WHY
The new requirements governing compliance with due diligence obligations (corporate responsibility) entail a statutory audit requirement for Compliance Management Systems (CMS) (see Art. 964k (3) of the Swiss Code of Obligations (CO)). Child labour – unlike minerals and metals – is not subject to any statutory audit requirement. To provide companies an understanding, the WHO (the parties affected), the WHEN and WHAT (the statutory requirements) and the HOW (the audit) are addressed below. An external CMS audit is an adequacy assessment with negative assurance which – by analogy with audits of the Internal Control System (ICS) conducted within the scope of ordinary audits (audit of annual financial statements) – extends beyond a pure audit of the system’s existence but does not provide any positive assurance. It is important that future developments in Swiss legislation on the reporting of non-financial information and on compliance with due diligence obligations are compatible with EU/international legislation, and that the remaining scope for action is used in the interest of Switzerland, as a country dominated by SMEs.
WHO
Scope / Companies affected:
In contrast to large, public-interest entities that are affected by annual reporting on non-financial matters (classified as companies with more than 500 employees and over CHF 20 million in total assets or CHF 40 million in sales revenue), there are no comparable size criteria in the issue of compliance with due diligence obligations. Instead, the scope of application is defined as companies that import minerals or metals containing zinc, tantalum, tungsten or gold from conflict-affected or high-risk areas or process these in Switzerland and exceed specific import and processing volumes (see Art. 4 or Annex 1 of the Ordinance on Due Diligence and Transparency in relation to Minerals and Metals from Conflict-Affected Areas and Child Labour (DDTrO)).
Companies are obliged to assess whether minerals and metals originate from conflict-affected or high-risk areas if the defined import and processing volumes are exceeded. If the minerals and metals do not originate from a conflict-affected or high-risk area, the company must document this conclusion and is exempt from the related due diligence and reporting obligations.
In group structures, the import and processing volumes relate to all Swiss entities of the group of companies.
WHEN
The reporting obligation of the companies applies for the first time for the 2023 financial year, meaning that the first audit to be subject to compliance with the due diligence obligations will take place in 2024.
WHAT
Compliance with due diligence obligations (Board of Directors' Responsibilities) – statutory requirements (Art. 964k CO):
- Companies must maintain a Compliance Management System and, within this, define the supply chain policy for minerals and metals potentially originating from conflict-affected or high-risk areas as well as a supply chain tracking system.
- Companies must draw up a risk management plan and take measures to minimise the identified risks.
- Companies must have compliance with due diligence obligations in relation to minerals and metals audited by an independent expert. Child labour – unlike minerals and metals – is not subject to any statutory audit requirement.
The due diligence obligations are not an obligation with respect to achieving a certain result, but rather an obligation to make every effort to act with the utmost care. The purpose of the due diligence audit is to enable companies to identify, prevent or mitigate negative impacts of their activities on the rights of affected parties and the environment.
The due diligence obligations in relation to conflict minerals include the following five elements:
- Establishment of a supply chain policy.
- Reporting procedure for early risk detection.
- Supply chain tracking system.
- Risk management.
- Audit of compliance with due diligence obligations by an audit firm.
Penal provisions: Pursuant to Art. 325ter of the Swiss Criminal Code (SCC), misstatements in the report, the failure to conduct proper reporting or breaches of the legal requirement to retain materials and to document processes are punishable by law. The fines for gross negligence or wilful misconduct range from CHF 50,000 to CHF 100,000.
HOW
Audit of compliance with due diligence obligations (audit firms' responsibilities):
According to the ordinance, an audit firm licensed (by the FAOA1) as an audit expert examines whether circumstances exist indicating non-compliance with due diligence obligations (so-called negative assurance).
This independent audit can only confirm compliance with a selected framework (audit of target situation vs actual situation). The audit takes the form of an adequacy assessment of the Compliance Management System with negative assurance pursuant to Swiss Auditing Standard 980 outlining the principles for auditing Compliance Management Systems.
The audit firm assesses whether the company’s supply chain policy and supply chain tracking system are adequately presented in the legally defined areas and assesses their adequacy to identify and evaluate risks of adverse impacts.
The audit comprises (1) the identification and assessment of risks, (2) the risk management plan and (3) the measures to minimise the identified risks.
1 Federal Audit Oversight Authority