The below steps will guide you on how to establish and use a due diligence system to undertake a risk assessment under Australia’s illegal logging laws.
You need to establish and use your due diligence system before you process Australian grown raw logs. This is a legal requirement.
A good due diligence system will help you assess the risk that the raw logs you are processing were illegally harvested and, where appropriate, mitigate the risk.
As processors, you have a responsibility to consider:
- where the raw logs have come from, and
- whether the raw logs have been legally harvested.
The due diligence requirements are set out in the Illegal Logging Prohibition Regulations 2012 (sections 18 – 25). The below steps outline the minimum requirements for you to meet your due diligence obligations as a processor.
If you do not carry out a suitable due diligence assessment before processing the logs, you could face significant financial penalties.
Before you process Australian grown raw logs, you must have a written due diligence system that lists the steps you are going to take to minimise the risk of processing illegally harvested logs.
Your due diligence system must include:
- Your details, including: business name (where applicable), street and postal address, contact number and email address.
- If you process logs through a business, your ABN/ACN, and a description of your main business activity.
- The name of the person in charge of the due diligence system, and their contact details.
- The steps you will take to minimise the risk of processing illegally logged timber.
Your due diligence system should be easy to understand and follow. It will help you make decisions about how to act before you process a log.
The department has published a guide for establishing a due diligence system for processors.
If you change your due diligence process, you should also update your due diligence system.
If you are audited you will be asked to provide a copy of your system to the department, which will be assessed for compliance against season 18 of the Regulation.
Before you process Australian grown raw logs, you need to attempt to gather information about it concerning the risk of illegal logging.
You need to gather as much of the following information as is reasonably practicable to obtain:
- A description of the logs, including the name (common or scientific) of the tree it came from.
- The State/Territory and forest harvesting unit where the logs were harvested.
- The quantity of raw logs to be processed (in volume, weight or number).
- Details of your supplier, including name, address, trading name, and ABN/ACN.
- Documents provided by your supplier for the log’s purchase.
- If a Timber Legality Framework (PEFC or FSC) applies to the raw logs, a copy of the applicable licence or certificate.
- If a State Specific Guideline applies to the raw logs, the information relating to the product that the document requires importers to obtain.
- Further evidence that can demonstrate the raw logs were not illegally logged including, but not limited to:
- Whether the harvesting is prohibited in the source location.
- Whether the legislative requirements concerning the harvest of the logs have been met.
- Whether payment was made for the timber harvesting rights (where applicable).
- Whether harvest was consistent with the use and tenure rights (where applicable).
Many of the details about the raw logs may be found in existing commercial documents, contracts or invoices. However, you may need to work with your supplier to gather more information, documents, or evidence.
Additional resources are available to assist with gathering further contextual information.
How you gather the necessary information is up to you. This could include: phone calls, emails, online research, questionnaires sent to suppliers or site visits, among other approaches.
The law requires you to gather as much of the above-listed information about the product as it is ‘reasonably practicable’ to obtain. In determining what is reasonable, you should consider: the availability of the required information; the time, expense and difficulty in gathering the information; and the steps required to gather the required information.
If you can’t answer basic questions about your logs, such as what species it is and where it was grown, it will be difficult to conclude that it is low risk (see Step 3).
If audited, you will need to be able to show that you have obtained as much information as was reasonably practicable to. You must keep a record of the information you gather, for at least five years from the day the raw logs are processed.
Case study
Donald is planning to establish a new contract for the supply of high quality sawlogs with a supplier. He contacts the supplier, explains the information he needs, and provides them with a questionnaire. He also asks for any other documents that can be used to demonstrate the legality of the logs. Donald’s supplier is able to provide a completed questionnaire, and commits to providing delivery dockets with each load of logs that identify the logging contractor and the logging area identifier. Donald thanks his supplier for their cooperation, and uses this information to assist his due diligence risk assessment (see Step 3), together with that gathered from further desktop research.
Case study
Kirstjen owns a furniture business and wants to source hardwood logs from a local contractor who has accumulated logs in his yard. She asks her supplier for the required information to support her due diligence process. However, Kirstjen’s supplier notes the logs have come from a range of private sources, and they can’t confirm where and when they were harvested. Kirstjen records her attempt to gather the information and her supplier’s response. She now needs to determine if she has enough information to complete her risk assessment (Step 3). If she is unable to conclude that the likelihood the raw log was illegally logged is low or nil at the risk assessment step, Kirstjen will need to take additional steps to mitigate her risk (Step 4).
Australia’s illegal logging laws provide three methods to do this:
- Timber Legality Framework (TLF) risk assessment
- State Specific Guideline (SSG) risk assessment
- Regulated Risk Factors (RRF) risk assessment
You need to use one of these methods to carry out your initial risk assessment. Further information on each of these methods is provided below. We have also provided comprehensive risk assessment templates below to guide you through each of the steps involved in applying each method.
The method that you use will depend on the circumstances surrounding your raw logs. However, the first two methods can only be used where your raw logs meet certain requirements. The third method can be used in all circumstances.
Each method requires you to come to a risk conclusion. You need to consider all the information you know of, or should know. This means you cannot ignore relevant information when coming to your risk conclusion.
This includes assessing information gathered in Step 2. Consider:
- Have you been able to obtain sufficient information to inform your risk assessment?
- Do the classification of species, quantities, and qualities match across the documentation?
- Can the claims made in the information gathered be verified with evidence?
If you have been unable to obtain enough information about the species of timber and where it has come from, it will be difficult to conclude that the product is low or nil risk.
Your risk conclusion needs to be reasonable and supported by the information that you have gathered. If audited, you will be asked to justify your risk conclusion.
If, after completing the risk assessment, you conclude that your product is low or nil risk, then you can move to the record keeping step and finalise your due diligence steps for the raw logs. However, if you have assessed the risk as greater than low, you will need to take further steps this. If you used the Timber Legality Framework risk assessment method or the State Specific Guidelines method, you must complete a subsequent risk assessment using Regulated Risk Factors. If the risk is still greater than low, you must take the risk mitigation steps set out in Step 4 (see below).
Additional resources are available to help with your risk assessment.
Case study
Mikhail has worked with his supplier to gather the information for his due diligence process. He now needs to decide which risk assessment method to use. Having received a Responsible Wood PEFC certificate code from his supplier, he could use the Timber Legality Framework method (Option 3A). Mikhail also finds there is a State Specific Guideline for the state where the logs were harvested (Option 3B). He also notes that he can use the Regulated Risk Factors method (Option 3C). Because his logs will be certified under the Responsible Wood scheme, Mikhail decides to use the Timber Legality Framework method (Option 3A).
Case study
Chris operates a small sawmill and is approached by a local forestry contractor willing to sell him some sawlogs. Aware of his legal obligations, Chris asks the contractor for the information for his due diligence process and evidence of the logs’ legality. The contractor advises that the logs have come from a range of private sources in the region, and assures Chris they are all legally sourced. Chris is aware of reports of logs being stolen from local forests and recognises the logs are particularly cheap. Despite this, Chris has a good relationship with the contractor and decides to give him the benefit of the doubt. He records his risk decision as low-risk and processes the sawlogs.
Several months later, Chris is selected for a compliance audit. Undertaking its own assessment, the department may decide a reasonable person wouldn’t have concluded the sawlogs were low risk. In this situation, Chris may be found non-compliant and face further compliance action.
You can use this risk assessment method when the logs you are processing are certified under the:
In Australia, PEFC certified logs are likely to be certified under the Responsible Wood Certification Scheme. Responsible Wood are the Australian member of PEFC.
This method recognises that the FSC and PEFC certification schemes provide rigorous forest management and chain of custody standards that consider risks of illegally logged timber.
If you use this method, you need to do two key things:
- Confirm your supplier and the logs you are processing are certified (see below).
- Consider the information gathered in Step 2 to determine if anything else suggests the logs have come from illegal sources.
If you can confirm that the logs are certified, and are not aware of any other information that suggests that they come from an illegal source, you can assess the risk as low and proceed with processing.
A common mistake is assuming that your logs are certified because your supplier is certified. A certified supplier can still deal in non-certified logs. There is also a risk that your supplier may be falsely claiming that their logs are certified.
If you find that your supplier or logs are not certified, you must choose a different risk assessment method (see option 3B or 3C).
How to use the TLF risk assessment method
When using this method, there are five steps you need to follow:
- Check the supplier’s certification number
- Check if the certificate is valid for the period of supply
- Check if the products or species being supplied are listed
- Check if the product is certified
- Consider any other information that may indicate illegality of harvest
If you can confirm that the logs are certified and you are not aware of any other information that suggests that they come from an illegal source, you can assess the risk as low or nil and proceed to the subsequent due diligence steps.
We provide a comprehensive TLF risk assessment template below that guides you through each of these steps. We encourage you to use this to assist you when using this risk assessment method.
Download the TLF Risk Assessment Template
Illegal logging Timber Legality Framework risk assessment template (PDF 309 KB)
Illegal logging Timber Legality Framework risk assessment template (DOCX 752 KB)
If you have difficulty accessing these files, visit web accessibility for assistance.
You can use this risk assessment method when you are processing logs from an Australian state with a State Specific Guideline (SSG).
SSGs have been developed by the federal government with each state government. They help you understand:
- the legal frameworks that regulate timber harvesting in each state
- relevant documents you should obtain to demonstrate harvest legality
The SSGs may also provide helpful information on timber transportation and processing requirements.
How to use the SSG risk assessment method
In using a SSG to conduct your risk assessment, there are four steps to follow:
- Decide if an SSG applies to the raw logs you are processing
- Assess the information you have gathered against the SSG
- Consider any factors that the SSG may not account for
- Consider any other information that may indicate illegality of harvest
We provide a comprehensive SSG risk assessment template below that guides you through each of these steps. We encourage you to use this to assist you when using the SSG risk assessment method.
Case study
Khalil is doing due diligence for some sandalwood logs his company wants to buy. Having found that a State Specific Guideline (SSG) exists for the state of harvest, he downloads the relevant document. He then uses the SSG to identify and collect documentation to support the legality of the logs. Khalil also considers other information about the timber species, and the region of harvest, that may indicate the logs were illegally harvested. He discovers sandalwood is sometimes illegally logged and seeks further clarity from his supplier. The supplier confirms the sandalwood is plantation grown and was harvested legally. This claim is supported by the supplier’s purchasing system, which includes samples of invoices, certificates and permits. Khalil uses this evidence to support his low risk conclusion.
Download the State Specific Guideline Risk Assessment Template
Illegal logging State Specific Guidelines risk assessment template (PDF 298 KB)
Illegal logging State Specific Guidelines risk assessment template (DOCX 751 KB)
If you have difficulty accessing these files, visit web accessibility for assistance.
You can use this risk assessment option when processing any Australian grown raw logs.
By using the risk factors, you should be able to make a reasonable determination of whether the logs are likely to have come from illegal sources.
In using the regulated risk factors, you may need to do additional research. There are additional resources to help with your risk assessment.
How to use the RRF risk assessment method
There are three key steps to this method:
- Consider the prevalence of illegal logging in the area in which the logs were harvested
- Consider the prevalence of illegal harvesting of the species of tree from which the logs are derived
- Consider any other information that may indicate illegality of harvest
If you have assessed the risk and decided that the logs are a low or nil risk of being illegally harvested, you have completed your due diligence. You must document your risk conclusion and meet your record keeping requirements..
If you have assessed the risk as greater than low, you must take additional actions to mitigate the risk before you are able to process the raw logs. This is explained in Step 4 (below).
We provide a comprehensive RRF risk assessment template below that guides you through each of these steps. We encourage you to use this to assist you when using the RRF risk assessment method.
Case Study
Antonia is using the Regulated Risk Factors method (Option 3C) to conduct a risk assessment on some logs she plans to process. Working her way through the risk factors, Antonia uses several online resources to research whether illegal logging is a problem in the area of harvest, and whether the species of wood in the logs is regularly illegally logged. In doing her research, Antonia finds nothing to suggest the logs have come from illegally logged sources. Drawing on this research and the information she originally gathered from her supplier in Step 2, Antonia concludes the logs are low risk. She records this conclusion and arranges to purchase and process the logs.
Download the Regulated Risk Factors Assessment Template
Illegal logging Regulated Risk Factors assessment template PDF (PDF 298 KB)
Illegal logging Regulated Risk Factors assessment template PDF (DOCX 751 KB)
If you have difficulty accessing these files, visit web accessibility for assistance.
If you are not able to conclude that your product is low or nil risk after assessing risk via the Regulated Risk Factors you need to take reasonable steps to mitigate the risk before you process them.
How you mitigate the risk is up to you. It will depend on your individual circumstances.
You may need to do more research, such as:
- ask for more evidence or information from your supplier
- ask your supplier for a certified alternative
- visit your supplier to learn more about their supply chains
- start a regular audit process, such as a detailed supply chain audit or onsite supplier audit
Your risk mitigation may involve not processing the raw logs. You may need to consider sourcing different logs, or even changing suppliers.
Regardless of the steps you take, your mitigation efforts need to be adequate and proportionate to the identified risk.
Once you are satisfied that you have reduced the risk to a low level of being illegally harvested, you must keep records to show the steps you have taken.
If you were to process any logs that are later found to have been illegally harvested, you could face serious penalties.
You must keep records covering all the steps you took in the due diligence process. This includes records of all information and evidence gathered as part of your due diligence. Records can be kept digitally or on paper. They must be maintained for at least five years after processing.
Your records should clearly state:
- your due diligence system (Step 1)
- the information gathered (Step 2)
- your risk assessment process and conclusion (Step 3)
- where applicable, how you attempted to mitigate the risk (Step 4)
We may audit your records. Learn more about our compliance audits.
Questions and answers
No. You do not have submit your due diligence information to the department each time you process domestically grown raw logs. However, this information must be provided to the department, if requested for compliance purposes, and you must keep a written record of your due diligence process.
The legislation requires that each time a processor processes a raw log, they complete the due diligence process set out in Part 3, Division 1 of the Regulation. Where a processor has previously processed the same kind of raw logs, they must first verify that none of the information relating to the raw logs previously gathered, or required to be gathered under section 19, has changed. This could include the harvest location or product certification number. A record of having done this must be created that references to the original due diligence assessment process relied upon.
Where no changes have occurred, processors can utilise the previous risk assessment and mitigation process undertaken for the raw logs, and keep a record of having done this. Where any element has changed, the importer must repeat the risk assessment and mitigation steps at sections 20 – 23 of the Regulation, and keep records of having done this.
No. While such a statement can help inform your risk assessment, it is not sufficient evidence to satisfy your due diligence requirements.
Get updates
To receive updates, guidance, and information about upcoming events, please subscribe to our illegal logging mailing list.