We follow the NEPCon Risk Assessment Development & Revision Procedure.
Here’s how we carry out our timber risk assessments.
A. We use the FSC framework as the basis for the assessment
We have followed the FSC requirements as provided in this procedure for all risk assessments, whether FSC have hired NEPCon as a consultant for that risk assessment or not.
The EU Timber regulation requires companies to consider five broad categories of law as part of a due diligence system, but does not detail all the specifics of the laws which could be relevant to the legality of a supply chain.
When the EUTR came into force in 2013, the Forest Stewardship Council aligned its requirements to the EUTR to further define the areas of law relevant to the harvest, transport and trade of forest products. Based on that, 21 sub categories which we deem relevant to the legality of a timber supply chain were identified. These 21 sub-categories cover the scope of the definitions for legal/illegal timber contained in the EU Timber Regulation, the US Lacey Act and the Australian Illegal Logging Prohibition Act.
Here is the final list of categories and sub-categories of law:
B. We select the countries to assess (mainly determined by FSC, but some additional of our own)
In the first phase of our risk assessment work, FSC engaged NEPCon to carry out 20 country risk assessments for the top twenty countries where ‘controlled wood’ is sourced. These countries were: Belgium, Canada, Czech Republic, Estonia, Ireland, Latvia, Lithuania, Spain, USA, Austria, Brazil, Finland, France, India, Japan, Poland, Russia, Slovakia, South Africa and Sweden.
Since that time, we have conducted further national assessments for FSC, and additionally other countries as part of our various timber legality projects.
C. We carry out the risk assessments
For each country, we recruit a local expert to do the first draft of the assessment. NEPCon experts review the draft and collaborate with the country experts in reviewing an revising the draft to ensure it accurately reflects the country situation.
Step C1: We identify which of the 21 areas of law apply to the country in question and identify the timber source types
The EU Timber Regulation requires companies to minimise the risk of placing timber that was harvested, transported or traded illegally in its country of origin, on the EU market. FSC requirements focus on identification of the applicable laws and their enforcement. Not all countries have legal requirements for all 21 sub-categories, for example, many countries do not use a concession licensing system (sub-category 2). If no legislation exists covering a specific issue, there can be no risk of legal violations.
Where legal requirements do exist, we identify applicable laws and regulations related to the applicable sub-categories. Where relevant, we use the FSC-endorsed forest management standards or interim forest management standards as a starting point, as they include an annex with a list of applicable legislation. Often, this requires extensive research into the legal systems of the country we are assessing, including by speaking to legal experts. Where possible, we provide links to legislation or regulation, and reference the specific clauses or sections that we refer to.
We identify the different forest source types in the country – types of forest that have different risk profiles, and present our results by source type. We believe this to be one of the main strengths of our risk assessments – that our results are not just a national average, but are broken down into categories that are relevant to you.
Step C2: We identify the relevant legal authorities
We identify all legal authorities responsible for monitoring and enforcing applicable legislation.
Step C3: We identify all legally required documents
Specific documents are often required to be in compliance with laws, such as harvest licenses, tax registration forms and environmental impact assessments. We detail these required documents.
Step C4: We identify reliable sources of information
Our information comes from governments as well as non-governmental sources. Where relevant, we include information from Voluntary Partnership Agreements. We use these sources to verify the risk assessment findings and for additional details on the findings.
Step C5: We describe the risk of illegality
We describe what is required by law for the indicator, for example, that harvesting permits have been issued by the relevant authority. For each legal requirement, we analyse the risk that the requirements are not complied with.
The list of sources we consult to determine the risk of illegality in each of the relevant areas of law includes:
- Chatham House: http://www.illegal-logging.info/
- ELDIS regional and country profiles: http://www.eldis.org
- Environmental Investigation Agency: http://www.eia-international.org
- EU FLEGT process: http://ec.europa.eu/comm/development/body/theme/forest/initiative/index_en.htm
- Forest Legality Alliance: http://www.forestlegality.org/
- Government reports and assessments of compliance with related laws and regulations, for example, many countries report on infringements and penalties
- Independent reports and assessments of compliance with related laws and regulations, e.g., the Royal Institute of International Affairs
- Interpol: http://www.interpol.int/Crime-areas/Environmental-crime/Projects/Project-LEAF
- Justice tribunal records
- National statistical reports
- Public summaries of FSC forest management certification reports published at info.fsc.org (information on legal areas where non-compliances have been identified during the certification process that are likely to be common for non-certified operations)
- Public summaries of other third party forest legality certification/verification systems
- Stakeholder and expert consultation, including in-country meetings with experts
- Transparency International Corruption Perceptions Index: http://www.transparency.org/policy_research/surveys_indices/cpi
- World Bank Worldwide Governance Indicators: http://data.worldbank.org/datacatalog/worldwide-governance-indicators
We consider instances of illegality that fall into the following categories to be low risk:
- Temporary
- Unusual or non-systematic
- Limited in their impact
- Effectively controlled by monitoring and enforcement by efficient and effective government agencies
We consider instances of illegality that fall into the following categories to be specified risk:
- Affects a wide area and/or causes significant damage and/or continues over a long period of time.
- Indicates the absence or break down of enforcement of the legal system.
- Is not corrected or adequately responded to when identified.
- Has a significant negative impact on society, the production of forest products and other services, the forest ecosystem and the people directly and indirectly affected by forest operations.
Step C6: We make a conclusion as to the risk of illegality
Based on the information above, we make a conclusion as to whether each of the relevant legal requirements should be considered ‘low’ risk or ‘specified’ risk (i.e. not low). We do this for each area of risk, for each of the different forest source types, for each of the countries. In each case, we provide a justification for our conclusion.
Step C7: We identify steps that could be taken to mitigate the identified risks
The steps that could be taken to mitigate the risk of illegality depend on which areas were identified as being at risk of legal breach. The risk mitigation recommendations include advice on how to work out if the identified risk is present in a supply chain, where the risk is present, and what to do to control that risk. Some risks can be verified as being legal by a field visit to the harvesting sites. Other risks can be verified as being legal based on document control. Risk mitigation is required by both the EUTR and the Australian Illegal Logging Prevention Act. For the purposes of FSC Controlled Wood, the mitigation measures included in FSC risk assessments are not mandatory, unless otherwise stated in these documents.
D. We check, summarise and translate the risk assessments and submit to FSC for approval
Some risk assessments were conducted in a local language up until this point. For these assessments, we translate the risk assessments into English at this stage. We then edit the risk assessments to make sure the language is clear and understandable.
Risk assessments that were funded by and done for FSC are sent out for the formal FSC public stakeholder consultation, conducted either by the FSC national partner or FSC International. Other risk assessments (Non-FSC funded) include a more thorough stakeholder consultation as part of the drafting process. NEPCon’s senior legality experts then review the risk assessments for the final quality assurance check.
We submit risk assessment done for FSC to FSC, where it undergoes quality review, and is approved accordingly. Upon approval, FSC publishes the risk assessments on FSC Document Center.
E. We publish the risk assessments and invite further feedback
We publish the risk assessments on www.nepcon.org/sourcinghub
Original FSC risk assessments are published on FSC Document Center.
We are always looking for input and feedback on our risk assessment. If you have comments on any of the risk assessments, including the legislation mentioned, the risk conclusions, or feel that there are risks or mitigation measures that we have got wrong or overlooked, please get in touch with us either via the feedback form on the NEPCon Sourcing Hub or directly by email at sourcinghub@nepcon.org We will update the risk assessments with any new information that we receive and can verify.
We view the risk assessments as living documents, always needing further evidence, information and updates. We hope you will partner with us to make them as useful and relevant possible.
We are seeking funding to both expand the number of countries we cover and to keep the risk assessments up to date.
