These steps will guide you on how to set up and use a due diligence system to undertake a risk assessment under Australia’s illegal logging laws.
You need to establish and use your due diligence system before you process an Australian grown raw log. This is a legal requirement.
A good due diligence system will help you:
- understand where the logs have come from
- decide if they have been legally sourced
- avoid illegally logged timber
- support local investment, profitability and jobs
If you do not do carry out a suitable due diligence assessment before processing the log, you could face significant financial penalties.
These steps are the minimum requirements for a due diligence system, and are the core elements that must be included in all due diligence systems.
[Expand all]
Step 1: Establish and maintain a due diligence system
Before you process an Australian grown raw log, you must have a written due diligence system. It must list the steps you are going to take to minimise the risk of processing illegally harvested logs.
Your due diligence system should include:
- Your details, including: business name (where applicable), street and postal address, contact number and email address.
- Your ABN/ACN (if you process logs through a business), and a description of your main business activity.
- The name of the person in charge of the due diligence system, and their contact details.
- The steps you will take to minimise the risk of processing illegally logged timber.
Your due diligence system should be easy to understand and follow. It will help you make decisions about how to act before you process a log.
The department has published a guide for establishing a due diligence system for processors.
If you change your due diligence process, you should also update your due diligence system.
If you are audited you may be asked to provide a copy of your system to us for review.
Step 2: Gather information
Before you process an Australian grown raw log, you need to gather information about it.
As a minimum, you need to seek:
- A description of the log, including the name (common or scientific) of the tree it came from.
- The State/Territory and forest harvesting unit where the logs were harvested.
- The amount of raw logs you are processing (in volume, weight or number).
- Details of your supplier, including name, address, trading name, and ABN/ACN.
- Documents provided by your supplier for the log’s purchase.
- Any materials or documents that indicate the timber was legally logged.
Much of this information may be found in existing commercial documents, contracts, invoices, etc. But, you may need to work with your supplier to get more information, documents, or evidence.
How you gather the necessary information is up to you. This could include: phone calls, emails, online research, questionnaires sent to suppliers, site visits, and so on.
Case Study
Donald is planning to establish a new contract for the supply of high quality sawlogs with a supplier. He contacts the supplier, explains the information he needs, and provides them with a questionnaire. He also asks for any other documents that can be used to demonstrate the legality of the logs. Donald’s supplier is able to provide a completed questionnaire, and commits to providing delivery dockets with each load of logs that identify the logging contractor and the logging area identifier. Donald thanks his supplier for their cooperation, and uses this information to support his due diligence risk assessment (see Step 3).
The law requires you to collect information where it is “reasonably practical”. In determining what is reasonable, you should consider the availability of the required information; the time, expense and difficulty in gathering the information; and the steps required to gather the required information.
However, if you can’t answer basic questions about your log, such as what species it is and where it was grown, it will be difficult to conclude that it is low risk (see Step 3).
Case Study
Kirstjen owns a furniture business and wants to source hardwood logs from a local contractor who has accumulated logs in his yard. She asks her supplier for the required information to support her due diligence process. However, Kirstjen’s supplier notes the logs have come from a range of private sources, and they can’t confirm where and when they were harvested. Kirstjen records her attempt to gather the information and her supplier’s response. She now needs to determine if she has enough information to complete her risk assessment (Step 3). If she is unable to complete the risk assessment with the information she has, Kirstjen will need to take additional steps to mitigate her risk (Step 4).
If audited, you will need to be able to show that you have made a reasonable effort to get the required information.
You must keep a record of your efforts, and any information you find, for at least five years after the date of processing.
Step 3: Assess the risk
Once you have completed Step 2, you need to use the information you have gathered to conduct a risk assessment.
The illegal logging laws provide three methods to do this:
- Option 3A: a Timber Legality Framework
- Option 3B: a State Specific Guideline (SSG)
- Option 3C: the Regulated Risk Factors
You need to use one of these methods to carry out your risk assessment. Detailed information on each of these methods is provided below.
The method that you use will depend on your own circumstances. However, the first two methods can only be used where your product(s) meets certain requirements. The third method can be used in all circumstances.
Case Study
Mikhail has worked with his supplier to gather the information for his due diligence process. He now needs to decide which risk assessment method to use. Having received a Responsible Wood PEFC certificate code from his supplier, he could use the Timber Legality Framework method (Option 3A). Mikhail also finds there is a State Specific Guideline for the state where the logs were harvested (Option 3B). He also notes that he can use the Regulated Risk Factors method (Option 3C). Because most of his logs will be certified under the Responsible Wood scheme, Mikhail decides to use the Timber Legality Framework method (Option 3A).
Each method requires you to come to a risk conclusion. You need to consider any other information you are aware of, or should know. This means you can’t ignore relevant information when coming to your risk conclusion.
Your risk conclusion needs to be reasonable and supported by the information that you have gathered. If audited, you may be asked to justify your risk conclusion.
Case Study
Chris operates a small sawmill and is approached by a local forestry contractor willing to sell him some sawlogs. Aware of his legal obligations, Chris asks the contractor for the information for his due diligence process and evidence of the logs’ legality. The contractor advises that the logs have come from a range of private sources in the region, and assures Chris they are all legally sourced. Chris is aware of reports of logs being stolen from local forests and recognises the logs are particularly cheap. Despite this, Chris has a good relationship with the contractor and decides to give him the benefit of the doubt. He records his risk decision as low-risk and processes the sawlogs.
Several months later, Chris is selected for a compliance audit. Undertaking its own assessment, the department may decide a reasonable person wouldn’t have concluded the sawlogs were low risk. In this situation, Chris may be found non-compliant and face further compliance action.
If, after using the method, you believe your product is low risk then you can process it. However, if your product represents a higher level of risk, you will need to take the risk mitigation steps set out in Step 4 (see below).
Additional resources are available to help with your risk assessment.
Option 3A: Timber Legality Framework
You can use this risk assessment method when the logs you are processing are certified under the:
In Australia, PEFC certified logs are likely to be certified under the Responsible Wood Certification Scheme.
This method recognises that the FSC and PEFC certification schemes provide rigorous forest management and chain of custody standards that consider risks of illegally logged timber.
If you use this method, you need to do two key things:
- Confirm your supplier and the logs you are processing are certified (see below).
- Consider the information gathered in Step 2 to determine if anything else suggests the logs have come from illegal sources.
If you can confirm that the logs are certified, and are not aware of any other information that suggests that they come from an illegal source, you can assess the risk as low and proceed with processing.
Acommon mistake is assuming that your logs are certified because your supplier is certified. A certified supplier can still deal in non-certified logs. There is also a risk that your supplier may be falsely claiming that their logs are certified.
If you find that your supplier or logs are not certified, you must choose a different risk assessment method (see option 3B or 3C).
Assessing if your logs are FSC or PEFC certified
This section outlines the key steps that you can take to assess if your products are FSC and PEFC certified. A downloadable version is also provided for your ongoing use and reference.
Step one: Check that the supplier’s certificate number is legitimate
Actions
Certified suppliers should have a unique FSC or PEFC certificate code or number quoted on their certificate.
You can verify this code or number by searching on the relevant scheme’s website:
Common problems and solutions
If the number or code has been typed incorrectly (and you cannot find it online) contact your supplier. Ask them to email you a link to the online certificate record. Or, contact the scheme and ask about the certificate codes given by the supplier.
Step two: Check your supplier is the certificate holder
Actions
When you have found the certificate details online, check that they match the details given by your supplier.
Common problems and solutions
If the details of your supplier do not match those on the certificate, you should ask about the authenticity of the certificate.
If your supplier has claimed the log is FSC or PEFC certified, but it is not their name on the certificate, there could be a problem. You need to get more information from your supplier, or the scheme.
Step three: Check the certificate is valid for the period of supply
Actions
The expiry date of the supplier’s certificate should be listed on the FSC or PEFC’s website. Check the certificate is valid for the period of supply.
Common problems and solutions
If the certificate appears to have expired or is currently suspended, you should ask why this has occurred. You may need to discuss this with the supplier or directly with the scheme.
Step four: Check the logs being supplied are listed on the certificate’s record
Actions
Certified suppliers can supply both certified and non-certified logs. You need to check that the logs being supplied are the same as what is on your supplier’s FSC or PEFC certificate.
Common problems and solutions
If the logs you are purchasing are not covered by your supplier’s certification, you should ask the supplier if there is a mistake on the record. If this is the case, you should also ask for written confirmation from the certification body.
Step five: Check the log supplied is the log that was promised
Actions
After completing all of the steps above and purchasing the log, there is a chance the supplier has not given you a certified log.
Common problems and solutions
Check your invoice(s) and delivery notes to ensure the certificate number is quoted. The product description should be the same as the log that is listed as FSC or PEFC certified.
Download the FSC/PEFC Risk Assessment
Documents | Pages | File size |
---|---|---|
Illegal logging FSC and PEFC risk assessment template PDF![]() |
2 | 407 KB |
Illegal logging FSC and PEFC risk assessment template DOCX![]() |
2 | 14 KB |
If you have difficulty accessing these files, visit web accessibility.
Option 3B: State Specific Guideline
You can use this risk assessment method when you are processing logs from an Australian state with a State Specific Guideline (SSG).
SSGs have been developed by the federal government with each state government. They help you understand:
- the legal frameworks that regulate timber harvesting in each state
- relevant documents you can seek to demonstrate legality
The SSGs may also provide helpful information on timber transportation and processing requirements.
In using a SSG, you need to:
- Confirm that your product is covered by a SSG.
- Compare the documents you gathered in Step 2 with those described in the SSG.
- Use all of the information and documents you have collected to decide if the product(s) you are importing are likely to include illegally logged timber.
Case Study
Khalil is doing due diligence for some sandalwood logs his company wants to buy. Having found that a State Specific Guideline (SSG) exists for the state of harvest, he downloads the relevant document. He then uses the SSG to identify and collect documentation to support the legality of the logs. Khalil also considers other information about the timber species, and the region of harvest, that may indicate the logs were illegally harvested. He discovers sandalwood is sometimes illegally logged and seeks further clarity from his supplier. The supplier confirms the sandalwood is plantation grown and was harvested legally. This claim is supported by the supplier’s purchasing system, which includes samples of invoices, certificates and permits. Khalil uses this evidence to support his low risk conclusion.
Assessing risk against a State Specific Guideline
This section outlines the key steps that you should take when using a SSG to support your risk assessment. A downloadable version is also provided for your ongoing use and reference.
Step one: Decide if a SSG applies to the product you are processing
Actions
Check that your logs are covered by a State Specific Guideline.
Step two: Assess the information you have gathered against the SSG
Actions
Compare the information and documents you have gathered from your supplier with those shown in the SSG.
If the SSG specifies other documents that you don’t have, you should try to obtain these as well.
Common problems and solutions
If your supplier cannot provide you with documentation, the SSG may help you determine where to find the right documents.
You do not need to gather all of the documents listed in the SSG – only those that are reasonably practicable to obtain (see definition in Step 2). However, you will need enough information to help you make a reasonable risk assessment.
Questions:
Have you checked the information, or obtained the documents that the SSG suggests could support that the harvest was legal?
Does the information you have gathered about your logs match the information and documentation in the SSG?
Step three: Assess the risk
Actions
Using all of the information and documents you have collected, you need to decide if the raw logs are likely to have been illegally logged.
In coming to your conclusion, you need to consider any other information that may indicate the logs could have been illegally harvested.
Common problems and solutions
SSGs may not show the latest developments in forestry laws. You may need to consult the websites of relevant agencies for updates.
Questions:
Are the documents collected genuine and have they been generated by the appropriate government entity or other body?
Are there any inconsistent or missing documents?
Is the timber the subject of a logging ban or restriction?
Have there been any media articles, third party reports, or government statements that would bring the legality of your product(s) into question?
Is there any other information you know or should know, that would call into question the legality of the product(s)?
Step four: Determine your risk assessment outcome
Actions
Once you have completed the steps above, you should be able to determine if the raw log is likely to have been illegally harvested.
If you have decided the risk is low, you have completed your risk assessment and can process the raw log.
Common problems and solutions
If your risk is higher than low, you need to do more due diligence. This is explained in Step 4 (below).
Download the State Specific Guideline Risk Assessment
Documents | Pages | File size |
---|---|---|
Illegal logging state specific guidelines risk assessment template PDF ![]() |
2 | 407 KB |
Illegal logging state specific guidelines risk assessment template DOCX ![]() |
2 | 14 KB |
If you have difficulty accessing these files, visit web accessibility.
Option 3C: Regulated Risk Factors
You can use this risk assessment option when processing any Australian grown raw logs.
This method requires you to:
- evaluate the information you gathered in Step 2
- assess the risk against the factors outlined below
By using the risk factors, you should be able to make an educated assessment of whether the logs are likely to have come from illegal sources.
If you have assessed the risk and decided that the log(s) are a low risk of being illegally harvested, you have completed your due diligence. You must document your risk conclusion and can then process the raw logs.
If you have assessed the risk as anything other than low, you must take additional actions to mitigate the risk before you are able to process the raw logs. This is explained in Step 4 (below).
In using the regulated risk factors, you may need to do additional research. There are additional resources to help with your risk assessment.
Case Study
Antonia is using the Regulated Risk Factors method (Option 3C) to conduct a risk assessment on some logs she plans to process. Working her way through the risk factors, Antonia uses several online resources to research whether illegal logging is a problem in the area of harvest, and whether the species of wood in the logs is regularly illegally logged. In doing her research, Antonia finds nothing to suggest the logs have come from illegal sources. Drawing on this research and the information she originally gathered from her supplier in Step 2, Antonia concludes her product is low risk. She records a low risk conclusion and arranges to purchase and process the logs.
Assessing risk against the regulated risk factors
This section outlines the regulated risk factors and provides some guidance on how they can be used to support your risk assessment. We have also included a downloadable template which can be used to record your use of the regulated risk factors.
Risk factor one: Is there much illegal logging in the area where the logs are harvested?
Action:
To answer this question, you need to know where your logs come from. If your supplier can’t tell you, this would be considered a higher risk of illegal logging.
Risk factor two: Is the species of the log often illegally harvested in this area?
Action:
Some species are more likely to be illegally logged. To answer this question, you need to know which species of timber you are processing. If the species does not grow in the area where the supplier says it came from, or the species is listed as ‘vulnerable’ or ‘threatened’, it may indicate a higher risk of illegal logging.
Risk factor three: Does any other information indicate that the logs were illegally logged?
Action:
Does any other information indicate that the timber was illegally logged?
This might include:
- potentially forged, inconsistent or missing documents
- the supplier is known to deal in illegally logged timber
- goods being sold significantly below the market rate
- appropriate taxes are not included in the price
- cash only, or lower price for goods without paperwork
- asked to pay a bribe
- unable to get rational answers to questions
Download the Regulated Risk Factors Assessment Template
Documents | Pages | File size |
---|---|---|
Regulated risk factors assessment template PDF ![]() |
1 | 415 KB |
Regulated risk factors assessment template DOCX ![]() |
1 | 30 KB |
If you have difficulty accessing these files, visit web accessibility.
Step 4: Risk mitigation
If you come to the conclusion that the logs are not low risk, you need to take reasonable steps to reduce the risk before you process them.
How you mitigate the risk is up to you. It will depend on your individual circumstances.
You may need to do more research, such as:
- ask for more evidence or information from your supplier
- ask your supplier for a certified alternative
- visit your supplier to learn more about their supply chains
- start a regular audit process
You may need to consider sourcing different logs, or even changing suppliers.
Regardless of the steps you take, your mitigation efforts need to be adequate and relative to the identified risk.
Once you are satisfied that you have reduced the risk to a low level of being illegally harvested, you must keep your records to show the steps you have taken.
If you cannot reduce the risk to low, you should not process the raw log. If you do process the log, and it is later found to have been illegally harvested, you could face serious penalties.
Step 5: Keep records
You must keep records covering all the steps you took in the due diligence process. Records can be kept digitally or on paper. They must be maintained for at least five years after processing.
Your records should clearly state:
- your due diligence system (Step 1)
- the information gathered (Step 2)
- your risk assessment process and conclusion (Step 3)
- any extra ways you attempted to reduce the risk (Step 4)
We may audit your records. Learn more about our compliance audits.
Questions and answers
Do I need to lodge my due diligence information with the department?
No. You do not have submit your due diligence information to the department each time you process a domestically grown raw log. However, this information must be available if you are approached by the department in the future for compliance purposes and you must keep a written record of your due diligence process.
Do I need to conduct due diligence for each consignment that I import or process?
This will depend on your individual circumstances. The department recognises that some processors may be able to establish a due diligence system for regularly processed logs on a supplier basis rather than an individual import basis. Such an approach would generally be used where you are regularly sourcing the same sort of logs from a consistent and trusted supplier.
My supplier has provided me with a written statement that the product is legal. Is this sufficient?
No. While such a statement can help inform your risk assessment, in most cases it is not sufficient evidence to satisfy your due diligence requirements.
Get updates
To receive updates, guidance, and information about upcoming events, subscribe to our illegal logging mailing list.