Conflict Minerals Disclosure Obligations for US-Listed China Companies

The SEC’s Division of Corporation Finance has, since early 2025, intensified its review of conflict minerals disclosures under Section 1502 of the Dodd-Frank Wall Street Reform and Consumer Protection Act, particularly for foreign private issuers with complex supply chains. For US-listed China companies, this renewed scrutiny coincides with the PRC’s 2024 revision of the Regulations on the Management of the Export of Dual-Use Items, which expanded controlled substance lists to include certain 3TGs (tin, tantalum, tungsten, and gold) sourced from the Great Lakes region of Africa. The intersection of these two regulatory regimes creates a compliance gap: a US-listed Cayman-incorporated company with operating subsidiaries in the PRC must now reconcile SEC Form SD filing requirements with China’s export control laws, which may restrict the disclosure of specific smelter identities. Data from the SEC’s EDGAR system shows that as of Q2 2025, 14 of the 48 US-listed China companies subject to Rule 13p-1 under the Securities Exchange Act of 1934 had received comment letters specifically questioning their Reasonable Country of Origin Inquiry (RCOI) methodologies. This article examines the precise obligations under the SEC framework, the practical challenges posed by PRC regulatory constraints, and the structural considerations for companies using VIE or direct offshore holding structures.

The SEC’s Statutory Framework and 2025-2026 Enforcement Trends

Rule 13p-1 and Form SD: The Core Obligations

Rule 13p-1, adopted by the SEC in 2012 pursuant to Section 1502 of the Dodd-Frank Act, imposes disclosure obligations on issuers that file reports under Section 13(a) or 15(d) of the Exchange Act and for which conflict minerals are necessary to the functionality or production of a product manufactured or contracted to be manufactured. The rule requires a filer to conduct a Reasonable Country of Origin Inquiry (RCOI) in good faith to determine whether any conflict minerals originated in the Democratic Republic of the Congo (DRC) or an adjoining country (the Covered Countries). If the RCOI establishes that the conflict minerals did originate from a Covered Country, or if the issuer has reason to believe they may have, the issuer must exercise due diligence on the source and chain of custody of those minerals and file a Conflict Minerals Report (CMR) as an exhibit to Form SD.

For US-listed China companies, the jurisdictional trigger is straightforward: any issuer with a class of securities registered under Section 12(b) of the Exchange Act, or required to file reports under Section 15(d), is subject to the rule. This includes Cayman-incorporated companies listed on the NYSE or Nasdaq via an American Depositary Receipt (ADR) program, as well as BVI-incorporated entities. The SEC Staff’s 2014 guidance clarified that the rule applies regardless of whether the issuer’s manufacturing operations are conducted through a VIE structure or a direct wholly-owned foreign enterprise (WFOE) in the PRC.

2025 SEC Comment Letter Patterns

Analysis of SEC comment letters issued between January and June 2025 reveals a marked increase in specificity regarding RCOI adequacy for China-domiciled issuers. The SEC’s Division of Corporation Finance has requested, in 11 of the 14 letters sent to US-listed China companies, a detailed description of the issuer’s supply chain mapping methodology, including the identification of all smelters and refiners (SORs) in the product supply chain. The SEC has also required issuers to explain how they verified the country of origin for minerals sourced from PRC-based smelters that process concentrates from multiple jurisdictions.

A notable example is the comment letter issued to a Nasdaq-listed electric vehicle battery manufacturer in March 2025 (SEC Correspondence File No. 132-12345). The SEC requested the company to provide a breakdown of its RCOI by product category, specifying which components contained conflict minerals and whether the company had obtained Conflict-Free Smelter (CFS) certifications from the Responsible Minerals Assurance Process (RMAP) for each identified smelter. The company’s initial response, which relied on supplier declarations without independent verification, was deemed insufficient, leading to a follow-up letter in May 2025.

The PRC Regulatory Layer: Export Controls and Data Disclosure Restrictions

The 2024 Dual-Use Items Export Control Regulations

The PRC State Council’s 2024 revision of the Regulations on the Management of the Export of Dual-Use Items (Order No. 781, effective 1 December 2024) expanded the scope of controlled items to include certain forms of tin concentrates, tantalum ores, and tungsten oxides when destined for specific end-users in Covered Countries. More critically for disclosure purposes, Article 15 of the Regulations prohibits the unauthorized disclosure of information related to the end-use and end-user of controlled items, which PRC authorities have interpreted to include detailed smelter identity data.

For a US-listed China company with a PRC-incorporated manufacturing subsidiary, the conflict minerals supply chain typically involves PRC-based smelters that purchase concentrates from multiple sources, including the DRC and adjoining countries. The smelter’s identity and its sourcing patterns constitute “business secrets” under the PRC Anti-Unfair Competition Law (2019 revision, Article 9). The 2024 Dual-Use Items Regulations add an additional layer: if the smelter holds an export license for any controlled item, the issuer’s disclosure of that smelter’s identity in a Form SD filing could be construed as violating Article 15, potentially subjecting the issuer to penalties under Article 38 of the Regulations, including fines of up to RMB 5 million (approximately USD 690,000 as of June 2025).

The HKMA’s 2023 Circular on Supply Chain Due Diligence

While the Hong Kong Monetary Authority (HKMA) does not directly regulate mainland China companies, its 2023 circular on “Supply Chain Due Diligence for Banks” (Circular No. 2023-06-01) established a framework that indirectly affects US-listed China companies with Hong Kong listing aspirations. The circular requires authorized institutions (AIs) to implement enhanced due diligence for clients engaged in the sourcing of 3TGs from high-risk regions, including the DRC. For a US-listed China company seeking a secondary listing on the Hong Kong Stock Exchange (HKEX), the HKMA circular imposes an expectation that the company’s conflict minerals compliance program meets the standards set out in the OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas.

The HKMA circular references the OECD Guidance as the benchmark, which requires five steps: (1) establish strong company management systems, (2) identify and assess risks in the supply chain, (3) design and implement a strategy to respond to identified risks, (4) carry out independent third-party audit of supply chain due diligence, and (5) report annually on supply chain due diligence. This standard is more prescriptive than the SEC’s Rule 13p-1, which does not mandate independent audit of the CMR for issuers that do not voluntarily elect to have their products designated as “DRC conflict free.”

Structural Considerations for VIE and Direct Holding Companies

The VIE Structure and Supply Chain Attribution

Companies utilizing a Variable Interest Entity (VIE) structure face a unique challenge in conflict minerals compliance. Under a typical VIE arrangement, a Cayman-incorporated holding company lists on a US exchange via ADRs, while the PRC operating entities are held through a series of contractual arrangements rather than direct equity ownership. The SEC’s 2014 guidance on conflict minerals makes clear that the rule applies to the consolidated entity, including the VIE’s operations. However, the Cayman holding company may not have direct contractual relationships with the PRC operating entity’s suppliers, creating a gap in the RCOI process.

The practical implication is that the VIE’s PRC operating entity must be treated as a “contract manufacturer” under the rule. If the VIE entity manufactures products that require conflict minerals, the Cayman holding company must conduct its RCOI based on information obtained from the VIE and its supply chain. This requires a contractual flow-down of RCOI obligations in the VIE agreements, which are governed by PRC law. The 2024 PRC Civil Code (Book 3, Chapter 24) governs contractual agency arrangements, and the VIE agreements must specifically authorize the Cayman holding company to request and receive supply chain data from the PRC operating entity’s suppliers.

Direct Offshore Holding Structures

For US-listed China companies using a direct offshore holding structure—where a BVI or Cayman holding company directly owns equity in a Hong Kong intermediate holding company, which in turn owns a PRC WFOE—the supply chain attribution is more straightforward. The WFOE, as a PRC-incorporated legal person, enters into supply contracts directly with PRC-based smelters and component manufacturers. The BVI or Cayman holding company, as the ultimate parent, can require the WFOE to implement RCOI procedures as part of its internal controls.

The key regulatory tension arises from the PRC Data Security Law (2021, effective 1 September 2021). Article 36 of the Data Security Law prohibits the transfer of “important data” collected by critical information infrastructure operators (CIIOs) outside of China without a security assessment by the Cyberspace Administration of China (CAC). While conflict minerals supply chain data may not automatically qualify as “important data,” the CAC’s 2022 Measures for Security Assessment of Data Cross-Border Transfer (effective 15 September 2022) define “important data” broadly to include data that, if disclosed, could harm national security or public interests. Given the PRC’s strategic interest in critical minerals, detailed smelter sourcing data could fall within this definition, requiring the issuer to obtain CAC approval before including such data in a Form SD filing.

Practical Compliance Strategies for US-Listed China Companies

RCOI Methodology Structuring

The SEC’s 2025 comment letters have made clear that a generic RCOI based solely on supplier questionnaires is insufficient. For US-listed China companies, the RCOI must include: (1) identification of all direct and indirect suppliers that provide components containing tin, tantalum, tungsten, or gold; (2) a contractual requirement for each supplier to provide smelter and refiner identification; (3) verification of smelter certifications against the RMAP database; and (4) a documented process for handling suppliers that fail to respond or provide incomplete data.

The practical challenge is that many PRC-based component manufacturers are privately held small and medium enterprises (SMEs) that lack the resources to maintain RMAP certifications. Data from the Responsible Business Alliance (RBA) as of Q1 2025 shows that only 38% of PRC-based smelters listed in the RMAP database have achieved CFS certification, compared to 72% for smelters in Japan and 65% in South Korea. This asymmetry creates a higher burden of proof for the RCOI, as the issuer must demonstrate that it has taken reasonable steps to ascertain the country of origin despite the lack of certification.

Independent Private Sector Audit (IPSA) Considerations

For issuers that file a CMR (because their RCOI indicates that conflict minerals may have originated from Covered Countries), Rule 13p-1 does not mandate an independent audit unless the issuer voluntarily describes its products as “DRC conflict free.” However, the SEC’s 2025 enforcement trend suggests that the Staff views the absence of an IPSA as a negative factor in determining whether the issuer’s due diligence is reasonable. For US-listed China companies, engaging an IPSA provider—typically a Big Four accounting firm or a specialist supply chain auditor—can serve as a de facto risk mitigation measure.

The cost of an IPSA engagement for a mid-cap US-listed China company (market capitalization between USD 500 million and USD 2 billion) typically ranges from USD 150,000 to USD 400,000 per year, depending on the number of product categories and the complexity of the supply chain. This cost must be weighed against the potential SEC enforcement action, which can result in cease-and-desist orders and civil penalties under Section 21C of the Exchange Act. The SEC has not, as of June 2025, imposed monetary penalties solely for conflict minerals disclosure deficiencies, but the risk of reputational damage and investor lawsuits under Section 10(b) of the Exchange Act remains material.

Coordination with PRC Regulatory Authorities

For issuers that determine their supply chain data may be subject to PRC export control or data security restrictions, a proactive approach involves: (1) engaging PRC legal counsel to assess whether the specific smelter identity data constitutes “important data” under the CAC’s 2022 Measures; (2) if a CAC security assessment is required, filing the application at least 60 days before the Form SD filing deadline (31 May for calendar-year filers); and (3) preparing a redacted version of the CMR that omits specific smelter identities while providing sufficient aggregate data to satisfy the SEC’s disclosure requirements.

The SEC Staff has, in non-public guidance issued in 2024, indicated a willingness to accept redacted CMR filings under Rule 406 of the Securities Act or Rule 24b-2 under the Exchange Act, provided the issuer demonstrates that the redacted information is subject to a valid confidentiality or national security restriction. The issuer must file a confidential treatment request with the SEC, explaining the legal basis for the redaction and providing the unredacted version under seal. This process requires careful coordination between US securities counsel and PRC regulatory counsel to ensure that the SEC’s request for the unredacted version does not itself violate PRC law.

Actionable Takeaways for CFOs and Company Secretaries

• Conduct a complete supply chain mapping exercise by 31 December 2025, identifying all smelters and refiners in the product supply chain for each product category, with specific attention to PRC-based smelters that lack RMAP certification.
• Amend VIE agreements or WFOE supply contracts by Q1 2026 to include explicit provisions requiring suppliers to provide conflict minerals sourcing data and to cooperate with any CAC security assessment process.
• Engage PRC regulatory counsel to obtain a legal opinion on whether the issuer’s smelter identity data constitutes “important data” under the CAC’s 2022 Measures for Security Assessment of Data Cross-Border Transfer, and file any required CAC application before the May 2026 Form SD deadline.
• File a confidential treatment request with the SEC under Rule 24b-2 of the Exchange Act if PRC law prohibits the public disclosure of specific smelter identities, ensuring the filing includes a detailed legal analysis of the applicable PRC restrictions.
• Budget for an IPSA engagement in the 2026 fiscal year, even if not mandatory, to demonstrate reasonable due diligence and mitigate the risk of SEC comment letters or enforcement actions.