Canada’s enhancements to the Responsible Minerals Assurance Process (RMAP), which officially came into force at the start of 2023, have quietly started reshaping how tech hardware firms in the country approach mineral sourcing. The updated framework, while still aligned with the OECD Due Diligence Guidance, introduces more stringent requirements—most notably, periodic on-site audits of smelters and refiners handling tin, tungsten, tantalum, and gold (3TG). That much is clear. What’s less often discussed is what this means, practically, for compliance teams tasked with making sense of complex mineral flows that cross borders, jurisdictions, and sometimes, quite frankly, data gaps that can feel impossible to bridge.
The shift toward on-site verification shouldn’t come as a surprise. There had been concerns, voiced quietly in industry circles, about the limitations of desk-based reviews and supplier declarations. Smelters, after all, sit at a chokepoint in the mineral supply chain. If their sourcing practices aren’t fully understood—or worse, if they are misrepresented—it becomes difficult, if not impossible, for downstream manufacturers to make credible claims about conflict-free sourcing. The periodic audits now mandated under Canada’s enhanced RMAP are meant to address that uncertainty. But translating audit findings into meaningful supply-chain oversight is, in practice, a task requiring more than compliance checklists.
For Canadian tech hardware firms—whether large multinationals or mid-sized component makers—the question becomes: how best to integrate RMAP audit results into existing due-diligence frameworks? One promising approach is to pair these audit outcomes with open customs data. Customs records, when used thoughtfully, can provide additional visibility into the origin and flow of 3TG minerals. They don’t offer a full picture, of course. There are limitations, both in terms of granularity and consistency of data between jurisdictions. But cross-referencing declared mineral shipments against smelter audit reports can at least help flag inconsistencies or patterns that warrant closer scrutiny.
This integration process requires some degree of system-building. First, procurement and compliance teams need access to both sets of data: the RMAP audit summaries (which, depending on the smelter or refiner, may vary in detail) and customs datasets for the relevant trade corridors. In some cases, open data portals maintained by customs authorities will suffice. In others, firms may find themselves needing to purchase data access or work through trade associations that aggregate and clean such datasets. It’s not seamless. But it is doable, provided there’s internal alignment on priorities.
Once data access is sorted, linking the two sources calls for establishing internal protocols. Some firms are experimenting with dashboards that automatically match smelter identifiers from audit reports with customs shipment records. Others rely on more manual reviews—Excel sheets, even basic database queries—especially if budgets or IT resources are constrained. There’s no single best method, and what works for one company may not suit another. What matters, arguably, is the willingness to dig into the details. The process can feel tedious, but skipping steps risks missing red flags.
For firms looking to formalize their efforts, the next logical step is to draft and publish an annual mineral-traceability report. There’s no legal requirement under Canadian law, at least not yet, to make such reports public. But stakeholder expectations—investors, civil society, even some customers—are trending in that direction. A well-structured report does more than tick a box. It signals that a company is engaging seriously with the complexities of mineral sourcing.
A basic template might include an overview of the firm’s supply chain structure, specifying the tiers where 3TG sourcing occurs; a summary of smelter and refiner locations, mapped against RMAP audit statuses; an account of how customs data has been used to validate shipment flows; and a section on challenges encountered—because there will be challenges. Leaving them out risks painting an implausibly tidy picture, something readers, increasingly, can spot. Firms may also choose to include case studies—anonymized where necessary—illustrating specific due-diligence actions taken in response to identified risks.
Building such a report, though, isn’t merely an exercise in documentation. It forces internal reflection on what data gaps remain, what tools are lacking, and where processes need strengthening. Some firms, when drafting their first traceability report, discover they have much less visibility than they assumed. That’s not necessarily a bad thing—uncovering gaps is, in its own way, progress. But it does mean that traceability work is iterative. The first report might raise more questions than it answers. Subsequent iterations, ideally, become more robust as systems mature.
Of course, not all firms are at the same point on this journey. Some, particularly larger players with established compliance functions, have been integrating audit data and customs records for years, albeit perhaps informally. Others are just beginning to explore how these pieces fit together. The pace at which companies move will depend on multiple factors: internal capacity, perceived risk exposure, and, frankly, appetite for transparency. There’s no universal path, and the space continues to evolve as data tools improve and regulatory landscapes shift.
It’s also worth acknowledging that no system is foolproof. Smelter audits, while valuable, can only verify so much. Customs data, useful as it is, depends on accurate declarations. And traceability reports, however detailed, are snapshots in time. There will always be blind spots, uncertainties, and areas where judgment calls must be made. That, in itself, is a reminder of the ongoing nature of responsible sourcing efforts. Firms will have to navigate this terrain with a mix of rigor, pragmatism, and openness to adjusting course as new information comes to light.