U.S. economic sanctions, for years relatively stable in their targeting of the “usual suspects,” state sponsors of terrorism and shadowy drug traffickers have gone into overdrive of late. Since the year began, the Obama administration handed out multibillion dollar fines against European banking giants and layered on complex new prohibitions on dealings with companies in Russia and Ukraine, jihadis in Pakistan, Iraq and Syria, and Venezuelan government leaders. All this comes as talks that could see sanctions on Iran lifted or at least lessened are moving ahead.

Given all this activity, one might be excused for missing the fact that the Treasury Department’s Office of Foreign Asset Control (OFAC) has broadened the sanctions net cast at companies doing business with the Democratic Republic of Congo (DRC). Excused, that is, unless one were a U.S. company required to file annual reports with the Securities and Exchange Commission (SEC).

The issue originates in the long-running wars centered on the mineral-rich DRC, where rebel groups and neighboring countries have taken advantage of the weak central government to illegally mine and export valuable minerals that make their way into global supply chains. OFAC’s sanctions, originally issued by George W. Bush in a 2006 Executive Order, target individuals and certain entities not only in DRC but in nine neighboring countries (Burundi, Rwanda, Republic of Congo, Uganda, Tanzania, Zimbabwe, Zambia, Mozambique and South Sudan) as well.

President Obama’s Executive Order issued on July 8 goes well beyond the original Bush order, adding language that bans “the illicit trade in natural resources of the DRC.” This, together with a separate reporting requirement introduced in the 2010 Dodd-Frank financial reform law, has vastly expanded the scope of current corporate obligations when it comes to keeping so-called “conflict minerals” out of U.S. jewelry boxes and out of the inventories of companies that use imported minerals and precious metals in their manufacturing processes.

In effect, this is no longer simply about mines and minerals: This is a requirement for a scrutiny, purging and auditing of global supply chains in manufacturing, technology, jewelry and a host of related sectors. Such a lift has understandably been met with slow response from companies struggling to determine not only the extent and applicability of the reporting obligation, but how to harness already strapped compliance resources that also must address complex anti-corruption and export controls risks, among others.

Since June 2, 2014, Section 1502 of the Dodd-Frank law has required that companies operating in the United States must file a report with the SEC annually to identify the source country of any imported metals used in manufacturing or other processes. Some 1,300 companies filed by the deadline — far less than the 6,000 SEC had expected — and surveys of those filings found a wide variance in the detail and seriousness of the due diligence practiced.

Again, some of this disparity likely reflects confusion over a complex new requirement. But the notion that resistance is the product of companies balking at yet another expensive regulatory compliance regime is also as likely. A lawsuit filed by the National Association of Manufacturers, U.S. Chamber of Commerce and the Business Roundtable, seeks to declare the rule arbitrary. In July 2013, the U.S. Circuit Court for the District of Columbia affirmed the SEC’s jurisdiction, but the issue remains on appeal.



Five milestones in the Dodd-Frank whistleblower reward program

SEC chair White says there’s ‘work to do’ in implementing Dodd-Frank

Signs of success of Dodd-Frank law in eastern Congo mines



The SEC has some discretion in enforcement, and for the first two years of he reporting requirement (2013, 2014), large companies can classify some of their inventory as “undeterminable.” But that luxury ends in 2015, meaning that supply chains, subcontractors and recently acquired subsidiaries overseas all could soon come in for increased scrutiny. In the meantime, companies would be risking serious fines and significant reputational damage by ignoring the new requirements. So the question arises, what can be done?

Control Risks recommends companies take a serious look at their supply chains in light of the OECD’s 2011 guidance on the topic (Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas), which was the acknowledged inspiration for the SEC requirements. As the filings in June showed, the detail required to comply with the new rule is uncertain, and the SEC is likely to be lenient — at least until a few cycles have passed.

Companies should also examine their current compliance programs for opportunities to leverage already-in-place policies, training programs and controls that address other compliance areas but can be modified or augmented to address the conflict minerals risk issue. It is helpful to remember that the region most affected also happens to be an area of high corruption and export controls risk. Robust vendor on-boarding and due diligence programs, for example, are worth examining.

A broader risk assessment of involvement in some of the region’s most fragile countries is also warranted. NGO activity in places like Congo, Sierra Leone and Mali is making material from suspect sources easier to trace. Put simply, what once were gray areas, both legally and logistically, are coming into much sharper focus.

It has been clear from most of the recent regulatory settlements that some effort is better than none, and being able to demonstrate a tangible tone-at-the top is a good place to start building a potential defense to an enforcement action. The government does seem to credit for trying, even if the flood of new requirements lacks guidance and remains untested. No one wants to be the test case.