Identification and assessment of supply chain risks

Supplier risk identification includes a number of procedures:

  • DDMS procedures;
  • mechanism (separate from the DDMS) to check counterparties for reliability, solvency and financial resilience (“reliability check”).

The reliability check is an essential part of the contracting procedure (beyond the DDMS) applicable to all the Group’s prospective suppliers. Thus, supply chain risk identification is a preliminary to the contracting procedure.

This check seeks to assure that the contractor is reliable in terms of compliance with applicable laws and contractual obligations and is not exposed to any corruption risks. In addition to suppliers’ registration, operational and financial data, Nornickel analyses publicly available information about their management and business environment.

Based on the reliability check, the Company decides whether to cooperate with the respective contractor going forward. The existing suppliers are also subject to a reliability check if more than 12 months have passed since their most recent check.

The DDMS is key to identifying mineral supply chain risks and includes several stages.

The Group’s mineral supply chain due diligence and risk management

The first stage of supplier due diligence focuses on identifying risk indicators in the mineral supply chain. If the first stage identifies risk indicators, the Company carries out enhanced due diligence of the supplier to identify and confirm risks (if any). If so confirmed, the Company assesses its exposure and cooperates with the supplier to develop risk mitigants, following which it makes a final decision whether to cooperate with the respective contractor going forward.

Each stage of due diligence relies on the specifically designed tools explained below.

Identification of risk indicators in the mineral supply chain

If identified, risk indicators flag potential risks in the supply chain. Under the System, the key risk indicator relates to minerals originating from or being transported via a CAHRA area, those originating from a country that has limited known reserves, as well as contractors being financially or legally connected to supplies from a CAHRA area. The supplier’s failure to formally confirm its consent to the Code or a set of submitted documents that does not allow Nornickel to assess supplier’s compliance with the Code are also considered risk indicators.

Identification of risk indicators in the mineral supply chain

To identify risk indicators, the Company first identifies suppliers and minerals supplied, and all the elements of the supply chain. To this end, the supplier fills out a questionnaire describing its supply chain. Such questionnaire is a separate tool used to map mineral supply chains and get an insight into the supplier’s interactions with sub-suppliers (second and higher tier suppliers relative to Nornickel). The data is then analysed by the relevant departments of the Company’s Head Office and divisions, followed by supplier assessment. Supplier assessment helps identify risk indicators (if any).

To identify the above supply chain risks, the Company uses the following tools and procedures compliant with the best industry practices:

  • Know Your Supplier Questionnaire;
  • Supply Chain Mapping Questionnaire;
  • CAHRA Assessment Tool;
  • Supplier Code of Conduct Compliance Questionnaire.

Know Your Supplier Questionnaire

To identify risk indicators early in the game, the Company distributes Know Your Supplier Questionnaires among its suppliers.

In addition to up-to-date information about mineral suppliers’ owners, the Know Your Supplier Questionnaire concerns their operations in the supply chain:

  • nature of their core business and geography;
  • minerals supplied;
  • applicable licences (if any);
  • key sub-suppliers;
  • supply chain management approach and the maturity of relevant practices.

Supply Chain Mapping Questionnaire

This tool is a form to be filled out to provide more details on the mineral supply chain, specifically the Company’s direct suppliers and sub-suppliers. The form shows the existing mineral supply chain for the specific division with details on material sources broken down by supplier. The data sourced from this Supply Chain Mapping Questionnaire (the “Questionnaire”) help establish the number of suppliers, whether they are part of the Group, the type, volume and origin of minerals delivered in the selected period, as well as potential supplier risks under the OECD Guidance.

The Questionnaire enables Nornickel to map the mineral supply chain in a holistic way and to identify inherent potential risks.

CAHRA Assessment Tool

To determine whether a country is on the CAHRA list, the CAHRA Assessment Tool reviews more than 150 countries for corrupt practices, money laundering, political instability or repression, institutional weakness, insecurity, collapse of civil infrastructure, widespread violence, human rights violations and violations of national or international law. In doing so, this tool relies on the following sources:

  • 10 indices and metrics recommended by the RMI;
  • CAHRAs under Section 1502 of the Dodd–Frank Act (US);
  • CAHRAs under Regulation (EU) 2017/821

Supplier Code of Conduct Compliance Questionnaire

As part of supplier due diligence, the Company also assesses how well the supplier complies with Nornickel’s Code based on the completed Supplier Code of Conduct Compliance Questionnaire and the supporting documents provided.

The form is structured to factor in the Code’s environmental, social and corporate governance requirements. This tool helps determine the current status of the supplier’s ESG practices, including as regards responsible supply chains. Upon review of questionnaires, the Company gains a better understanding of its supply chain and the maturity of its suppliers’ ESG practices, as well as discovers opportunities to improve their business processes.

Assessment of mineral supply chain risks

If risk indicators are identified, the Company performs enhanced risk-based due diligence of the supplier.

The OECD Guidance determines the following potential risks that may arise in the supply chain:

  • serious human rights violations, including cruel, inhuman or degrading treatment, any forms of torture and forced labour, the worst forms of child labour, other gross human rights violations, war crimes or other serious violations of international humanitarian law, crimes against humanity or genocide;
  • direct or indirect support to non-state armed groups;
  • direct or indirect support to public or private security forces who illegally control, tax or extort money or minerals;
  • bribery and fraudulent misrepresentation of the origin of mineralsAt point of access to mine sites, along transportation routes or at points where minerals are traded, as well as in favour of second and higher tier suppliers relative to Nornickel.;
  • money laundering;
  • non-payment of taxes, fees and royalties to governments.

If risk is identified and confirmed, the Company assesses its exposure and cooperates with the supplier to develop a risk management plan. In some cases where zero tolerance risks are confirmed, the Company may reconsider its relationship with the respective supplier going forward.

The company also conducts monitoring of those suppliers that were subject to an enhanced due diligence (due to risk indicators identified previously). This monitoring procedure includes gathering data on suppliers’ operations and conducting on-site audits (if necessary), including where minerals are actually mined, transported and processed.

If supply chain risks are confirmed, the Company performs an enhanced due diligence using the specifically designed tools and procedures based on the best industry practices considering their applicability in the Russian Federation:

  • Supply Chain Risk Assessment Tool;
  • gathering information from public sources;
  • third-party audits ordered by the Company.

Supply Chain Risk Assessment Tool

An enhanced due diligence includes assessing the supplier for risk exposure (if any). The DDMS relies on a risk-based approach to the risks identified under the OECD GuidanceThe risks under the OECD Guidance are further detailed in the Assessment of Mineral Supply Chain Risks sub-section..

To this end, the Company uses a supply chain risk assessment tool which contains the list of risks and the criteria to assess the same with a view to determining the risk exposure. This procedure enables the Company to develop and implement the respective risk mitigants.

Gathering information from public sources

To obtain more details on suppliers, the Company procures to gather and analyse data on suppliers’ operations from public sources. To this end, the Company follows up on audit reports and reports from public organisations and government agencies relating to suppliers’ operations, as well as industry publications, news articles and information from counterparties. In addition to documentary evidence, the Company also liaises with representatives of local communities and organisations.

Supplier audits

The Company may initiate third-party audits to get an insight into how its suppliers actually mine, transport, process and export minerals. Such audits seek to identify and assess the worst-case scenarios should the risks materialise either potentially or actually.

Risk assessment frequency and the management’s involvement

Given the rapidly changing geopolitical landscape and the need to update its counterparty requirements in a timely manner, the Group performs mineral supplier risk assessment, including whether an area is on the CAHRA list, on an annual basis or sooner in case of material changes in the supply chain.

Divisions are responsible for producing internal reports on mineral supply chain due diligence, including performance assessment and risk management results. The Sustainable Development Department at Nornickel’s Head Office also produces Group level due diligence and monitoring reports.

Supplier audits