This Conflict Minerals Report for Oracle Corporation (“Oracle,” “we,” “us” or “our”) for the year ended December 31, 2017 is presented to comply with Rule 13p-1 under the Securities Exchange Act of 1934 (the “Exchange Act”). The U.S. Securities and Exchange Commission (the “SEC”) adopted Rule 13p-1 to implement reporting and disclosure requirements related to “conflict minerals” as directed by the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. Conflict minerals (“CMs”) are defined as cassiterite, columbite-tantalite, gold, wolframite and their derivatives, which are limited to tin, tantalum, tungsten and gold. Rule 13p-1 requires each SEC registrant to provide certain disclosures about CMs that are necessary to the functionality or production of products manufactured by such registrant.
Pursuant to Rule 13p-1, if, based upon a reasonable country of origin inquiry, a registrant has reason to believe that any of the CMs in its supply chain may have originated in the Democratic Republic of Congo or an adjoining country (together with the Democratic Republic of Congo, the “Covered Countries”), or if such registrant is unable to determine the country of origin of those CMs, then it must file a Conflict Minerals Report with the SEC describing the due diligence measures it has undertaken or will undertake regarding the source and chain of custody of the CMs. Due to our limited ability to determine the origin and chain of custody of CMs necessary to the functionality or production of our products as described below, we have filed this Conflict Minerals Report.
Oracle provides products and services that address all aspects of corporate information technology (“IT”) environments—applications, platform and infrastructure. Our applications, platform and infrastructure offerings are delivered to customers worldwide through a variety of flexible and interoperable IT deployment models, including cloud-based, on-site or hybrid, which enable customer choice and flexibility.
We have determined that components in our hardware products contain CMs and that they are necessary to the functionality of our hardware products. Our hardware products include Oracle Engineered Systems, servers, storage, industry-specific products, operating systems, virtualization management and other hardware-related software. Our hardware business, which includes our hardware products and related hardware support services offerings, represented 11%, 13% and 14% of our total revenues in fiscal 2017, 2016, and 2015, respectively. For further information about our hardware products, please refer to Item 1 of our Annual Report on Form 10-K for the year ended May 31, 2017, which is incorporated herein by reference.
Our ability to determine the origin and chain of custody of CMs, and whether they directly or indirectly finance or benefit armed groups in any Covered Country (the “Conflict Status”), is limited. Our hardware supply chain is multi-tiered, global and highly complex. We outsource the manufacturing, assembly and delivery of certain of our hardware products to a variety of companies, many of which are located outside the United States, and our hardware products incorporate components and subassemblies manufactured by many other global suppliers. We are multiple steps removed from the mining and smelting or refining of CMs, as our third-party suppliers and manufacturers may themselves purchase components or subassemblies containing CMs from persons other than the miner, smelter or refiner of CMs. Due to the multiple layers of our global supply chain, we do not have direct visibility into the sourcing, manufacturing and delivery processes through all levels of the hardware supply chain.
We rely on our direct suppliers to provide information on the origin of the CMs contained in components and materials supplied to us—including sources of CMs that are supplied to them from lower tier suppliers as described below.
Since it is not feasible to conduct due diligence on all of our suppliers, we conducted our CM Process (as defined below) by targeting our direct hardware suppliers and manufacturers who collectively represented at least 85% or more of our total direct hardware supply chain expenditure in calendar year 2017, including acquired companies (collectively, our “First-Tier Suppliers”). We believe that this approach is reasonable.
We have established due diligence strategies and procedures (collectively, our “CM Process”) as a basis for our direct hardware supply-chain management and disclosure compliance relating to CMs. We designed the CM Process with relevant aspects of the disclosure requirements adopted under Rule 13p-1 and industry best practices based upon the Organisation for Economic Co-operation and Development Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas.
The design of the CM Process included the following elements:
To gain insight into the country of origin, chain of custody and Conflict Status of our CMs, we relied primarily on the RMAP. The RMAP is a voluntary audit and certification program in which an independent third party evaluates smelter and refiner procurement activities and determines whether the smelter or refiner demonstrated that it has systems and controls in place to ensure that all the materials it processed originated from conflict-free sources. This smelter audit program is managed by the Responsible Business Alliance (formerly the Electronics Industry Citizenship Coalition) and uses a risk-based approach to validate smelters’ company level management processes for responsible mineral procurement.
The measures we took to exercise due diligence on the source and chain of custody of CMs in our direct hardware products were as follows:
We sent our First-Tier Suppliers a request to complete the CMRT and provide their responses to us. We directed these First-Tier Suppliers to the RMAP website, which contains written instructions and recorded training on how to use the CMRT. The CMRT includes questions regarding a supplier’s conflict-free policy and its engagement with its direct suppliers and asks suppliers to list the smelters and refiners they use. The CMRT also contains questions regarding each supplier’s sourcing through multiple tiers of their supply chains, the origin of CMs included in products as well as the measures suppliers have taken to conduct their own due diligence.
We exceeded our goal of surveying suppliers representing at least 85% of our annual direct hardware supply chain expenditures, ultimately receiving responses from First-Tier Suppliers representing approximately 93% of our calendar year 2017 annual direct hardware supply chain expenditures. The majority of the responses we received from our First-Tier Suppliers provided aggregate data for their global supplier lists on an entity-wide basis. The First-Tier Suppliers indicated that they were unable to specify from their global supplier lists the exact smelters or refiners used for the specific components included in Oracle hardware products. We are therefore unable to definitively determine whether any of the CMs reported by the First-Tier Suppliers were contained in our end products or to validate which of the smelters and refiners included in the CMRTs of our First-Tier Suppliers actually supplied CMs in our component parts. As a result, we were unable to determine with specificity the country of origin of the CMs contained in each of our hardware products and, consequently, any connection between our CMs and the direct or indirect financing of armed groups in the Covered Countries.
We reviewed the responses and engaged with our First-Tier Suppliers to address untimely, incomplete and inconsistent data reported in the CMRTs. We cross-checked the combined responses from our direct hardware suppliers against the RMAP list of Certified Conflict-Free smelters and refiners to identify the smelters within our indirect supply chain that have gone through the RMAP Conflict-Free certification process. As of March 8, 2018, we were able to validate that:
were reported by our direct hardware suppliers as being in their supply chains.
Our efforts for 2017 to determine the mine or location of origin of the CMs followed the due diligence measures described above.
Oracle is a member of the Responsible Business Alliance and has adopted the Responsible Business Alliance Code of Conduct, available at www.responsiblebusiness.org/standards/code-of-conduct. We actively participate with other industry group members to leverage industry-wide approaches to address issues impacting supply chain operations in the electronics industry, including CMs.