Your supplier is Rainforest Alliance certified. You’re covered, right?

Ana

·

rainforest alliance as due diligence system for food and beverage industry

Your supplier just sent over their Rainforest Alliance certificate.

Now what?

If you’re like most decision makers I work with, you’re in one of three situations:

  1. You’re staring at that PDF wondering: “Is this enough for our due diligence?”
  2. You’re building a supplier assessment process and trying to figure out where certification could fit
  3. An investor or retail buyer just asked you questions the certificate doesn’t answer (and you’re not sure what to do about it)

I’ve been on both sides of this. Helping suppliers prepare for Rainforest Alliance audits. And helping brands figure out what those audits can guarantee them.

The gap between what people assume certification proves and what audits actually verify is where most problems start. 

The Moment That Made Me Rethink Certification

A few years ago, I was helping a mid-sized F&B brand prepare for an investor sustainability review. They were sourcing cocoa from West Africa. They had a solid sustainability policy. Their key suppliers were Rainforest Alliance certified. And they designed the packaging aligned with the certification.

I asked to see the audit reports.

They didn’t have them. They only had the certificates.

The brand had collected all the certificates. But they’d never asked for the audit reports. They didn’t know what issues had been flagged, what was being addressed, or whether the same problems kept appearing year after year.

We spent the next two weeks chasing documentation from suppliers who’d never been asked for it before.

When the reports finally came in, two suppliers had the same non-conformities flagged three years running. One had no corrective action plan on file.

The certificates said “certified.” The audits told a different story.

That’s when I started telling clients: Certification is an input to your due diligence process. It was never meant to replace it.

What Rainforest Alliance Audits Verify

Before we talk about gaps, it’s worth understanding what auditors check and what the certification can and cannot guarantee. The current Rainforest Alliance standard covers core requirements (pass/fail) and improvement requirements.

Core requirements:

  • Ecosystem conservation and natural vegetation
  • Protection of waterways and wildlife
  • Worker health, safety, and protective equipment
  • Agrochemical restrictions (prohibited + risk mitigation lists)
  • Assess-and-Address system for child labour, forced labour, discrimination, and harassment
  • Deforestation risk mitigation
  • Traceability and geodata

Improvement requirements:

  • Progress tracked over time on specific social and environmental topics
  • Additional requirements triggered by risk level (e.g., child labour risk maps)

What auditors typically review:

  • Farm management plans
  • Training records
  • Traceability documentation
  • Payroll and contracts
  • Chemical application logs
  • Internal audit reports (for group certifications)

The standard introduced risk-based assurance. Higher-risk operations get more scrutiny. Lower-risk ones get lighter verification.

If your supplier can show clean documentation across these areas, that matters.

It’s just not the whole story.

What Audits Routinely Miss

Here’s where it gets uncomfortable – and where your questions need to go deeper.

Worker-side gaps

1. Workers often don’t know they’re on certified farms

A study by Professor Genevieve LeBaron found that 95% of cocoa workers in Ghana didn’t know whether they worked on certified farms.

Think about what that means. If workers don’t know certification exists, they won’t know what protections they’re entitled to. They won’t raise concerns through the right channels. The audit becomes a management exercise, instead of being a worker protection mechanism.

Source: University of Sheffield, 2018

2. Audits aren’t designed to catch the hardest violations

One social auditing firm acknowledged that “social audits are not designed to capture sensitive labour and human rights violations such as forced labour and harassment.”

Audits are particularly bad at detecting recruitment fees – a key indicator of debt bondage. Workers who’ve paid to get their jobs rarely disclose this, especially when management is present during interviews.

Source: Anti Slavery, 2022

Structural gaps

3. The “Assess-and-Address” framework allows issues to persist

Under RA’s standard, child labour – even forced child labour – doesn’t automatically lead to decertification.

To be fair, their logic is valid – decertifying farms removes visibility. Keeping them in the system allows for continuous improvement.

Critics call it “a way for companies to paper over issues, stymying the very accountability the schemes initially stood for.”

And when audits are announced (or even when they’re not), it’s possible to prepare “showcase” areas, hide problematic workers, and maintain two sets of records. A 2020 Guardian investigation found Rainforest Alliance-certified pineapple farms in Costa Rica were concealing undocumented workers from auditors, using illegal agrochemicals, and exploiting labour.

Both views have merit. But here’s what matters for your due diligence: certification does not guarantee a problem-free supply chain. It guarantees a monitored one.

Source: Corporate Accountability Lab, 2023; The Guardian, 2020; Rainforest Alliance v1.4 Standard documentation

4. Some audits have built-in conflicts of interest

In West African cocoa, audits are sometimes conducted by cooperatives, the same groups incentivised to claim beans came from certified farms because certified beans fetch higher prices.

The entity verifying compliance benefits financially from positive results. That’s a structural problem.

Source: Corporate Accountability Lab, 2023

Three Mistakes Brands Make With Certification

You can’t fix how audits are structured. But you can stop assuming they’ve done your job for you.

Here’s where it goes wrong:

Mistake 1: Treating certification as “done”

The certificate arrives. It goes in a folder. You tick a box.

But certification is a snapshot, taken once a year, sometimes less frequently. It tells you what the auditor managed to notice on audit day. It doesn’t tell you what’s happening now. Or what’s changed since.

If you’re not asking follow-up questions, you’re not doing due diligence. You’re collecting paperwork.

Mistake 2: Not knowing what to ask beyond “are you certified?”

Most brands stop at the logo. And stop at the logo.

But the useful information is in the details:

  • Who conducted the audit and who paid for it?
  • What’s your visibility into the months between audits?
  • What non-conformities were flagged, and which ones keep recurring?
  • What happens to the product from non-certified farms in the same cooperative?
  • If your biggest customer asked these questions tomorrow, could you answer them?
  • Can you trace this batch to the audit that covered it, or just to a certificate that covers the supplier?

If your supplier can’t answer these questions, the certification is administrative, not operational.

Mistake 3: Over-relying on the logo for regulatory compliance

With CSDDD enforcement approaching, certification alone won’t satisfy obligations. Regulators expect evidence of your own risk assessment, not just a third-party sign off.

The certificate might support your due diligence. But it doesn’t replace it.

What To Do Instead: A Practical Framework

Here’s what I tell clients who want to move past the checkbox party, whether they’re staring at that first certificate, building a supplier process, or fielding questions they can’t yet answer.

Step 1: Request the audit report, not just the certificate

The certificate tells you they passed. The report tells you what was flagged, what’s being addressed, and how seriously the supplier takes continuous improvement.

If they won’t share it, that’s information too.

Step 2: Ask about the scope

  • Which sites or farms are covered?
  • What percentage of your supply is actually certified?
  • What’s the traceability level – identity preserved, segregated, or mass balance?

“We’re Rainforest Alliance certified” can mean very different things depending on these answers.

Step 3: Build certification into your risk assessment

Certification should inform your risk view, not define it. High-risk origins, high-risk commodities, and high-risk labour contexts need additional scrutiny regardless of whether a certificate exists.

Use the certificate as a starting point for further questions, not as an endpoint.

Step 4: Document your own process

When an investor or retailer asks how you verify supplier claims, pointing to their logo won’t be enough. You need to show your work.

What questions did you ask? What did you verify independently? How do you monitor between audits?

The Uncomfortable Truth

Certifications were designed to solve a coordination problem: how do you signal sustainability in a complex supply chain without buyers auditing every farm themselves?

That problem hasn’t gone away. But the solution has become part of a different problem – a proliferation of labels that lets everyone claim progress without changing how purchasing decisions are made.

The Rainforest Alliance frog still means something. It means a farm was assessed. It means traceability exists. It means someone, somewhere, is monitoring.

What it doesn’t mean is that your due diligence is done.

The audit tells you what was checked. Your job is to ask what wasn’t.

Where To Go From Here

If your certification strategy feels like a checkbox exercise rather than a management tool, it might be time to look at how sourcing decisions are made and where the gaps are.

I built the Sustainability Systems Risk Check to help F&B companies identify where governance, data, and accountability need reinforcement before the next audit or investor inquiry.

And if you want to keep building on this, follow me on Linkedin where I go deeper into closing the gap between sustainability commitments and the systems that deliver them.

P.S. When was the last time you read a supplier’s audit report?

Ana avatar
Ana
Ana has spent the past decade helping over 150 SMEs across the F&B sector turn their sustainability goals into operational reality, as a consultant, within a certification body, and as a workshop facilitator. She’s CSP™-certified and trained in design thinking, but what sets her apart is a systems-based approach that moves teams from abstract ambition to shared direction.
Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *