RESPONSIBLE MINERALS ASSURANCE PROCESS

SUPPLY CHAIN DUE DILIGENCE PLUS

Responsible Minerals Initiative (RMI)

• Version: 1.0
• Original Publication: April 30, 2025
• Effective Date: April 30, 2025

TABLE OF CONTENTS

1. Introduction
2. Limitations
3. Eligibility
4. Assurance
5. 6-Step Due Diligence Framework
   • 5.1 Step 1 - Establish Strong Company Management Systems
     • 5.1.1 Policies
     • 5.1.2 Structure Internal Management to Support Supply Chain Due Diligence
     • 5.1.3 Establish a System of Controls and Transparency over the Covered Minerals Supply Chain
     • 5.1.4 Strengthen Company Engagement with Suppliers
   • 5.2 Step 2 - Identify and Assess Risks and Impacts in the Supply Chain
     • 5.2.1 Risk Identification, Assessment and Prioritization
   • 5.3 Step 3 - Manage Risks and Adverse Impacts
     • 5.3.1 Management and Mitigation of ESG Risks
     • 5.3.2 Corrective Action Planning
     • 5.3.3 Disengagement Strategies
     • 5.3.4 Monitor Implementation and Results
   • 5.4 Step 4 - Carry Out Independent Third-Party Audit of Company's Due Diligence Practices
   • 5.5 Step 5 - Communicate How Impacts Are Addressed
   • 5.6 Step 6 - Grievance Mechanism and Access to Remedy
     • 5.6.1 Grievance Mechanisms
     • 5.6.2 Mechanisms to Enable Remedy
     • 5.6.3 Remediation Processes

• Annex I - Glossary

1 INTRODUCTION

The Supply Chain Due Diligence Module Plus (SCDDP) is a voluntary standard developed to assess Eligible Facilities' due diligence practices in association with Environmental, Social, Occupational Health and Safety and Governance (ESG risks). The Module is applicable to all primary, intermediary and secondary minerals across all geographies.

The Module is supplementary to the Global Responsible Sourcing Due Diligence Standard for Mineral Supply Chains: All Minerals (and associated mineral specific Standards) and the Downstream Assurance Program (DAP) Criteria - the "Reference Standards" - which concern themselves with a limited risk scope, as outlined in Annex II of the OECD Due Diligence Guidance for Responsible Minerals Supply Chains from Conflict-Affected and High-Risk Areas (OECD DDGs). The requirements in this Module assume implementation of the Reference Standards and therefore only list the supplementary requirements to meet this additional scope / where it is deemed necessary to support the logical flow of the Module.

The Standard has been developed to support companies in their efforts to meet expanding voluntary and mandatory supply chain due diligence expectations along the full supply chain. It has been developed in alignment with the UN Guiding Principles on Business and Human Rights and the OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas (OECD DDG), with consideration for the six-step framework for risk-based due diligence set forth in the OECD Due Diligence Guidance for Responsible Business Conduct (OECD RBC), OECD Handbook on Environmental Due Diligence in Mineral Supply Chains, and OECD Guidelines for Multinational Enterprises.

Disclaimer: This document should be taken only as a source of information and analysis. It is not given, and should not be taken, as legal advice and the provider of the information will not be held liable for any direct or consequential loss arising from reliance on the information contained herein.

2 LIMITATIONS

This Module outlines requirements that Facilities are expected to undertake to address ESG risks in their supply chain. Facilities are expected, in performance of the Module, to consider all ESG risks in their supply chain, including, where applicable, risks that are not referenced herein.

Although the Module has been developed to support Facilities to put in place measures in support of meeting requirements set out in mandatory supply chain Due Diligence laws, Facilities' performance against the Standard must not be used to imply operating performance beyond the strict scope of the Standard.

Companies / Facilities are expected to undertake steps of their Due Diligence process on a continual basis and these activities are expected to result in improved understanding, identification, and management of ESG risks within their supply chain and within reasonable timescales. Companies / Facilities are expected to use good faith and reasonable efforts in their Due Diligence and are expected to adapt the nature and extent of their processes to their individual circumstances such as company size, location, sector, and the likelihood and severity of identified risks. Companies / Facilities are expected to proactively carry out Due Diligence and to react to changes of circumstances and risks in their supply chain.

3 ELIGIBILITY

Facilities that meet the eligibility criteria as determined in the Reference Standards are eligible for assessment under this module.

Eligible Facilities are listed below by value chain tier in Table 1.

Table 1. Supply Chain Tiers and Eligible Facilities

4 ASSURANCE

The SCDDP assurance process is outlined in detail in the associated RMI Operations Manual. A summary of the procedure is outlined below:

a) An assessment against this Module is referred to as a Responsible Minerals Assurance Process Plus (RMAP+) (for Processors and Upstream Facilities) or Downstream Assessment Process Plus (DAP+) (for Downstream Facilities) (see "Assurance Pathway" in Table 1 above).

b) An assessment of an Eligible Facility can only be conducted in parallel with an assessment of the same Facility under the Responsible Minerals Assurance Process (RMAP) or the Downstream Assessment Program (DAP).

c) RMAP+ and DAP+ assessments may be undertaken with respect to one mineral or multiple minerals, in accordance with the Facility's operations and business needs. Only minerals assessed under RMAP or DAP shall be eligible for assessment.

d) Assessments shall be undertaken by independent third-party assessors managed by the RMI, in accordance with ISO 19011:2018, Guidelines for Auditing Management Systems.

e) Assessed Facilities shall be given an assessment rating that reflects their performance against the Module.

f) Reassessment timeframes are determined in accordance with RMAP and DAP assessment cycles.

5 6-STEP DUE DILIGENCE FRAMEWORK

5.1 STEP 1 - ESTABLISH STRONG COMPANY MANAGEMENT SYSTEMS

5.1.1 POLICIES

5.1.1.1. The Company / Facility shall establish, endorse, and publish a supply chain policy(ies), applicable to itself and its suppliers, which reflects the Company's / Facility's commitment to the responsible management of ESG risks in its supply chain, through the implementation of risk-based due diligence measures as outlined in this Module.

NOTE: RMI may adopt criteria that are more stringent than the local legal requirements of certain jurisdictions, but in no case should Facilities violate local laws to meet the requirements of this Module

• 5.1.1.1.1. The policy(ies) shall clearly detail expectations of suppliers in their upstream supply chain.
• 5.1.1.1.2. Companies may adopt a stand-alone supply chain policy or integrate commitments into existing ESG or supply chain policies.
• 5.1.1.1.3. The policy(ies) may be developed at a Company or group level that covers all Facilities or at a Facility level.

5.1.1.2. In addition to requirements specified in the Reference Standards, the supply chain policy should, at a minimum:

• 5.1.1.2.1. Describe and document the due diligence process(es) implemented by the Company's Facilities / Facility to assess and manage ESG risks in its supply chain.
  • 5.1.1.2.1.1. Companies / Facilities are required to clearly articulate a process for prioritizing salient ESG risks and the approach(es) they will take to managing such risks, including but not limited to, measures for conducting enhanced ESG due diligence when high-priority ESG risks are identified.

5.1.1.3. For Facilities, directly or indirectly sourcing from artisanal and small-scale miners (ASM), they shall verify that internal policies and policies established by its suppliers, include commitments to source from Legitimate ASM only.

5.1.1.4. Facilities shall:

• 5.1.1.3.1. Integrate policy commitments into contracts / agreements with immediate suppliers and require that these are cascaded down through the supply chain.
  • 5.1.1.3.1.1. Where immediate suppliers have a materially comparable policy in place then this requirement can be met through a contractual commitment to meet its own policy commitments rather than those of the Facility.
• 5.1.1.3.2. Make policy(ies) publicly available and communicate them to all relevant stakeholders, including employees, contractors and suppliers, in local languages where necessary.
• 5.1.1.3.3. Periodically, at a minimum annually, review policy(ies) to ensure continued suitability and accuracy of information and update as needed.

5.1.2 STRUCTURE INTERNAL MANAGEMENT TO SUPPORT SUPPLY CHAIN DUE DILIGENCE

5.1.2.1. The Facility shall:

• 5.1.2.1.1. Assign roles and responsibilities for the development and implementation of the due diligence management system(s), including fulfillment of ESG supply chain policy commitments. This includes putting in place accountability for senior management expected to oversee due diligence processes.
• 5.1.2.1.2. Verify that sufficient resources are provided to effectively implement the management system(s).
• 5.1.2.1.3. Provide awareness training to relevant employees on the requirements of the management system(s), their role with respect to management system implementation, and the potential impacts arising from not implementing processes and procedures established to assess, manage and remediate ESG risks.
• 5.1.2.1.4. Develop information and record-keeping systems to collect information on due diligence processes, decision-making, and responses, with a minimum ten-year retention period.

5.1.3 ESTABLISH A SYSTEM OF CONTROLS AND TRANSPARENCY OVER THE COVERED MINERALS SUPPLY CHAIN

5.1.3.1. The Facility is required, irrespective of supply chain tier, to have in place a chain of custody and / or traceability system that enables it to identify upstream actors in the supply chain to the extent necessary to allow it to assess, manage and remediate ESG risks as outlined in 5.2 and 5.3 and 5.6. This includes downstream Facilities ensuring effective systems are put in place between the processor (inclusive of producers of battery anode and cathode ready materials) and the downstream Facility, in order to verify the link between the physical material sourced and the due diligence processes implemented in their upstream supply chains.

5.1.3.2. In fulfilment of 5.1.3.1, the Facility shall:

• 5.1.3.2.1. Implement chain of custody and / or traceability system as outlined in the Reference Standard it is being assessed against, and:
• 5.1.3.2.2. Put in place, as applicable, additional chain of custody and /or traceability systems, as outlined in 5.1.3.3 - 5.1.3.5.
• 5.1.3.2.3. Put in place, as applicable, additional chain of custody and / or traceability systems, to support enhanced ESG due diligence in Conflict-affected and high-risk areas (CAHRAs) and / or where high-priority ESG risks are identified, as outlined in 5.1.3.6 - 5.1.3.8.

5.1.3.3. All Facilities shall:

• 5.1.3.3.1. Disclose chain of custody and / or traceability information with immediate customers subject to limitations in 5.1.3.10.
• 5.1.3.3.2. Collect, retain and disclose, chain of custody and / or traceability information relating to the market transactions in their supply chain from the mine of origin (primary materials) and / or recycler (secondary materials). At a minimum, additional information requirements are:
  • 5.1.3.3.2.1. Details of the facility type where the market transaction took place; and
  • 5.1.3.3.2.2. The country where the market transaction occurred.

5.1.3.4. Processors (inclusive of producers of battery anode and cathode ready materials) and Downstream Facilities shall:

• 5.1.3.4.1. Collect, retain and disclose chain of custody and / or traceability information relating to:
  • 5.1.3.4.1.1. Trade name(s) and description of type(s) of primary and secondary material inputs and outputs / present in products (as applicable)
  • 5.1.3.4.1.2. The weight and grade of primary and secondary material inputs and outputs, where applicable;
    • 5.1.3.4.1.2.1. Records should account for any material transformation at each Facility, where applicable, detailing how this has impacted the weight and grade of the output material vis-a-vis the input material.
  • 5.1.3.4.1.3. Classification as a percentage or weight of primary and secondary material present in products (as applicable).

5.1.3.5. Downstream Facilities shall:

• 5.1.3.5.1. Collect, retain and disclose chain of custody and / or traceability information relating to the name, addresses and business type of immediate suppliers.

5.1.3.6. Where supply chain mapping and chain of custody and / or traceability information indicate that primary materials originated from a CAHRA, Processor and Upstream Facilities shall:

• 5.1.3.6.1. Collect, retain and disclose, chain of custody and / or traceability information relating to the upstream supply chain, to include:
  • 5.1.3.6.1.1. mine of mineral origin;
  • 5.1.3.6.1.2. quantity and dates of extraction;
  • 5.1.3.6.1.3. locations where minerals are consolidated, traded or processed;
  • 5.1.3.6.1.4. records of all taxes, fees, royalties or other payments made to governmental officials for the purposes of extraction, trade, transport and export of minerals;
  • 5.1.3.6.1.5. records of all taxes and other payments made to public or private security forces or other armed groups;
  • 5.1.3.6.1.6. identification of all actors in the upstream supply chain; and
  • 5.1.3.6.1.7. identification of associated transportation routes.

5.1.3.7. Where supply chain mapping and chain of custody and / or traceability information indicates that primary materials originated from a CAHRA, and the suppling Processor has not been third-party assessed against the scope of the present module or other equivalent recognized schemes, downstream Facilities shall:

• 5.1.3.7.1. Collect, retain and disclose detailed upstream chain of custody and / or traceability information collected as outlined in 5.1.3.6.1.

5.1.3.8. Where supply chain mapping and chain of custody and / or traceability information indicates that primary materials may be associated with high-priority ESG risks outside of CAHRAs, Processor and Upstream Facilities shall:

• 5.1.3.8.1. Collect, retain and disclose, chain of custody and / or traceability information relating to the upstream supply chain, to include, at a minimum:
  • 5.1.3.8.1.1. mine of mineral origin;
  • 5.1.3.8.1.2. quantity and dates of extraction;
  • 5.1.3.8.1.3. locations where minerals are consolidated, traded or processed;
  • 5.1.3.8.1.4. identification of all actors in the upstream supply chain; and
  • 5.1.3.8.1.5. identification of associated transportation routes.

5.1.3.9. Where supply chain mapping and chain of custody and / or traceability information indicates that primary materials may be associated with high-priority ESG risks outside of CAHRAs, and the suppling Processor has not been third-party assessed against the scope of the present module or other equivalent recognized schemes, downstream Facilities shall:

• 5.1.3.9.1. Collect, retain and disclose detailed upstream chain of custody and / or traceability information collected as outlined in 5.1.3.8.1.

5.1.3.10. In performance of the Reference Standard and additional requirements outlined in 5.1.3 Facilities may:

• 5.1.3.10.1. Share with their immediate customers pseudonymized and / or aggregated chain of custody and / or traceability information to avoid disclosure of commercially sensitive information.
• 5.1.3.10.2. Avail themselves of pseudonymized and / or aggregated chain of custody and / or traceability information in cases where suppliers are unwilling or unable to share disaggregated information on suppliers for commercial or legal reasons.

5.1.3.11. Facilities shall nevertheless be responsible for ensuring that the information shared by immediate suppliers supports a complete and accurate assessment of ESG risks associated with suppliers and that commercial confidentiality does not impede risk assessment, risk management or remediation requirements laid out in 5.2., 5.3 and 5.6.

• 5.1.3.11.1. Facilities may utilize, but not solely rely upon, the results of third-party assessment reports of suppliers against the scope of the present module or other equivalent recognized schemes.
• 5.1.3.11.2. Where supplier disclosures are deemed to be insufficient to meet the requirements of this Module, Facilities are required to work with their direct suppliers to support the continuous improvement of their systems.

5.1.4 STRENGTHEN COMPANY ENGAGEMENT WITH SUPPLIERS

5.1.4.1. The Facility shall:

• 5.1.4.1.1. Communicate its ESG expectations concerning its business relationships to its suppliers, including grounds for terminating the contract due to failure to meet expectations. Where possible and practicable, such expectations shall be included in formal business agreements and/or contracts.
• 5.1.4.1.2. Implement a documented engagement plan to promote positive long-term relationships with suppliers to increase leverage over the Due Diligence performance of those suppliers and ensure inclusive and meaningful engagement early in the Due Diligence process, and frequently and collaboratively thereafter. This shall include measures to identify and understand the capacity and limitations of its suppliers, considering the potential for conflicting expectations placed on its suppliers by other entities. The Facility's supplier engagement plans shall include measures to improve the capabilities of suppliers over time to meet ESG commitments.
• 5.1.4.1.3. Establish a separate engagement plan to manage business relationships with Legitimate ASM, aimed at supporting formalization and improvement of their ESG practices, where the Facility is directly or indirectly sourcing from ASM.

5.2 STEP 2 - IDENTIFY AND ASSESS RISKS AND IMPACTS IN THE SUPPLY CHAIN

NOTE: Risk-based Due Diligence means that the measures a company takes to conduct Due Diligence are commensurate to the severity and likelihood of the adverse social or environmental impact. When the severity and likelihood of an adverse impact is high, then Due Diligence should be more extensive. Where it is not feasible to address all identified impacts at once, a company should prioritize the order in which it takes action based on the severity and likelihood of the adverse impact. In determining how to prioritize risks, the severity of the (actual or potential) adverse impact takes precedence over likelihood. Companies should be prepared to explain their decisions in relation to risk prioritization to stakeholders and auditors. Where companies are placing reliance on the Due Diligence undertaken by suppliers, they should satisfy themselves that suppliers' risk prioritization decisions are aligned with what they also consider reasonable, as the company remains accountable for ensuring adequate risk-based Due Diligence is undertaken in their supply chain, even if they did not directly undertake the Due Diligence themselves.

5.2.1 RISK IDENTIFICATION, ASSESSMENT AND PRIORITIZATION

5.2.1.1. The Facility shall design, document and implement a process to identify, assess and prioritize ESG risks in their supply chain, taking account of, but not limited to, the non-exhaustive list of ESG risk categories outlined in Table 2 below.

• 5.2.1.1.1. Risk assessment and prioritization should be reactive to, and account for, changes to the Facility's ESG risk supply chain resulting from, without limitation, changes to the Facility's organizational structure, business relationships, activities and operating environment.
• 5.2.1.1.2. This step is inextricably linked to the risk identification and assessment process in the Reference Standards, which outlines detailed requirements for CAHRA determination, plausibility assessment and Red Flag review, and should be conducted in parallel.

Table 2. Representative Supply Chain ESG Risk Categories

5.2.1.3. ESG risk identification, assessment and prioritization activities shall be conducted by the Facility, documented in a report, updated at a minimum annually, and include:

• 5.2.1.5.1. A review of data collected through the system of controls and transparency, if available, or alternatively, a mapping of known and potential supply chain relationships to ensure risk assessment activities relate to the supply chain activities of the Facility.
• 5.2.1.5.2. An assessment of global, regional, and local ESG Risk data from diverse sources (media, reports, databases, industry schemes, academia, risk indices etc.) relating to identified producer countries and countries through which the material has transited, in scope minerals, and suppliers.
• 5.2.1.5.3. Where available, a review of data resulting from due diligence activities outlined in 5.3 and 5.6, as well as supplier third party-audit reports (public or, where available, full) and supplier public reporting.
• 5.2.1.6.1. A plausibility assessment of declared origin of supplier material feedstock (see 5.1.3) against credible data sources relating to reserves, production and export statistics of covered minerals in order to reconcile material flows with ESG risk assessment. Plausibility assessment requirements apply equally to primary and secondary materials.
• 5.2.1.6.2. An assessment, with regard for information obtained through the implementation of its chain of custody and / or traceability system, to determine whether ASM is present within its supply chain, including the presence of ASM in areas that the Facility's suppliers, or upstream supply chain actors operate in.
  • 5.2.1.6.2.1. Where ASM is identified, the risk assessment and prioritization process should account for sub-sector specific risks.
• 5.2.1.6.3. An assessment of the credibility of information / data sources used to inform the scoping assessment.
• 5.2.1.6.4. A disclosure, backed by a clear rationale and evidence, demonstrating ESG risks that are not present in the supply chain of the Facility and therefore out of scope of the assessment.
  • 5.2.1.6.4.1. The Facility can only decide that a requirement is not applicable if its decision will not affect its ability or responsibility to ensure the conformity of its management system and the enhancement of ESG performance across its supply chain.
• 5.2.1.6.5. A gap assessment to identify and document any gaps or discrepancies in information relating to suppliers and their associated activities. Where gaps are identified, Facilities shall conduct further investigation to close gaps in a timely manner, in accordance with assessed risk associated with such gaps.
• 5.2.1.6.6. A robust methodology for the ranking of risks based on saliency (severity of potential impact and likelihood of occurrence, with precedence given to severity), in alignment with the UN Guiding Principles on Business and Human Rights.
  • 5.2.1.6.6.1. The methodology should establish clear triggers (thresholds) for what constitutes a high-priority risk.
    • 5.2.1.6.6.1.1. Critical ESG risks, as outlined in Table 3, should automatically be considered high-priority risks.
    • 5.2.1.6.6.1.2. Special consideration shall be given to human rights impacts concerning vulnerable or marginalized.
• 5.2.1.6.7. A typology of risks according to priority in accordance with the methodology outlined in 5.2.1.6.6.
  • 5.2.1.6.7.1. High-priority risks shall be clearly outlined and earmarked for more immediate enhanced ESG due diligence activities, which include, but may not be limited to:
    • 5.2.1.6.7.1.1. Conducting in-depth risk-assessment activities (see 5.2.1.7);
    • 5.2.1.6.7.1.2. Putting in place enhanced chain of custody and / or traceability systems (5.1.3.6);
    • 5.2.1.6.7.1.3. Establishing risk specific strategies and management plans (5.3.1);
    • 5.2.1.6.7.1.4. Implementing and monitoring supplier corrective action plans (5.3.2, 5.3.4).
    • 5.2.1.6.7.1.5. Remediating impacts, as required (5.6).

TABLE 3: Critical ESG Risks

Critical ESG risks refer to risks that require an immediate response from the Facility. All critical ESG risks must be considered high-priority risks as part of a Facility's risk prioritization process. Critical ESG risks are broken down into two categories of risk, which require different management responses.

Category 1 critical ESG risks refer to risks that require immediate disengagement. Although Facilities are required to immediately suspend or disengage from supply chains where there is reasonable risk that they are sourcing from, or linked to, any party committing serious abuses, this does not absolve them of the responsibility to conduct responsible disengagement, in line with the UNGPs, which includes supporting effective remediation of any impacts. Category 1 critical ESG risks relate to serious human rights abuses and direct or indirect support to non-state armed groups per Annex II of the OECD Due Diligence Guidance (see definitions) and fraudulent misrepresentation of the origin of minerals.

Category 2 critical ESG risks refer to risks that require immediate mitigation (see 5.3.3) / or remediation measures (see 5.6) to be put in place. Category 2 ESG risks relate to direct or indirect support to public or private security forces, money laundering, bribery, non-payment of taxes, fees and royalties to governments, and severe harm to human rights and the environment, including but not necessarily limited to child labor; flagrant OHS risks that pose immediate and substantial threat to life, limb, or corporal function, or irreversible or long-term damage to the environment and ecosystems.

5.2.1.7. The Facility shall devise, document and implement a clear strategy to conduct increasingly in-depth risk assessment activities on an ongoing basis for high-priority ESG risks.

• 5.2.1.7.1. Appropriate techniques, as applicable, in accordance with the assessed risk-level, may include, without limitation, desk-based and/or in-person supplier risk assessment and consultation with relevant stakeholders (such as affected stakeholders, government bodies and civil society).
• 5.2.1.7.2. In-depth risk assessment activities for high-priority ESG risks shall not, without exception, be used to imply fulfilment of requirements for on-the-ground risk assessment (OTG) in the Reference Standards. OTG in CAHRAs may, however, be leveraged to assess a broader scope of high-priority ESG risks, thereby contributing to fulfilment of the requirements in this Module.
• 5.2.1.7.3. The outcomes of these in-depth risk assessment activities should result in the periodic review and revision of high-priority ESG risks as well as a rapid escalation protocol for instances where high-priority ESG risks or impacts requiring immediate attention emerge.

5.2.1.8. The Facility shall establish a clear and verifiable link between findings of its risk identification, assessment and prioritization activities and its risk management response.

5.3 STEP 3 - MANAGE RISKS AND ADVERSE IMPACTS

NOTE: The Facility could use publicly available indices to develop a framework assessing risks associated with country risk and raw material risk that could weaken the effectiveness of standards (e.g., rule of law) or require additional measures to mitigate risk. The assessment can be based on internationally recognized indicators for ESG (e.g., World Bank Ease of Doing Business, Fragile States Index) combined with publicly available research of ESG databases for the selected indicators (e.g., Water Scarcity Atlas, IBAT, UN endangered species). It can also take into consideration any country-specific issues that could inhibit the feasibility of undertaking enhanced Due Diligence activities. The RMI Global Risk Map provides a list of ESG indicators and indices and is available to RMI members and Facilities participating in the RMI assessments.

5.3.1 MANAGEMENT AND MITIGATION OF ESG RISKS

5.3.1.1. Based on the results of ongoing ESG risk identification, assessment and prioritization, the Facility shall:

• 5.3.1.1.1. Develop an overarching process to ensure that the management and mitigation of high-priority ESG risks is embedded in business decisions.
• 5.3.1.1.2. Communicate findings of ESG risk assessment to senior leadership and other key departments, including procurement.
• 5.3.1.1.3. Establish and implement decision-making processes at senior management level to incorporate findings of the ESG risk assessment into the Facility's:
  • 5.3.1.1.3.1. supplier engagement strategy, and
  • 5.3.1.1.3.2. responsible purchasing / procurement decisions, as necessary.
• 5.3.1.1.4. Endorse high-priority ESG risks identified and establish risk specific strategies and management plans associated with high-priority ESG risks as identified in Section 5.2 above, accounting for critical ESG risk categories and required responses:
  • 5.3.1.1.4.1. Identification of Category 1 critical ESG risks requires the Facility to immediately suspend or disengage with suppliers where there is reasonable risk that they are sourcing from, or linked to, such risks.
    • 5.3.1.1.4.1.1. Disengagement shall be managed responsibly, in line with the UN Guiding Principles on Business and Human Rights (UNGPs) and does not absolve the Facility of the responsibility to support access to effective remediation for affected stakeholders.
  • 5.3.1.1.4.2. Identification of Category 2 critical ESG risks requires the Facility to implement immediate mitigation and / or remediation measures, where there is reasonable risk that they are sourcing from, or linked to, such risks.
    • 5.3.1.1.4.2.1. Where mitigation is ineffective after a period of six (6) months, disengagement for a minimum period of three (3) months is required.
• 5.3.1.1.5. Risk specific strategies and management plans should be updated periodically to reflect changes in ESG risk priorities, and changes in the Facility's organizational structure, business relationships, activities and operating environment.

5.3.2 CORRECTIVE ACTION PLANNING

5.3.2.1. The Facility shall prioritize communication with suppliers in the first instance to prevent, mitigate or remediate (in order of priority) using leverage from contractual commitments, which shall include policy commitments to manage ESG risks.

5.3.2.2. Where initial engagement is unsuccessful, the Facility shall support the development of supplier corrective action plans (CAPs) including assessing and documenting the plausibility of the measures they intend to put in place to reduce risks and / or respond to impact, within a maximum of six (6) months[^1].

• 5.3.2.2.1. CAPs shall be developed in consultation with affected stakeholders, and governments, where appropriate.

5.3.2.3. The Facility shall encourage the supplier(s) causing or contributing to the adverse impact to engage with impacted or potentially impacted affected stakeholders, and local and national government, during the design and implementation of the CAPs.

5.3.2.4. Progress towards closing CAPs shall be monitored and updated accordingly to ensure continuous improvement within reasonable timeframes.

5.3.2.5. CAPs shall focus on outcomes to address (prevent, mitigate, remediate) risks and impact and not just improvement of supplier(s)'s management systems established for this purpose.

5.3.2.6. In some instances, it may be necessary to temporarily suspend procurement activities, in consultation with affected stakeholders, until reasonable progress is made in relation to CAPs. These decisions and associated actions shall be documented.

[^1]: The effectiveness and reasonableness of the agreed upon actions and associated timeframes shall be determined by facility in collaboration with its supplier and shall be assessed for credibility by the auditor.

5.3.3 DISENGAGEMENT STRATEGIES

5.3.3.1. Disengagement strategies shall be considered as a last resort after failed attempts at mitigation, or where the Facility deems mitigation is not feasible, or because of the severity of the adverse impact. This decision shall be informed by progress against the CAPs, good faith efforts by the supplier to effectuate change as outlined in the CAPs, whether or not the supplier is directly or indirectly responsible for the impacts, and whether or not alternative CAP measures can be agreed to more effectively prevent, mitigate and remediate the residual impacts.

• 5.3.3.1.1. Note, immediate disengagement is required when Category 1 critical ESG risks are identified.

5.3.3.2. Disengagement, when undertaken, shall follow a minimum three-month period of temporary suspension. The Facility shall ensure that business relationships are terminated in a responsible manner, in alignment with the UNGPs, with consideration for the potential adverse social and economic impacts associated with termination.

• 5.3.3.2.1. Where supplier activities may be difficult to stop due to operational, contractual or legal obligations, the Facility shall develop a strategy for how to cease said activities, in consultation with top management, in-house legal counsel and affected stakeholders and suppliers.

5.3.4 MONITOR IMPLEMENTATION AND RESULTS

5.3.4.1. The Facility shall:

• 5.3.4.1.1. Establish mechanisms to monitor implementation and effectiveness (i.e., achievement of desired outcomes) of the Facility's supply chain due diligence activities in managing ESG risks and impacts of its suppliers, against established commitments and CAPs.
  • 5.3.4.1.1.1. Results of CAPs should be monitored at a minimum every six (6) months.
• 5.3.4.1.2. Identify and document lessons learned based on implementation and monitoring results, including where suppliers are not effectively responding to risks, to identify opportunities to engage supply chain partners in modifying, enhancing and improving their due diligence processes.
  • 5.3.4.1.2.1. The Facility shall report back to senior management on performance against risk mitigation efforts.
• 5.3.4.1.3. Ensure closure of high-priority ESG risks feeds back into risk prioritization processes whereby, over time, second and third priority ESG risks are elevated to become the priority and therefore subject to further in-depth risk assessment and management activities.
• 5.3.4.1.4. Periodically evaluate implementation and performance of the Facility's management system to ensure it is understood by employees and suppliers, appropriately implemented, and effective. At a minimum, the Management System shall be reviewed annually.

5.4 STEP 4 - CARRY OUT INDEPENDENT THIRD-PARTY AUDIT OF COMPANY'S DUE DILIGENCE PRACTICES

5.4.1. The Facility shall plan and undergo an independent third-party audit of the Facility's due diligence relating to ESG risks in its supply chain, covering the scope of the requirements in this Module.

5.4.2. Audits focused on the applicable scope of ESG risks shall be planned and conducted in parallel with assessments covering requirements in the Reference Standards.

5.4.3. The Facility shall ensure that it is adequately prepared with samples of relevant documentation available to be reviewed in preparation or performance of the audit and must allow auditors access to Facilities, personnel and all documentation and records of supply chain due diligence relevant to the scope of the audit.

5.5 STEP 5 - COMMUNICATE HOW IMPACTS ARE ADDRESSED

5.5.1. The Facility shall, through either a dedicated ESG Due Diligence report, a combination of separate reports, or through the incorporation of required content in existing reports:

5.5.1.1. Publicly disclose information on its supply chain Due Diligence processes annually. This includes a description of:

• 5.5.1.1.1. The management system and supply chain policy(ies). The description should indicate the location of the publicly available supply chain policy(ies).
• 5.5.1.1.2. Internal governance structure and accountabilities, measures taken to meet Policy commitments, ESG risk identification and assessment activities, information on the high-priority ESG risks within the Facility's minerals supply chain including the prioritization criteria, descriptions of identified risks, the nature of the risks, and aspects of the supply chain impacted.
• 5.5.1.1.3. The Facility's ESG risk management strategy, risk specific strategies and corrective actions plans implemented with suppliers to prevent and mitigate identified risks within the supply chain. This should include information on the progress of implemented corrective actions and details of consultation efforts, including but not limited to affected stakeholders and government.
• 5.5.1.1.4. Mechanisms to monitor implementation of actions and results, details of the grievance mechanism, and the Facility's provision of or co-operation in any corrective actions for remediation.
• 5.5.1.1.5. The Facility's record-keeping system. This information may be integrated into the Company's annual sustainability reports, a distinct section of the Step 5 Due Diligence reports (required in performance of the Reference Standards) and/or published under a separate cover.

5.5.2. The Facility shall:

5.5.1.2. Disclose the results of the third-party supply chain due diligence assessment against this Module and other relevant RMI Standards assessed.

5.5.1.3. Disclose to suppliers and stakeholders upon request:

• 5.5.1.3.1. An assessment summary report with company details, the date of the assessment, the assessment period, assessment activities, assessment methodology, and assessment conclusions, including corrective actions and outcomes of the correct action process.
• 5.5.1.3.2. Information on the systems and processes used to disclose relevant information to suppliers and other stakeholders within its supply chain.
• 5.5.1.3.3. Gaps in the chain of custody and / or traceability information, noting the implications of such gaps in the implementation of due diligence, and detailing actions planned to close information gaps.
• 5.5.1.3.4. Information in a way that is transparent, verifiable, easily accessible, culturally appropriate, and in compliance with reporting requirements set forth in national regulations.
  • 5.5.1.3.5.1. For human rights impacts identified, communicate information to impacted or potentially impacted stakeholders in a timely, culturally sensitive and accessible manner, and respond to relevant concerns that are raised by affected stakeholders or on their behalf.

5.5.2. All information disclosed shall take into account business confidentiality and other competitive concerns including price information and supplier relationships.

5.6 STEP 6 - GRIEVANCE MECHANISM AND ACCESS TO REMEDY

NOTE: This step represents an addition to the five-step process used in RMAP and aligns this Standard with OECD Guidelines that employ a sixth step concerning remediation. As per these Guidelines, "Remediation" and "remedy" refer to the processes of restoring an affected person or persons (or the environment) to the situation it or they would be in had the adverse impact not occurred. Under the OECD Guidelines there is an expectation that enterprises remediate impacts that they cause, or contribute to, or seek to influence remediation by a business relationship where they are directly linked to an impact. In situations of direct linkage, the emphasis is on checking that supplier remediation activities and mechanisms, such as grievance mechanisms, are effective.

5.6.1 GRIEVANCE MECHANISMS

5.6.1.1. The Facility shall establish and require its suppliers to establish a grievance mechanism(s), available and accessible to all stakeholders, that is legitimate, accessible, transparent, predictable, equitable, rights-compatible and a source of continuous learning based on stakeholder engagement, in alignment with the UN Guiding Principles on Business and Human Rights and the requirements outlined in this section. This includes:

• 5.6.1.1.1. Specific processes for receiving complaints from certain groups (e.g., employees, consumers, local communities) or generalized processes through which multiple groups can raise complaints with the Facility. This includes informal (ad hoc) or formalized processes for receiving complaints that relate to a salient issue.
• 5.6.1.1.2. Mechanisms making it possible for grievances, once identified, to be addressed and for adverse impacts to be remediated early and directly by the Facility and / or suppliers (as applicable), thereby preventing harms from compounding and grievances from escalating.
• 5.6.1.1.3. Processes or practices for checking whether individuals feel able to raise complaints, which are:
  • 5.6.1.1.3.1. free of discrimination;
  • 5.6.1.1.3.2. free of bias; and
  • 5.6.1.1.3.3. culturally appropriate for the groups concerned.
• 5.6.1.1.4. Ensuring complaints raised with the Facility and suppliers are processed within prescribed time limits, or otherwise within a reasonable amount of time proposed solutions have been shared and (where feasible) discussed with complainants.
• 5.6.1.1.5. Seeking feedback from those who have brought complaints, using appropriate methods to ensure their perceptions are accurately captured.

5.6.2 MECHANISMS TO ENABLE REMEDY

5.6.1.2. The Facility shall:

• 5.6.1.2.1. Establish mechanisms to enable effective remedy for adverse impacts, in line with risk management / mitigation approaches within the Facility's supply chain, ensuring remediation mechanisms are made available to affected stakeholders, including but not limited to:
  • 5.6.1.2.1.1. Non-judicial mechanisms and operational grievance mechanisms (see above);
  • 5.6.1.2.1.2. The holding of adequate and secure financial securities or establishment of insurance mechanisms;
  • 5.6.1.2.1.3. Collaborative industry action to leverage and support remediation activities; and
  • 5.6.1.2.1.4. Legal action (prosecution, litigation and arbitration) to finance, accelerate and enforce mechanisms.
• 5.6.1.2.2. Provide clear information and guidance on how stakeholders can access remedy mechanisms.
• 5.6.1.2.3. Ensure remedy mechanisms are accessible, transparent, accountable, and available to all affected stakeholders, including workers, communities, and other relevant parties.
• 5.6.1.2.4. Facilitate stakeholder engagement and participation in the design and implementation of remedy mechanisms.
• 5.6.1.2.5. Where the Facility has participated in remedy, remedies agreed through this process are viewed as timely, acceptable and effective by the complainants or (where not the same) by the recipients of the remedy.
• 5.6.1.2.6. Where complainants / recipients do not consider the remedy satisfactory, that they found the process itself to be fair and respectful.
• 5.6.1.2.7. Regularly review and improve remedy mechanisms to ensure their effectiveness and responsiveness to stakeholder needs.
• 5.6.1.2.8. Document and track all remediation actions and outcomes, ensuring transparency and accountability.

5.6.3 REMEDIATION PROCESSES

5.6.1.3. The Facility shall:

• 5.6.1.3.1. Work with relevant suppliers to ensure timely and adequate remedy is provided that is proportionate to the significance and scale of the adverse impact, with due regard for direct and indirect causality. These include impacts caused or contributed to by the supplier.
  • 5.6.1.3.1.1. Immediate action is expected when critical ESG risks are identified, resulting in impact(s) to affected stakeholders.
  • 5.6.1.3.1.2. Importantly, disengagement from a supplier and associated supply chain does not absolve the Facility of responsibility to support effective access to remedy for impacts that it may have directly or indirectly contributed to.
• 5.6.1.3.2. Where conflicting expectations exist regarding remedy, engage with its suppliers to identify appropriate, proportionate and (where possible) consensus-based solutions, taking into account the roles and responsibilities of the Facility and suppliers for disposing of remedy, with due regard for causality.
• 5.6.1.3.3. Engage with affected stakeholders to understand their needs, ensure their participation in the remediation process, and assess whether remedies implemented are achieving the desired results.
• 5.6.1.3.4. Establish a process to provide for financial and non-financial remedy (e.g., acknowledgement and apology, or rehabilitation and support) to affected stakeholders as required.
• 5.6.1.3.5. Ensure results of investigations are made freely available to affected stakeholders.
• 5.6.1.3.6. Take into consideration legal obligations, stakeholder preferences, availability of mechanisms, the nature of the adverse impact and where the adverse impact occurs when developing and implementing remediation actions.

ANNEX I - GLOSSARY

Copyright 2025 Responsible Business Alliance. All Rights Reserved.

1.0.0 (2026-01-01)

Added

• Initial profile structure with 8 criteria across 2 categories
• OECD core plus full supply chain criteria
• SC5 Risk Management always applies (not conditional)
• Spanish (es) and Chinese (zh) translations