COP 2019 Walkthrough

Provision 07

Due Diligence for Responsible Sourcing from Conflict-Affected and High-Risk Areas.

This video introduces the OECD Due Diligence Guidance for Responsible Sourcing from Conflict Affected and High-Risk Areas, including practical approaches to implementing the 5 Step process to mineral supply chain due diligence described in the Guidance. It is relevant for any companies linked to the minerals trade, from mine, to refiner, trader, manufacturer, to end user, as well as to auditors, governments, civil society and other key stakeholders.


7. Due diligence for responsible sourcing from conflict-affected and high-risk areas

7.1.  Members in the gold, silver, PGM, diamonds and coloured gemstones supply chain shall exercise due diligence over their supply chains in accordance with the OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas (the ‘OECD Guidance’) or other auditable due diligence frameworks recognised by the RJC to be aligned with the OECD Guidance (‘RJC-recognised due diligence frameworks’), in ways appropriate to their size and circumstances. In addition:

  1. Members in the gold value chain shall implement the OECD Guidance Supplement on Gold as applicable to their operations and supply chains.
  2. Members in the diamond supply chain shall implement the OECD Guidance while complying with COP 29 (Kimberley Process Certification Scheme and World Diamond Council System of Warranties).

7.2.  Members shall adopt and communicate publicly and to their suppliers a supply chain policy with respect to sourcing from conflict-affected and high-risk areas. The policy shall be consistent at a minimum with Annex II of the OECD Guidance or with other RJC-recognised due diligence frameworks.

7.3 Refiner members shall:

  1. Maintain internal material control systems that can reconcile movement of inventory in and out over a given time.
  2. Gold refiners shall additionally collect and, with due regard to business confidentiality, share annually information with the RJC on the mine of origin of mined gold received.

RJC Due Diligence Member Toolkit

Download the RJC Due Diligence Member Toolkits for members to comply with OECD Due Diligence. Separate toolkits exist in English for Diamonds & Coloured Gemstones, and Precious Metals. 




Frequently Asked Questions

Here is a collection of the most frequently asked questions. For further questions on COP7 please email the training team: 

Due diligence is when a company takes reasonable steps to identify and mitigate risks. Its objective is to help companies respect human rights and avoid contributing to conflict through their sourcing practices. The process is intended to help make supply chains more transparent and prevent the extraction and trade of minerals from becoming a source of conflict, human rights abuses, and insecurity. Under COP7, due diligence refers specifically to the reasonable identification and assessment of risks related to sourcing from conflict-affected and high-risk areas (CAHRAs). These risks are outlined in Annex II of the Organisation for Economic Co-operation and Development’s (OECD’s) Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas (the ‘OECD Guidance’). The OECD Guidance is the international benchmark system for companies to manage these issues and conduct due diligence which is why COP7 is based on it.

The risks outlined in Annex II of the OECD Guidance are:

  • Serious abuses associated with the extraction, transport or trade of minerals
  • Any forms of torture, cruel, inhuman and degrading treatment
  • Any forms of forced or compulsory labour
  • The worst forms of child labour
  • Other gross human rights violations and abuses such as widespread sexual violence
  • War crimes or other serious violations of international humanitarian law, crimes against humanity or genocide
  • Direct or indirect support to non-state armed groups (covered by the KPCS for diamonds)
  • Direct or indirect support to public or private security forces
  • Bribery and fraudulent misrepresentation of the origin of minerals
  • Money laundering and non-payment of taxes and royalties due to governments.


These risks may seem far away from where you may be in the supply chain, but the goods or materials you buy and sell came from somewhere. COP7 requires you to reasonably assess whether the goods/materials you’ve bought came from or passed through anywhere where it’s possible or likely that any risks found in Annex II occurred. If your supply chain includes goods or materials that came from or passed through a CAHRA, you will have to do some work to understand what potential risks are, and mitigate them.

As with other RJC provisions, the development of a management system is important. This means having processes, procedures and protocols in place to do the information gathering and risk assessing while also communicating clearly throughout. The management system the COP7 requires is based on the OECD 5 steps that make up the OECD Guidance.

It’s important to remember that this provision, like others in the COP, is about continuous improvement. Members are not being asked to have completely transparent supply chains, or only source from certain suppliers. And members are not expected to be able to identify and mitigate all risks across all their supply chains immediately. Members are expected to make good faith efforts, make reasonable attempts to engage with suppliers to get the information needed and review it.

The OECD Guidance and its 5-step process is the benchmark for responsible sourcing of minerals.


Step 1. Establish Management Systems

  • Have a supply chain policy covering the risks under Annex II.
  • Develop appropriate management systems. This includes identifying a person to be responsible for due diligence in your company.
  • Gather information from your suppliers on their own supply chain and source of materials. As a minimum this means finding out in commercially sensitive terms which country the diamonds / coloured gemstones you buy were mined, and which company the precious metals you buy have been refined by. This step is about supplier engagement and its important to factor in time and resources to engage suppliers in this process.  
  • You must develop a grievance mechanism for any stakeholders to raise concerns – as with other provisions, this can be as simple as a person’s name and phone number identified on documents shared with your suppliers and made publicly available or using an externally provided grievance platform.  


Step 2. Identify and Assess Risks

This is where you begin the process of reviewing the information you’ve been sent by your suppliers. You’ll have to identify suppliers that have red flags, and conduct a risk assessment to analyse the risks presented. In some cases, you won’t find any red flags in your supply chain.


Step 3. Risk management

Manage the risks you’ve identified under Step 2 based on the information (or lack of information) that you receive from your suppliers. This may involve requesting further information, or documenting any decisions you’ve made based on risks (or lack) that you’ve identified 


Step 4. Third-party audit

Complete your RJC audit by an independent and RJC-accredited auditor.


Step 5. Annual reporting  

It’s very important to report publicly on what your due diligence process and systems are and what you do for them. You can develop your report as part of COP3 (Reporting), and it should be made publicly available. Your report can be short but must include a summary of all your actions on Steps 1-4. If you have a website, you should upload it there. If you do not have a website, then ensure that you communicate to stakeholders that it is available upon request. 


You can download the RJC OECD Due Diligence Toolkit and templates here – toolkit & templates.

The toolkit has been developed to help member companies implement the COP7 requirements for sourcing from conflict-affected and high-risk sources in the diamond and coloured gemstone supply chains. The toolkit includes a practical set of tools such as templates, forms, and checklists, in word format to simplify the due diligence process as much as possible, particularly for small businesses. Their use is not mandatory and members are free to adapt and tailor them as needed.

The toolkit is divided into five sections, mirroring the OECD’s five-step framework. Each section lists the sub-steps of the framework, briefly describes the task at hand and, where relevant, offers a tool to help. It also includes guidance implementation timeframes to help estimate how long it may take you to develop and implement each step.

The toolkit is designed for the stones supply chains, however members dealing in precious metals may also use it. However if you buy gold, be aware that you’ll need to apply the supplement on Gold from the OECD Guidance (which is included in the RJC 2019COP Standards Guidance document). The information you’ll be expected to gather will involve identifying the refiner/s in your supply chain and assessing their risks.

Like COP12 on Know Your Counterparty, or COP6 on Human Rights, or COP29 on the Kimberley Process Certification Scheme and World Diamond Council System of Warranties, the provision requires you to ask questions and gather information from your suppliers.

As part of the OECD Guidance under Step 1, you are asked to gather KYC information because money laundering and non-payment of taxes and royalties due to governments, are risks identified in Annex II. However, there are many more risks covered under Annex II. Please note that COP12 requirements cover customers within the term counterparty (if relevant) which is why it is still a standalone provision.

Yes. There are many of provisions in the COP for which you need to communicate with suppliers and gather information from them. It makes everything more efficient for you and your suppliers, to be able to complete just one form/questionnaire for all the information they need to provide you with.

No. However do bear in mind that you will be asking for slightly different information if you’re asking about a metal (usually you’re asking for information about the refiner) or stones (usually you’ll be asking about the supplier and source of the stones). Therefore, while you can use one questionnaire for efficiency, make sure it contains all the eventualities you’ll need.

For COP7, you’re often asking suppliers for new information about their supply chains that they’ve not had to share before – and this makes people nervous. It’s important to be clear and transparent with your suppliers about what you’re asking of them and why. It’s also important to allay their fears that you’re not going to bypass them or that you don’t trust them. This is about your obligation to responsible business practices, fulfilling customer demands, meeting regulatory compliance, and trying to do the right thing to stop abuses listed in Annex II from happening within your sphere of influence.

In practice, the information you want simply may not be available. This is acceptable under a due diligence approach if you can explain and demonstrate the steps you’ve taken to seek information and your plans to improve your data over time. RJC auditors will seek evidence that you are actively communicating your due diligence expectations to suppliers as part of the audit.

If information is not forthcoming, agree a timeline with your suppliers to obtain it and then document your discussions and agreements as evidence of your due diligence activities. Your suppliers should demonstrate some level of improvement. If they make no effort at all to provide you with information, then at some point a decision to disengage from that supplier may be appropriate. Members need to demonstrate good faith efforts to engage suppliers – one email will not suffice. Please note that you’ll be expected to keep a record of your attempts to reach out to your suppliers (this is automatic of course if done via email).

This provision requires members to gather information from your suppliers, and in many cases share it with your customers. The data shared should only allow your customers and suppliers to conduct their own due diligence, ensuring that the materials that they are purchasing/supplying have not contributed to the risks outlined in Annex II.

Data sharing can be done on an aggregated and/or confidential basis and should not impact your business relationships. You should strive to be as open and transparent as possible and the sharing of data should be a key component of this approach.

Under the OECD Guidance, you are responsible for identifying red flags and carrying out a risk assessment for your suppliers whether they belong to any external supply chain initiatives and programmes or not. That means you should not rely only on external parties, including RJC certification, to undertake due diligence on your behalf. This is in part because you are asking for key information about your suppliers’ stones and/or precious metals supply chains – specific information that doesn’t appear on an RJC certificate. While RJC certification can assure you that your suppliers are successfully conducting their own due diligence, without the specific information you need to ask them for, you cannot adequately conduct your own.

When it comes to refiners who are RJC certified or OECD equivalent, certification does give you some assurance, but COP7 and the OECD Guidance, requires you to obtain and review information about that refiners’ due diligence process which again, goes beyond information you can find in a certificate. Additionally supply chains and associated risks can change more frequently than an audit (and certification) can be conducted, therefore requiring members to obtain and review information.

If you are buying from a COP 2019 certified RJC members, the process of information gathering should be streamlined and more efficient because they know what you’re asking for, and why.

There is a phased in approach for the auditing for COP7 for members who buy and sell stones (diamonds and coloured gemstones):

  • Between 23 April 2020 and 22 April 2021, members will be assessed for conformance with the following elements of Step 1, Step 2 and Step 5 of the OECD Guidance:
    • having a supply chain policy and responsible person;
    • preliminary supply chain mapping and scoping efforts (for example, identifying and starting to engage with key suppliers); and
    • publicly reporting progress on due diligence efforts covering all elements covered above.
  • Between 23 April 2021 and 22 April 2022 members undergoing certification and recertification audits shall be assessed for conformance with Steps 1–5 of the OECD Guidance, ie all COP7 requirements.


Please be aware that many members may have been granted extensions due to the global pandemic. Of course, this means their audits may be delayed, but not their conformance to the provision requirements.

For precious metals, all parts of COP7 and the OECD 5-steps need to be conformed with and audited at any time.

RJC COP certification covers gold, silver, PGM, diamonds and coloured gemstones only. However we recommend you conduct the same due diligence on all your materials, for several reasons:

  • It will be easier and more efficient to streamline processes and for you to undergo the same approach for all materials you buy
  • Your customers will expect the same approach across materials
  • It’s expected that similar due diligence requirements will be developed and required by regulation across all materials in due course
  • The OECD Due Diligence guidance does cover all minerals not just those included in the RJC scope
  • Being proactive will allow you to be ahead of the curve and to avoid surprises.

As with the other provisions within the Code of Practices, members of all sizes are expected to conform with COP7, and the vast majority of RJC members are smaller companies. The way that a smaller member will conform will be different to a larger member, and having fewer suppliers for example, will make it more straightforward. While all members will be required to develop management systems, these will not need to be as formalised as for larger companies. However written documentation is important for this provision and is required for most areas. These don’t need to be extensive, but most aspects of Steps 1-5 will need to be written down (of course some of these will be done as a report under Step 5).

Under step 1 for example, you’re required to assign a senior staff member to lead your due diligence management system. For a smaller company however, the responsible person may be chosen by default because there is simply no one else. Please note that the assigned person doesn’t need to be appointed to work full time on due diligence but for this responsibility to be integrated into their role.

The RJC CoC standard aligns with the OECD 5-step framework (the Guidance) and so includes the same requirements as COP7 from the Code of Practices.

RJC’s Chain of Custody (CoC) certification allows members to tell the complete story about how their products or materials were sourced, traced and processed, from mine to retail. This certification is voluntary for RJC members and covers precious metals only.

After you’ve gathered information from your suppliers, you’ll need to analyse it to determine if there are any red flags. A red flag is a warning or indicator of a potential risk. In the context of due diligence, a red flag can be a location, supplier or a circumstance that triggers a need for enhanced due diligence (that is, further investigation). Many red flags are based on location and whether a supplier/supply chain involves a CAHRA.


Diamond and gemstone red flag list


Precious metal red flag list

Each member is expected to decide whether an area or country is a CAHRA or not – this is outlined in the OECD Guidance. As such we have provided a list of resources that you can use to research and conduct your risk assessment.

Please note you will need to keep documentation of your risk assessment process, what sources you used and what outcomes you reached (the identification or not of a CAHRA, for example).

You can review a range of documents and resources from credible sources to check for CAHRAs. This includes:

  • research reports from governments, international organisations, non-governmental organisations (NGOs) and media;
  • maps, UN reports and UN Security Council sanction lists; and
  • relevant industry literature on the material’s extraction, and its impacts on conflict and human rights. The EU Commission has published a list of publicly accessible resources that can be used to identify CAHRAs
  • and don’t forget to use your own experience, knowledge and assessment.

Below is list of resources for identifying CAHRA. You may also wish to review FATF high-risk jurisdiction lists and sanctions lists as part of your reviews under COP12, KYC.


Content of source

Heidelberg Conflict Barometer

Analysis of the most recent global conflict events in the form of texts and graphics; separate regional and individual country chapters.

Geneva Academy Rule of Law in Armed Conflicts

Database and analysis reporting on the implementation of international law in armed conflicts around the world (global coverage and brief overviews).

Assessment Capacities Project — Global Emergency Overview

World map and country specific analysis providing overview and analysis of countries in ‘situation of concern’, ‘humanitarian crisis’, and ‘severe humanitarian crisis’.

Uppsala Conflict Data Programme — Georeferenced Event Dataset

Interactive map of events of organised violence based on news sources; including fatalities, type of violence (state-based, non-state, one-sided), the user can zoom to a level of unique events


State of play in most significant global situations of conflict/potential conflict; interactive map and database allowing to assess the situation in selected country cases 2003-2018.

Global Peace Index

Interactive map that measures global peace according to qualitative and quantitative indicators (security officers and police, political instability, organised conflict, armed services personnel, etc.).

Major Episodes of Political Violence

Maps and tables listing e.g. episodes of armed conflict (including casualties) in the world from 1946-2017.

Armed Conflict Location and Event Data

Conflict trend reports and analysis including monthly updates on political violence in Africa, Middle East and Asia based on real-time data, and analysing current and historical dynamics in specific states.

International Peace Information Service — Conflict Mapping

Maps of Democratic Republic of Congo, Central African Republic, Sudan-South Sudan (contested areas, incidents, natural resources, education, community violence, intrastate and interstate violence); analysis of maps is provided.

Mining Conflicts in Latin America

The environmental justice atlas documents and catalogues social conflict around environmental issues for contextual information.

Worldwide Governance Indicators

Dataset of updated aggregate and individual governance indicators for specific countries, six dimensions of governance; country data reports summarise indicators per country.

Fragile States Index

Index focusing on indicators of risk, based on news articles and reports.

Corruption Perception Index

Index of the perceived corruption in countries.

National Resource Governance Institute

Country specific information and comparative analysis on issues relating to governance of natural resources.

United Nations Security Council Resolutions (UNSC)

UNSC Resolutions provide a useful description of the political and security situation in countries of concern on an annual basis.

United Nations Human Rights Council

Universal, periodic reviews.

Office of the United Nations High Commissioner for Human Rights

Country specific information on human rights issues.

United Nations Development Programme — International Human Development Indicators — Country Profiles

Annual country reports of country-specific human rights practices, global coverage.

Amnesty International

Research carried out by Amnesty International by country and region

Global Witness

A source of information and research on human rights issues around the globe.

Human Rights Watch

A source of information and research on human rights issues around the globe.

Mines and Communities

News articles and analyses of global mining and its impacts; classified by theme, country, company, minerals.

British Geological Survey

Country reports on international minerals statistics and information.

U.S. Geological Survey

Country reports on international minerals statistics and information.

EU Raw Materials Information System

Information on production, trade flows and policy relating to raw materials.

EU Due Diligence ready

Information and toolkits on complying with the EU regulation on mineral importing from 2021.

International Alert, Human Rights Due Diligence in Conflict-Affected Settings: Guidance for Extractive Industries (2018)

Guidance on how companies can ensure respect for human rights in their operations without exacerbating or generating conflicts

International Crisis Group – Crisis Watch Global Conflict Tracker

A tool designed to help decision-makers prevent deadly violence by keeping them up-to-date with developments in over 70 conflicts and crises, identifying trends and alerting them to risks of escalation and opportunities to advance peace

OECD Portal for Supply Chain Risk Information

The Portal is designed to help companies understand risks in their supply chains and to prioritise those risks to enable a more efficient and effective due diligence process

If you have identified a CAHRA or other ‘red flag’ in your supply chain, then you will need to undertake an in-depth review and assessment of potential or actual risks – what we call a risk review assessment. If you’re an upstream company you’ll have to conduct a risk review assessment, and if you’re a midstream or downstream company, you need to review evidence that your upstream suppliers have undertaken an adequate risk review assessment.

You will need to gather and/or review documentation on:

  • The identify of all upstream suppliers and service providers from the original source of production
  • The beneficial owners / ultimate beneficial owners of all upstream suppliers and service providers
  • The corporate structure of all upstream suppliers and service providers
  • Checks of any affiliation of the upstream suppliers or service providers with government, political parties, military, criminal networks or non-state armed groups
  • Traceability / chain of custody reports from mine of origin if available
  • Mine production records
  • Geological surveys (to verify that the source of production is plausible)
  • On-the-ground assessment reports
  • Evidence that all taxes, royalties, fees and other payments made to the relevant government (invoices and records)
  • Payment invoices and records (this also applies to ASM production)
  • Official documentation from national / local tax authorities
  • All payments made to public or private security forces or other armed groups
  • Contracts with public or private security forces


Please note this list is not exhaustive, nor are all elements required, but it’s a good guideline to use for the risk review assessment.

If no red flags are identified, you do not have to do conduct Step 3.

However please note that regardless of whether you have red flags in your supply chains or not, you must report on your due diligence efforts (this is Step 5) at least once a year to reassure customers, investors and other stakeholders that you are sourcing using a due diligence approach that is aligned with the OECD Guidance.

You’ll also need to review the information you receive on an annual basis to make sure it is up to date and that no new red-flags have been raised.

Online Course

The Responsible Jewellery Council has developed the below training module to guide you through the requirements of COP 7 Due Diligence for Responsible Sourcing from Conflict-affected & High-risk Areas of the 2019 Code of Practices.

Start course

Useful Links

Download the Code of Practices 2019 Self-assessment Toolkit to explore a more detailed breakdown of requirements.