Responsible Gold Guidance V9

Step 4. Obtain Independent Third-Party Assurance on Supply Chain Due Diligence Practices

The objective of Step 4 is for Refiners to have their supply chain due diligence policies and processes, applicable to each gold refinery, independently assured by an LBMA approved Assurance Provider.

The independent assurance provides the Board, LBMA and external stakeholders with the comfort that the Refiner’s supply chain due diligence policies and processes are appropriately designed, and are effectively operating to meet the objectives of the RGG and to protect gold supply chains against the material threat of finance risks and ESG factors.

4.1 Assurance requirements

Assurance Provider independence and competency

The Board Committee is responsible for the approval of a third-party Assurance Provider, and must ensure that it is independent of the organisation and has the requisite competencies, experience and capacity to carry out the engagement. LBMA has aligned assurance independence requirements to the EU mandatory audit firm rotation12 and Refiners must rotate Assurance Providers every ten years on a comply or explain basis, subject to LBMA approval. Where audit firm rotation is not a viable option, the Refiner should at a minimum rotate the Assurance Partner responsible for signing off on the engagement.13

LBMA undertakes a rigorous Assurance Provider approval and monitoring process, and Refiners must select an Assurance Provider from the Approved Service Providers List (available on www.lbma.org.uk).

Assurance objective

The Assurance Provider is expected to express a conclusion on whether the Refiner’s annual reporting (refer to Step 5 of this Guidance) fairly describes the Refiner’s activities and on the Refiner’s management’s overall conclusion on meeting the objectives of the RGG. It is designed to enhance the intended users’ degree of confidence in the Refiner’s public Compliance Report and the confidential Country of Origin Annex.

Refiners must grant Assurance Providers the requisite access to relevant sites, personnel, documentation (including previous years’ management reports) and data in order for them to perform their duties.

Assurance standards

LBMA will only accept an assurance engagement performed in accordance with the ISAE 3000 revised assurance standard. A reasonable level of assurance should be carried out in year one of implementation or appointment of new Assurance Provider. Refiners may select a limited level of assurance for the next two years only if medium-risk or high-risk, or indeed zero-tolerance non-conformances are not identified during the reasonable or limited assurance engagements. Reasonable assurance is mandated every three years; however, Refiners may choose this level of assurance each year. The required assurance frequency should increase if instances of non-conformance are identified or if there is a significant change of circumstance in the Refiner’s supply chain.

LBMA has prepared detailed Third-Party Assurance Guidance for the application of ISAE 3000 to this type of engagement (which is available on www.lbma.org.uk). Refiners should consult this document to support their preparation for the assurance engagements.

Assurance period

Assurance of the Refiner’s conformance to the RGG is required on an annual basis (in accordance with the assurance standards section above) within three months of its financial year end and should cover the supply chain due diligence activities over a 12-month reporting period.

Assurance deliverables

The assurance deliverables should include three key reports, as described below:

1. Independent Assurance Report on the Refiner’s Compliance Report (Public)

This report is addressed to the Refiner’s Board of Directors and states the Assurance Provider’s conclusion on the Refiner’s Compliance Report. This Assurance Report must be publicly disclosed alongside the Refiner’s Compliance Report, or it should be made clear how it can be accessed by intended users.

2. Independent Assurance Report on the Refiner’s Country of Origin Annex (Confidential)

This report is also addressed to the Refiner’s Board of Directors and states the Assurance Provider’s conclusion on the information included in the Country of Origin Annex. As the Country of Origin Annex is a private document, the corresponding Assurance Report will also be a private report for the Refiner and LBMA. It may be shared with other stakeholders at the Refiner’s discretion.

3. Report to Refinery Management (Confidential)

A report issued by the Assurance Provider to the Refiner’s management is the formal mechanism for communicating the detailed findings of the assurance engagement to the Refiner. This is a private document for the Refiner and LBMA. It may be shared with other stakeholders at the Refiner’s discretion.

Note 4: Consistency in assurance deliverables

Assurance Providers are expected to ensure sufficient transparency and consistency in the information presented in both the Refiner’s reporting and the assurance deliverables to meet the users’ needs. For example:

  • For an unqualified Assurance Report, the Compliance Report cannot conclude full compliance with the RGG when medium-risk and high-risk assurance non-conformances have been raised
  • The Assurance Report should draw attention to the medium-risk and high-risk assurance non conformances identified (either in the Assurance Report itself or in disclosures in the Refiner’s Compliance Report).

Further detail is provided in the Third-Party Assurance Guidance.

Submission of assurance deliverables to LBMA

Copies of all three deliverables should be submitted by the Refiner, or the Assurance Provider as designated by the Refiner, to the LBMA Chief Executive via email on an annual basis and within three months of the financial year end. Assurance Providers and/or Refiners may apply for an extension should this not be feasible due to unforeseen circumstances.

Multi-site assurance and standards equivalence

Where Refiners source multiple metals that are covered under LBMA’s and LPPM’s Responsible Sourcing Programmes and are required to conform to the RGG, Responsible Silver Guidance (RSG) and the Responsible Platinum and Palladium Guidance (RPPG), it may be possible to undertake a single multi-metal assurance engagement, if the following criteria are met:

  • There is one multi-metal refinery processing all metals in scope
  • The Refiner’s supply chain policies and management systems are consistent for all metals in scope
  • The RGG is used as the basis for the multi-metal assurance engagement, i.e., all metals in scope should be assessed for threat finance risk and ESG factors
  • Detailed sample testing adequately covers all metals in scope (further guidance is provided in the Third-Party Assurance Guidance)
  • Refiners provide sufficient disclosures on each metal in scope in the Compliance Report
  • Assurance Providers include sufficient information on each metal in scope in the Assurance Report or provide separate Assurance Reports for each metal in scope.

Refiners may continue to commission separate assurance engagements against the relevant metal Guidance should they choose to.

Where refineries are in different jurisdictions or sites, Refiners must undertake separate assurance engagements for each refinery.

12 EU Statutory Audit Reform Directive 2014/56/EU3 and Regulation 537/2014
13 The ten-year audit period begins on 1 January 2022. Rotated assurance firm or partner may be re-engaged after a period of ten years.