suspension or mitigation according to their own circumstances

OECD Step 3.D. – Undertake additional fact and risk assessments for risks requiring mitigation, or after a change in circumstances

A company must conduct ongoing monitoring, and after the implementation of the risk management plan and/or following any change in the company supply chain information gathering, and cross-checking against company standards must be repeated (Step 2B-2C).

D. Step 4 - Carry Out Independent Third-Party Audit of Company's Due Diligence Practices

Plan an independent third-party audit of the company's due diligence for responsible supply chains of covered minerals.

OECD STEP 4 GUIDANCE REFERENCE:

Companies should undergo independent third-party audits of their supply chain due diligence.

The company must allow an independent third-party audit of its activities, processes and for supply chain due diligence of covered minerals. The company must ensure that it is adequately prepared with samples of relevant documentation available to be reviewed in preparation or performance of the audit and must allow auditors access to company sites, personnel and all documentation and records of supply chain due diligence relevant to the scope of the audit. This audit may combine environmental, occupational health and safety, social and governance standards and the supply chain due diligence standards. In these cases, separate audit reports may be issued for each standard.

Where a company is undergoing an assessment against this standard, such an assessment meets the OECD Step 4 criterion.

Third-party audits of a company can include the voluntary verification of transport documentation for materials from high-risk supply chains delivered to a receiving upstream or downstream company, in which case the verification of transport documentation can be excluded from the due diligence of the receiving company in Step 1C.

E. Step 5 – Report Annually on Supply Chain Due Diligence

OECD STEP 5 GUIDANCE REFERENCE:

Companies should annually report or integrate, where practicable, into annual sustainability or corporate responsibility reports, additional information on due diligence for responsible supply chains of covered minerals.

Companies must annually report on due diligence for responsible supply chains of covered minerals or integrate that information into annual sustainability or corporate responsibility reports where the company publishes one. Companies should publish the annual due diligence report and their RMAP Summary Assessment Report regardless of their sourcing practices, type of materials, or origin of minerals.

All public information published must take into account business confidentiality and other competitive concerns including price information and supplier relationships. Confidential information may include, for example, information on company suppliers, customers, contract terms, tonnage and capacity.

A company must publish the following information in the due diligence report:

Company Management Systems as follows:
1. The availability of a company's supply chain policy, with indication that the policy has been audited under the Responsible Minerals Assurance Process or equivalent Standard and Assessment and a link to company supply chain statement. Explain the management structure responsible for due diligence
2. Describe the system used by the company to gather information necessary for red flag review
3. Explain how information obtained for red flag review has strengthened the company's due diligence efforts
4. Describe the company's record-keeping system
5. Describe methods for disclosing relevant information to downstream actors

A company may demonstrate fulfillment of relevant standards by referring in its annual due diligence report, in general terms, to methodologies, information, results or strategies while not identifying relations with specific suppliers or customers.

A company participating in an industry program may demonstrate compliance with the reporting requirement by publishing a summary audit report through that industry program.

If a targeted Annex II risk assessment (Step 2C) has been required, the company must also describe additional management systems and outline the methods of, and type of information provided by, the on-the-ground assessment team as well as an explanation of how the company performs risk assessment. The company strategy for responding to risks must also be outlined, including any training of suppliers, the involvement of stakeholders and the company efforts to monitor risk management activities.

Company Management Systems as follows (additional information when CAHRA present):
1. Describe the company's system for chain of custody and traceability of the supply chain to identify locations and operators for Annex II risk assessment.
2. Describe methods for disclosing relevant information to mine of origin to downstream actors.
Company risk assessment in the supply chain as follows:
1. Publish the methodology and results of the risk assessment and the supply chain management plan with due regard taken of business confidentiality and other competitive concerns (Refer to Step 3B).
2. Outline the methodology, practices and information yielded by the on-the-ground assessment.
3. Explain the methodology of company supply chain risk assessments.
Risk management is as follows:
1. Describe the steps taken to manage risks, including a summary report on the strategy for risk mitigation in the risk management plan, and capability training, if any, and the involvement of relevant stakeholders.
2. Disclose the efforts made by the company to monitor and track performance.

The company must publish with due regard taken of business confidentiality and other competitive concerns:

The name of the audit firm (this information may be included in the audit firm summary report)
Supply Chain Policy

Company must also publish, either directly or through an industry program, a summary audit report with due regard taken of business confidentiality and other competitive or security concerns, which should include:

company details, the date of the audit and the audit period;
The audit activities and methodology,
The audit conclusions

Due Diligence Applicable Only for Materials Known or Suspected to be from CAHRAs

OECD Step 1C1 to 1C4 – System of Controls and Transparency

(Where the red flag review confirms the need for Annex II risk assessment on covered minerals known or suspected to be from CAHRAs per Step 2B)

Where a company determines the need for a full Annex II risk assessment, based on the outcomes of the red-flag review in Step 2A, the company must have in place a chain of custody or a traceability system that generates detailed information on the circumstances of extraction, export, processing or trade.

In situations where a supplier provides minerals or materials to other customers, the company or facility need only conduct a red flag review of those materials or minerals that are purchased or obtained by the company or facility. Minerals or materials that are outside of the company's or facility's individual supply chain are not expected to be included in the red flag review.

The company must have a system to store information for five years, including records of payments made by suppliers which constitute risks associated with those listed in Annex II. The company must also avoid use of cash and support the principles of the Extractive Industry Transparency Initiative (EITI).

A company must:

Seek to incorporate the right for the company to request data required to complete the risk assessment into written agreements and/or contracts with immediate suppliers that have undergone a third-party audit under the Responsible Minerals Assurance Process or equivalent Standard and Assessment whether traders, aggregators, companies, mines or exporters. The disclosure requirements include information listed in Step 1C1 and 1C2:
1. Description of the materials (type and weight)[^15]
2. The ownership (including beneficial ownership) and corporate structure of the supplier and/or in-country exporter, including the names of corporate officers and directors; the business, government, political or military affiliations of the company and officers;
3. Transportation routes;
4. All export and import documentation of international traders
If the immediate supplier has not undergone an RMI RMAP independent third-party assessment, the following additional information:
1. All taxes, fees or royalties paid to government for the purposes of extraction, trade, transport and export of covered minerals;
2. Any other payments made to governmental officials for the purposes of extraction, trade, transport and export of covered minerals;
3. All taxes and any other payments made to public or private security forces or other armed groups at all points in the supply chain from the point of covered minerals extraction onwards;
4. The mine of covered minerals origin;
5. Quantity, dates, if available, and method of extraction (artisanal and small-scale or large-scale mining);
6. Locations where covered minerals are consolidated, traded, processed or upgraded;
7. The identification of all upstream intermediaries, consolidators or other actors in the upstream supply chain;
Introduce a chain of custody or traceability system and retain information for five years.
Make the information gained related to company due diligence standards and processes available to immediate downstream purchasers or to auditors with the mandate to collect and process information on covered minerals from CAHRAs, with due regard taken of business confidentiality and other competitive or security concerns.
Avoid, where practicable, cash purchases for company transactions. Where cash purchases are unavoidable, the company must obtain verifiable documentation and preferably route the transaction through official banking channels.
Support the implementation of the principles of the EITI through company participation in appropriate reporting. This reporting is required only in an implementing country of EITI.

[^15]: In the context of a third-party assessment, auditors will review records of date of physical transportation/arrival date of the materials for each independent section of the domestic and international transportation route. A company shall make this information accessible to the auditors.

If the company identifies risks that receipts may be associated with covered minerals known or suspected to be from CAHRAs or if other high risks are identified, then further steps must be taken as relevant and appropriate.

Annex II risk assessment is required when sourcing from CAHRAs, the company must continue through the remaining steps of due diligence. This includes continuing with Step 2B, 2C, 3, 4, and 5 and obtaining information on the supply chain to the mine of origin (Steps 1C1 to 1C4) and conduct on-the-ground assessments[^16] or engaging an aligned upstream assurance mechanism to understand local context, work with local stakeholders, suggest and monitor risk management and address grievances. The on the ground assessment team shall be independent of the activities being assessed and understand local context, work with local stakeholders, suggest and monitor risk management and address grievances.

[^16]: Processors may rely on upstream assurance mechanisms to carry out on-the-ground assessments, however, the processor remains individually responsible for following any of the recommendations put forward by assessment teams and acting on them.

OECD Step 2.B. – Map the Factual Circumstances of the Company's Supply Chain(s), Underway and Planned

(Where red flag review confirms the need for Annex II risk assessment on covered minerals known or suspected to be from CAHRAs)

The company should establish a chain of custody or traceability system to obtain relevant information according to Step 1C1 to 1C4 in order to be able to identify and assess Annex II risks. The company must work to understand the supply chain to the mine of origin and understand the context within the identified CAHRA, including via on-the-ground assessment teams or an aligned upstream assurance mechanism while retaining individual responsibility for company actions and decisions.

When collecting additional information from red flagged supply chains, the company should use a risk-based approach with priority given to persons, places and transactions that present higher risk.

A company must have and implement a process to:

Understand the context of CAHRAs that have been identified in the company's supply chain.
Clarify the information on chain of custody, activities and relationships of all upstream suppliers obtained for the red flag review in Step 1C.
Identify the locations and qualitative conditions of the extraction, trade, handling and export of the covered minerals by implementing Step 1 C1 to C4 (i.e., a chain of custody or traceability system).
Obtain and maintain up to date on-the-ground information for use in company risk assessment according to the OECD Guidance Appendix (See Box 3).

A company sourcing or processing precious group metals, during the on-the-ground assessment, must obtain evidence of the factual circumstances of material extraction, trade, handling and export, having regard to the differences between LSM and ASM material and respectively:

Obtain more detailed information on the supply chain actors and supply chain of LSM material, including:
1. Information on the location and identity of mines as well as each point of processing, transportation and trade.
2. Current production and capacity of the mine.
3. KYC information of all actors in the upstream supply chain, including the identification of the related businesses, subsidiaries, parents and affiliates.
4. Evidence of the legality of operations as well as payment of taxes, fees and royalties.
5. Information on all of the risks covered by the company's supply chain policy.
6. If applicable, information on ASM operations on the LSM concession, on the relationship between the LSM and ASM as well as any instances of ASM material being introduced into the company operations
Obtain more detailed information on the supply chain actors and supply chain of ASM material, including:
1. Identification of the suppliers of ASM material to the local exporter.
2. Information on the origin, transportation and trading routes of the material.
3. An assessment of whether the artisanal mining team or association can be considered to be involved in legitimate artisanal and small-scale mining.
4. KYC information on the exporter and all supply chain actors between the exporter and the company.
5. Payment of taxes, fees and royalties to government institutions and officials on export.
6. Information on all the risks covered by the company's supply chain policy.
7. Any instances of materials from other sources being introduced into the supply chain and / or fraudulently represented.
8. If applicable, information on the relationship between the LSM and ASM producers.
Assist and enable legitimate ASM to build secure, transparent and verifiable supply chains through training, support in the formalization process, loans, etc..

A company sourcing or processing secondary materials of precious group metals, must:

Collect additional information from red flagged supply chains, including through on-site visits to recycled material suppliers, using a risk-based approach with priority given to persons, places and transactions that present higher risk. Risk factors for the company to consider include:
1. Value of a transaction;
2. Place of transaction;
3. Type of material;
4. Unusual circumstances;
5. Type of supplier.
Collect the additional information of those transactions requiring enhanced scrutiny, including:
1. Whether there are manufacturing facilities where scrap may be generated.
2. Whether there is significant ownership and turnover of privately-held jewelry.
3. the reasonably approximate level of business being done in recyclable/scrap precious group metals.

OECD Step 2.C. – Assess Risks in the Supply Chain

(Where red flag review confirms the need for Annex II risk assessment on covered minerals known or suspected to be from CAHRAs)

The company must cross-check the factual information available, including the facts provided by the on-the-ground assessment team against the company supply chain policy and standards and carry out a risk assessment. These standards include national laws of the company's own country and those of covered minerals origin, transport and re-export.

The company must also take into account legally binding documents governing operations and business relations, as well as other relevant laws.

A company must:

Design and implement a process to use all relevant available information obtained in Step 2B in a comparison with the following:
1. The principles and standards of the company supply chain policy referencing Annex II
2. National laws of the countries;
  1. where the company is domiciled or publicly traded (if applicable);
  2. from which the covered minerals originate; and
  3. of transport or re-export.
3. Legal instruments governing company operations and business relations, such as financing agreements, contractor agreements and supplier agreements
4. Other relevant international instruments such as the OECD Guidelines for Multinational Enterprises, international human rights and humanitarian law.[^17]

[^17]: Including comparison with relevant national and international sanctions lists

If the outcome of the comparison identifies any reasonable inconsistency between factual information and their standard, that is an identified risk with potential adverse impact to which Step 3 applies.

VIII. Annexes

Annex A: Definition of Terms and Acronyms

Term	Definition
Annex II	Annex II of the OECD Guidance titled "Model Supply Chain Policy for a Responsible Global Supply Chain of Minerals from Conflict-Affected and High-Risk Areas."
Artisanal or Artisanal and Small-Scale Mining (ASM)	Formal or informal mining operations with predominantly simplified forms of exploration, extraction, processing, and transportation. ASM is normally low capital intensive and uses high labor-intensive technology. "ASM" can include men and women working on an individual basis as well as those working in family groups, in partnership, or as members of cooperatives or other types of legal associations and enterprises involving hundreds or even thousands of miners. For example, it is common for workgroups of 4-10 individuals, sometimes in family units, to share tasks at one single point of mineral extraction (e.g., excavating one tunnel). At the organizational level, groups of 30-300 miners are common, extracting jointly one mineral deposit (e.g., working in different tunnels), and sometimes sharing processing facilities.
Assay	Small quantities taken as samples from any covered mineral-containing material in order to test the precise chemical composition. Assay samples do not require due diligence evaluation provided that the company can produce a description of the type of samples, sufficient documentation on the quantity of mineral received and a verification that this quantity is less than 0.03% of the total receipts from the same producer over the same period. For mineral assay samples received from CAHRAs the company may obtain a declaration from the exporter, producer and another party, such as government, or the on-the-ground assessment team, that such quantities are plausible, and taken from mineral batches traceable by that party. The company must provide reasonable evidence to demonstrate that the material is intended for purposes of testing and development and not production.
Assessment/Audit	A formalized evaluation of an entity against criteria established independent of the audited entity, typically resulting in a report containing specific findings. In this document, the term "audit" is used specifically in the context of the OECD Guidance Step 4 or the ISO19011:2001 Standard. The evaluation of a company against the conformance criteria in this document is referred to as "assessment."
Auditor/Audit firm	The individual/entity that carries out an assessment of a company against the criteria and produces an audit firm report.
Assessment period	The period of time covered by the assessment, typically one year.
By-product	Not a primary product. Mineral resulting from the processing of another covered mineral ore which would have otherwise not been obtained without the processing of that ore.
Business confidentiality and other competitive concerns	Information regarding supplier relationships as well as factors that may affect price or competition such as capacity, trading routes, covered minerals sources and other information normally protected by competition/anti-trust law.
Chain of custody or a traceability system	A process to collect detailed information on the supply chain as specified in OECD Guidance Step 1.C.
Company	A legal business entity with overall management responsibility of operations and administration of at least one company. A company can consist of a single facility and business processes (processing) or multiple facilities and business processes. For the purposes of this Standard, this includes processors, integrated processing and mining operations, independent mining operations, upstream traders and/or exporters.
Conflict-affected and high-risk areas (CAHRAs)	Conflict-affected and high-risk areas where Annex II risks are likely to exist. They are identified by the presence of armed conflict, widespread violence or other risks of harm to people. Armed conflict may take a variety of forms, such as a conflict of international or non-international character, which may involve two or more states, or may consist of wars of liberation, or insurgencies, civil wars, etc. High-risk areas may include areas of political instability or repression, institutional weakness, insecurity, collapse of civil infrastructure and widespread violence. Such areas are often characterized by widespread human rights abuses and violations of national or international law.[^18]
Covered minerals	For the purpose of this standard, covered minerals refers to mined ores, metals, intermediates containing, or made up of, any mineral with the exception of tin (cassiterite), tantalum (coltan), tungsten, cobalt, mica and any of their intermediates. Covered minerals include industrial and minor metals (e.g. copper, nickel, iron, manganese, vanadium, titanium, lithium) as well as precious group metals (i.e. gold, silver, palladium, platinum).
Criteria	The program requirements against which an auditor evaluates companies to assess the company's level of conformance in an assessment.
Critical Information	Information related to the company's due diligence and that is necessary for all parties involved, specifically employees and suppliers, to effectively carry out the tasks and responsibilities assigned to them as part of the company's due diligence.
Downstream	The supply chain from processors to retailers.
Extractive Industry Transparency Initiative (EITI)	A standard to promote the open and accountable management of oil, gas and mineral resources the implementation of which takes place in countries signed up to the EITI.
Facility	A singular location of a company.
Identifying upstream actors	A process to identify known immediate suppliers and any known actors further upstream which are identifiable through general business dealings or public reports to the extent necessary to enable red flag review.
Immediate supplier	The entity which has a contract with and supplies covered minerals to the company and is immediately before the company in the supply chain, which may be suppliers such as mining entities, traders, exporters processors, or downstream users.
Intermediate materials	A partially processed substance in unalloyed, alloyed or chemical form that requires further refining prior to sale by a processor to downstream customers. Intermediate material may result from the processing of either mined material or recycled material.
Inventory (whether calculated or declared)	Stocks of mineral, secondary material, other materials and finished metal product, including work in progress not calculated in stocks, and similar mineral or material held at the processing facility of the company.
ISO 19011:2018	International Organization for Standardization guidelines for auditing management system provides guidance on auditing management systems, including the principles of auditing, managing an audit program and conducting management system audits, as well as guidance on the evaluation of competence of individuals involved in the audit process, including the person managing the audit program, auditors and audit teams.
Joint Initiative	An industry-wide initiative enabling cooperation between companies, on responsible supply chain management meeting the due diligence principles, standards and processes of the OECD Guidance which may assist in establishing a system of controls over the supply chain to build leverage, overcome practical challenges and effectively discharge the due diligence recommendations contained in the OECD 30 Guidance. The joint initiative may establish suitably qualified and independent on-the-ground assessment teams, including to report on risks, recommend risk management, engage stakeholders and measure progress as well as having information systems jointly accessible by companies.
Large Scale Mining (LSM)	All formal operations characterized by substantial capital, heavy equipment, high technology and a significant workforce (large and medium in size) not meeting the ASM definition.
Legacy materials	Materials received and entered into inventory by the company more than one (1) year prior to the All Minerals Standard effective date. Also sometimes referred to as grandfathered materials.
Legitimate ASM	ASM consistent with applicable national laws. Miners demonstrate good faith efforts to operate within the legal framework and engage in opportunities for formalization. Mining activities cannot be considered legitimate when they contribute to conflict and serious abuses associated with the extraction, transport or trade of minerals as defined in Annex II of the Due Diligence Guidance.
Mass balance	Method by which companies verify that the quantity of mineral and material received and in inventory during the assessment period matches that expected from the transaction records, taking into account the possible error margin of inventory, stock, and loss estimation.
Material(s)	For the purpose of this standard, any products or primary materials containing covered minerals, by virtue of this definition materials includes covered minerals.
Metal product	Metals in any unalloyed, alloyed or chemical form which may be used as a semi-finished or finished good.
Mineral(s)	Mineral containing ore in any physical form, extracted through mining of geological deposits, processed to higher grade mineral concentrate, and used in a primary processor to produce metal products for refining.
Mining operations	Sites, locations and activities dedicated to extracting unprocessed ores and minerals from the earth and transporting them to a processor.
OECD Guidance	General term for the Organization for Economic Co-operation and Development (OECD) Due Diligence Guidance for Responsible Supply Chains on Minerals from Conflict-affected and high-risk areas http://www.oecd.org/daf/inv/mne/OECD-Due-Diligence-Guidance-Minerals-Edition3.pdf
On-the-ground assessment team	An assessor or team that meets the following minimum requirements: Independence from the activity being assessed; Free from any conflict of interest; Appropriate level of competence, including: Demonstrated experience in the implementation of on-the-ground assessments and/or assessments of mining (mechanized and/or artisanal) operations in the context of conflict-affected and high-risk areas; Knowledge and experience in the subject matter to be assessed.
Ore	Natural rock or sediment extracted from the earth that contains an economically valuable concentration of one or more minerals.
Origin	The country, or regional mining area within a country, from which ore was extracted from the ground.
Precious group metals	Gold, silver, palladium and platinum group metals.
Primary	Mined materials or substances used in the primary production of metals.
Processing	Transformation or beneficiation of covered minerals through any physical, chemical or thermal means.
Processor	An entity that receives material (which includes primary, intermediate and/or secondary materials) and produces refined, smelted, treated, transformed, purified, or cleaned mineral or metal products for use in a downstream manufacturing and other midstream or downstream processes. This includes processors co-located with mines and stand-alone operations. Processor definition for the purposes of this standard includes but is not limited to, smelters, refiners (fine and crude), treatment units, transformation operations, toll millers, aggregators, and recyclers.
Recycled material	Material that has been previously processed, such as end-user, post-consumer material, investment gold, scrap and waste metals as well as materials arising during processing and product manufacturing, which is returned to a refiner or other downstream intermediate processor to begin a new life cycle.
Recycled material's origin	The origin is the point at which it becomes recyclable, such as when it is first sold back to a recycler/refiner/smelter.
Red flag review	A comparison of information gathered in Step 1C with the recorded results of documentation check, plausibility assessment, and CAHRA determinations in order to assess the scope of further risk evaluation and confirm out-of-scope receipts.
Receipts	All covered minerals received during the assessment period.
Risk	Adverse impacts which may be associated with extracting, trading, handling and exporting covered minerals from conflict-affected and high-risk areas.
Risk Assessment	Cross-checking of information for inconsistencies undertaken in Step 2C in order to verify identified Annex II risks. Only required following identification of known or suspected CAHRAs during red flag review.
Risk Management Plan	A plan under Step 3 of the OECD Guidance to manage identified Annex II risks taking into account strategy options of continuing trade, suspending trade while managing risks, or disengaging from trade if risks are not manageable.
Risk Mitigation	Actions under Step 3 of the OECD Guidance intended to reduce the adverse effects of risks described in Annex II of the OECD Guidance.
RMAP	Responsible Minerals Assurance Process, the company assessment program under the RMI.
RMI	Responsible Minerals Initiative.
Secondary	Materials commonly referred to as recycle/scrap. This includes recycled covered minerals which are scrap processed covered minerals created during product manufacturing including: excess, defective, and scrap covered minerals materials which contain processed covered minerals that are appropriate to recycle. As defined by the OECD Guidance, minerals partially processed, unprocessed, or by-products from another mineral are not recycled or secondary materials.
Supplier(s)	All companies from which the company received materials during the assessment period. These include immediate suppliers and other known suppliers further upstream which are identifiable through general business dealings or public reports.
Supplying processor	The last processor in the supply chain where mineral(s) was/were processed. Trading actors and other pass-through segments of the supply chain are not supplying processors.
Transit	Shipping of goods between origin and final destination, including through countries and across international borders, without discharging the cargo.
Transport	Movement of goods from one location to another.
Upstream	The supply chain from the mine to processors inclusive, which for the purpose of the OECD Guidance and these standards includes artisanal or small-scale producing enterprises, rather than individuals or informal working groups of artisanal miners.

[^18]: OECD Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, Third Edition

Annex F: OECD Step 5 Company Public Report

Below is an outline of categories that are recommended to be included in these reports. This outline is recommended for all companies; however, the scope and level of detail may reasonably be reduced in low-risk contexts. It is recommended to provide examples where possible to illustrate application of due diligence concepts.

Company Introduction
- a. Company Name
- b. Company ID (CID)
- c. Location
- d. Materials processed
Audit Summary
- a. Date of last audit
- b. Audit period
- c. Lead auditor name
- d. Link to most recent publicly available audit report
Company Management System
- a. Supply Chain Policy
- b. Management Structure and Responsibility
- c. System of Controls and Transparency
- d. Record keeping system
Risk Assessment
- a. Risk assessment process, methodology and results
- b. Methodology, practices and information yielded in on-the-ground assessments
Risk Management
- a. Risk mitigation strategy
- b. Involvement of affected stakeholders
- c. Descriptions of efforts to track and monitor progress
OPTIONAL (for all materials except mica): Description of other issues and/or risks beyond Annex II of the OECD Guidance included in the due diligence system (e.g., Environment; Health & Safety; Child Labor, all forms)

Where the company utilizes an upstream assurance mechanism, some of the information may be published by this system and does not need to be repeated by the company. This concerns, in particular, descriptions of methodologies or systems of control over the supply chain. It is the responsibility of the company to request and obtain this information from the upstream assurance mechanism and to make it available for the due diligence audit. Companies, auditors, and the program may be subject to confidentiality agreements in regard to information generated by the upstream assurance mechanism.

Annex G: Revision History

All assessments utilizing this Standard must use the most current version of the Standard, which is identified by the "Publication Date" on the cover page.

Revision History: Global Responsible Sourcing Due Diligence Standard for Mineral Supply Chains (All Minerals)

Date	Description
December 2021	Initial release
December 15, 2022	Minor revision - incorporation of OECD DDG Gold Supplement requirements for precious metals companies in line with the OECD
September 15, 2024	Minor revision - expansion of Standard applicability to Cobalt and Mica

Assessment Criteria

Criterion Scoring Framework

CONF: Conformant

Severity: 1
Definition: "Facility meets all applicable requirements"

ACTIVE: Active

Severity: 2
Definition: "Facility engaged in assessment process or corrective actions"

NON-CONF: Non-Conformant

Severity: 3
Definition: "Facility does not meet requirements"

Standard Alignment

Name	Alignment Level
OECD Due Diligence Guidance	Meets
OECD Gold Supplement	Meets
OECD 3T Supplement	Meets
LBMA Responsible Gold Guidance	Meets
FATF Recommendations	Meets

Regulatory Alignment

Name	Jurisdiction	Alignment Level
EU Conflict Minerals Regulation 2017/821	EU	Meets

Scope

Code	Name	Classification
7108	Gold	Harmonized System
8001	Tin	Harmonized System
8103	Tantalum	Harmonized System
8101	Tungsten	Harmonized System

Change Log

1.0.0 (2026-01-01)

Added

Initial profile structure with 23 criteria across 7 categories
Full financial controls suite (FC1-FC5)
All metal-specific criteria (AU, SN, TA, W)
Spanish (es) and Chinese (zh) translations

Profile: RMAP Global Responsible Sourcing Due Diligence Standard for Mineral Supply Chains - All Minerals

RESPONSIBLE MINERALS ASSURANCE PROCESS

GLOBAL RESPONSIBLE SOURCING DUE DILIGENCE STANDARD FOR MINERAL SUPPLY CHAINS

ALL MINERALS

Table of Contents

I. Introduction

II. Standards And Assessment Scope

A. Companies Within the Scope of the Audit

B. Minerals and Materials in Scope

Figure 1: Applicability of All Minerals Standard

C. Add-on

III. Standards And Conformance Criteria

Figure 2: Applicability of Supply Chain Due Diligence (OECD) Conformance Standards

IV. Cross-Recognition

V. Limitations

VI. Upstream Mechanism

VII. Supply Chain Due Diligence

A. Step 1 – Establish Strong Company Management Systems

OECD Step 1A - Adopt and commit to a supply chain policy for minerals

Box 1. Risks Included in the OECD Guidance Annex II Model Supply Chain Policy

OECD Step 1B – Structure internal management to support supply chain due diligence

OECD Step 1C – Establish a system of controls and transparency over the covered minerals supply chain

Standards Setting Organization Requirements for mineral sourcing

Standards Setting Organization Requirements for partially processed material sourcing

Standards Setting Organization Requirements for out-of-scope mineral or material sourcing

Standards Setting Organization Requirements for secondary material sourcing

Standards Setting Organization Requirements for all companies, covered minerals and materials

OECD Step 1D – Strengthen company engagement with suppliers

Standards Setting Organization Requirements

OECD Step 1E – Establish Company Level Grievance System

Standards Setting Organization Requirements

B. Step 2 – Identify and Assess Risks in the Upstream Supply Chain

OECD Step 2.A. – Identify the Scope of the Risk Assessment of the covered minerals Supply Chain

Standards Setting Organization Requirements

OECD Red Flags

C. Step 3 – Design and Implement a Strategy to Respond to Identified Risks

OECD Step 3.A. – Report findings to designated senior management

OECD Step 3.B. – Devise and adopt a risk management plan

OECD Step 3.C. – Implement the risk management plan

OECD Step 3.D. – Undertake additional fact and risk assessments for risks requiring mitigation, or after a change in circumstances

D. Step 4 - Carry Out Independent Third-Party Audit of Company's Due Diligence Practices

E. Step 5 – Report Annually on Supply Chain Due Diligence

Due Diligence Applicable Only for Materials Known or Suspected to be from CAHRAs

OECD Step 1C1 to 1C4 – System of Controls and Transparency

OECD Step 2.B. – Map the Factual Circumstances of the Company's Supply Chain(s), Underway and Planned

OECD Step 2.C. – Assess Risks in the Supply Chain

VIII. Annexes

Annex A: Definition of Terms and Acronyms

Annex F: OECD Step 5 Company Public Report

Annex G: Revision History

CONF: Conformant

ACTIVE: Active

NON-CONF: Non-Conformant

1.0.0 (2026-01-01)

Added