Responsible Sourcing Programme Third Party Assurance Guidance
Introduction
1.1 Purpose of the Document
The Responsible Sourcing Third-Party Assurance Guidance (“Assurance Guidance”) is intended to support LBMA approved Assurance Providers (“Assurance Providers” or “Practitioners”) engaged to perform independent assurance in accordance with Step 4 of the Responsible Sourcing Guidance (“the Guidance”). It sets out guidance on the application of the assurance concepts and requirements specific to these types of engagements as well as practical steps to address potential issues that may arise. It is not intended to be an assurance standard and has been developed primarily to promote quality and consistency in the conduct of assurance engagements across the LBMA Responsible Sourcing Programme (“the Programme”).
It is expected that the Assurance Provider will apply the ISAE 3000 assurance standard in the performance of these engagements. The ISAE 3000 assurance standard is a commonly applied standard for nonfinancial reporting engagements. It is issued by the International Auditing and Assurance Standards Board (IAASB).
This Assurance Guidance should be read in conjunction with:
- the ISAE 3000 assurance standard
- the Responsible Sourcing Guidance (“the Guidance”), comprising the Responsible Gold Guidance (“RGG”)6 and the Responsible Silver Guidance (“RSG”)7
- the Refiners Toolkit
LBMA GDL Refiners (“Refiners”) should refer to this document to understand and prepare for the independent assurance process. Assurance Providers shall require Refiners to justify any substantial deviations from the Guidance and Refiners Toolkit (comply or explain).
Assurance Objective
The LBMA Guidance requires Refiners to undertake supply chain due diligence along the entire precious metals supply chain, consistent with anti-money laundering principles, as well as the five-step framework described in the Guidance. In addition, the Guidance has been developed to recognise the increasing importance of having strong corporate governance and address Environmental, Social and Governance (“ESG”) responsibilities in mined gold supply chains.
Each year, in accordance with Step 5 of the Guidance, Refiners are required to prepare a publicly available Compliance Report describing the underlying management systems and activities undertaken to conform with the Guidance as well as the actual performance against the Guidance. In addition, Refiners prepare a confidential Country of Origin Annex outlining volumes and jurisdictions from which various types of mined and recycled materials are sourced during the year. This is shared only with LBMA.
The Assurance Provider is expected to express a conclusion on whether the Refiner’s annual reporting fairly describes the Refiner’s activities and on management’s overall conclusion on meeting the objectives of the Guidance. It is designed to enhance the intended users’ degree of confidence in the Refiner’s public Compliance Report and the confidential Country of Origin Annex.
Reporting and Assurance deliverables:
| Refiner | Assurance Provider |
|---|---|
| Supply Chain Due Diligence Policy and Compliance Report (Public) | Independent Assurance Report (Public) |
| Country of Origin Annex (Confidential) | Independent Assurance Report (Confidential) |
| Corrective Action Plan prepared by the Refiner, if required (Confidential) | Report to Management (Confidential) |
Assurance Period
The Refiner’s Compliance Report and Country of Origin Annex must be assured annually. The effective start date for the Guidance, and hence this Assurance Guidance, is for reporting periods commencing on or after 1 January 2022 and will cover activities over the previous 12 months. The Refiners have 12 months to implement the LBMA Responsible Gold Guidance and all requirements are expected to be implemented by the end of 2022.
It is expected that the responsible sourcing reporting will follow the Refiner’s financial reporting cycle and the assurance must therefore be completed within three months of the Refiner’s financial year-end.
Assurance Provider Approval
Only approved Assurance Providers that meet LBMA’s core skills and competency requirements may perform these engagements. In addition, ISAE 3000 engagements are designed to be used with the International Standard on Quality Control (ISQC) 1,8 which establishes minimum quality control standards. The LBMA Executive publishes an Approved Assurance Providers List on its website. Prospective Assurance Providers may apply for accreditation using the Assurance Provider’s Application Form.
At a minimum, Assurance Providers must fulfil the following requirements:
a) Independence: The Assurance Provider, as a firm and individually, must have complete financial and other independence from the Refiner. In particular:
i) the Assurance Provider shall not be involved in the design, establishment or implementation of the Refiner’s precious metals supply chain management systems for a period of at least 24 months prior to the engagement.
ii) Refiners must rotate Assurance Providers or Engagement Partners every ten years. Assurance Providers or Engagement Partners may be re-engaged after a period of ten years subject to LBMA approval.9
b) Institutional capacity: The Assurance Provider must have adequate organisational capacities, including:
i) A robust system of quality control, including minimum requirements for independence, conflicts of interest, ethics and integrity, and assurance quality control reviews.
ii) The capacity to process appeals and/or handle complaints.
iii) The capacity to provide adequate and ongoing training to individual team members to maintain levels of competency.
c) Skills and competencies: The Engagement Partner should take responsibility for and play an active part in the engagement. In addition, individuals involved in the engagement must collectively possess the skills, knowledge and experience required to competently perform the engagement. These may include, but are not exhaustive to knowledge of and experience in:
• The Precious Metals Refining industry, including various types of sources, precious metals supply chains, procurement practices and refining methods.
• Supply Chain Due Diligence principles, procedures and techniques.
• Regulations and best practices including the OECD Due Diligence Guidance, Financial Action Task Force on Anti-Money Laundering and Financing of Terrorism principles, Human Rights, and Environmental, Social and Governance risks and management practices.
• Local context, including social, economic, political and cultural considerations, of conflict-affected and/or high-risk areas.
LBMA must be informed of any changes in personnel at the Assurance Provider (for example, individuals joining / leaving).
The LBMA Executive shall continuously review and monitor the Approved Assurance Providers List based on changes in personnel or quality issues and may request Assurance Providers to undertake refresher training. Where a quality review reveals actions or omissions that affect the integrity of the Programme, the Executive reserves the right to remove the Practitioner from the Approved Assurance Providers List.
1.2 LBMA Programme Governance
LBMA uses multiple approaches to ensure the quality and integrity of the Programme. These include:
- Regular publication and updates of guidance documents, toolkits and templates to incorporate
evolving best practices - Provision of training and additional resources for members and Assurance Providers
- Ongoing review and enforcement of approved Assurance Provider requirements
- In-house review of Refiners’ Assurance Reports
- Proactive monitoring of gold activity in Conflict-Affected and High-Risk Areas (CAHRAs).
RGG Effective Date
Refiners shall start implementation of RGG version 9 from 1 January 2022 and will have until 31 December 2022 to fully implement all the new requirements. New requirements are also applicable to existing supply chains and must be implemented when due diligence is revisited as per Step 2 of the Guidance. 2022 is considered the year of implementation, with the expectation that the first audits against RGG version 9 are due for the year ending 31 December 2022.
GDL Certification and Quality Review
On an annual basis, LBMA undertakes a risk-based review of the Refiner’s compliance and assurance deliverables. This is supported by LBMA’s internal Country of Origin data analysis and the continuous Incident Review Process (IRP). An IRP is launched when LBMA becomes aware of allegations of criminal activity and/or potential serious breaches of the RGG. The Refiner or Assurance Provider may be requested to provide additional information or detail on specific issues or aspects identified by LBMA. The Refiner’s GDL certificate is only granted once all LBMA reviews and related queries have been resolved.
LBMA GDL Certification Process
Request for Further Information
LBMA reserves the right to request information and supporting documentation from Assurance Providers as well as the right to shadow assurance engagements. From the 2022 audit cycle, LBMA will shadow new Assurance Providers and routinely undertake independent practice reviews on a rotational basis to review consistency and quality of engagements across the Programme. Common themes and challenges identified will inform future Assurance Provider training and knowledge-sharing programmes.
LBMA may request Refiners to make additional information on their annual assurance engagements (e.g., Assurance Providers Report to Management) available to third party organizations to meet emerging regulations and requirements (e.g., EU conflict minerals regulations).
Special Assessments
A Special Assessment has a very specific focus and helps to provide a second opinion to confirm the Refiner’s compliance with the LBMA Programme during the reporting period. It can arise out of:
- Country of Origin data analysis
- Incident Review Process
- Market intelligence
- Media allegations
- Whistle-blowing.
Under a Special Assessment, LBMA selects an auditor that is independent of the original auditor. The Special Assessment is an effective tool for LBMA to address issues that arise between annual assurance engagements.
1.3 Training and resources
It is the Assurance Providers’ responsibility to ensure that all team members involved in an LBMA assurance engagement remain up to date on developments in this area. To support this, LBMA provides a range of resources and opportunities accessible by Refiners and Assurance Providers including:
- Responsible Sourcing Newsletter
- Annual Responsible Sourcing Report
- Assurance Provider training and online responsible sourcing information modules
- Webinars on market developments, trends and insights.
Assurance Providers are also encouraged to contact the responsible sourcing team with queries and information requests at responsible.sourcing@lbma.org.uk.
1.4 Complaints
Any complaint about the quality of an assurance engagement or conduct of an Assurance Provider must be made in writing and must be supported by objective evidence. Oral complaints will not be accepted; all complaints must be in the English language. Complaints must be mailed or emailed to:
LBMA Chief Executive
7th Floor, 62 Threadneedle Street
London EC2R 8HP
mail@lbma.org.uk
6 Responsible Gold Guidance version 9, November 2021 https://cdn.lbma.org.uk/downlo...
7 Responsible Silver Guidance version 1, September 2017 https://cdn.lbma.org.uk/downloads/responsible-sourcing/20170824-Responsible-Silver-Sourcing-Master-SHD-V1.pdf
8 International Standard on Quality Control (ISQC) 1 issued by the International Ethics Standards Board of Accountants (IESBA), December 2009
9 The ten-year audit period begins on 1 January 2022. Rotated assurance firm or partner may be re-engaged after a period of ten years.