Overview

LBMA receives an audit report from a Good Delivery List (GDL) refiner for its previous 12 months’ production. For example, during 2020, LBMA reviewed audit reports for 2019 production. Audit reports for each year’s production are due within three months of the GDL refiner’s financial year end.

Mandatory audit deliverables submitted to LBMA:

  • Refiner’s Compliance Report (Public)
  • Independent Assurance Report (Public)
  • Management Report (Confidential)
  • Country of Origin Annex (Confidential)
  • Corrective Action Plan (if required).

In compliance with the OECD Due Diligence Guidance, Step 5 (reporting on independent third-party audits), refiners are required to submit to LBMA, and make publicly available, the Refiner’s Compliance Report and related Independent Assurance Report, in accordance with the ISAE 3000 standard.

LBMA is working on enhancing refiner reporting (Disclosure Guidance) on a phased-in basis beginning in 2022, so as to increase the quality and level of information publicly disclosed. The Disclosure Guidance aims to improve GDL refiner disclosure and reporting practices, seeking greater alignment with the OECD Step 5 requirements on public annual reporting, and more open and robust communication by the industry in general.

Refiner’s Compliance Report

GDL refiners are required to publicly report on their compliance for activities over a 12-month reporting period in the Refiner’s Compliance Report, with appropriate regard for security, proprietary information and the legal rights of the other supply chain actors. The Compliance Report should include a conclusion statement on overall compliance and state any non-compliance (other than low-risk deviations from conformance) that may have been identified during the audit process. The descriptions of the activities and conclusions contained within the Compliance Report are the subject of independent assurance.

Independent Assurance Report

The Independent Assurance Report is prepared by the third-party auditor and discloses details of the assurance engagement and the assurance conclusion.

The auditor may include an Emphasis of Matter paragraph to draw attention to the item(s) already disclosed in the Refiner’s Compliance Report.

Management Report

The Management Report issued by the auditor is the formal mechanism for communicating observations to the refiner. The Management Report should include details on assurance findings and may also include specific observations with respect to the refiner’s Corrective Action Plan and implementation progress.

Country of Origin Annex

The Country of Origin Annex lists the countries of origin and amounts of mined and recycled material received during the audit period, and is independently verified by the third-party auditor. The Annex is confidential and, whilst available to LBMA, is not disclosed publicly. The data is collated and aggregated, and then published.

Corrective Action Plan

A Corrective Action Plan must be submitted if medium-risk or high-risk non-compliances are identified during the audit process. Refiners may also include low-risk non-conformances in the Corrective Action Plan to demonstrate a commitment to continuous improvement. The Corrective Action Plan should be reviewed by the auditor as part of their assurance testing.

Risk Categorisation

The risk categorisation supports the LBMA review of all audit reports.

The risk categories are either objective, subjective or a combination of both. LBMA will use the risk matrix to help with the review of each refiner and the audit reports. It should be noted that various categories will be reviewed together to determine the overall risk profile of the refiner and should not be read in isolation.

For example, a refiner’s throughput might be low, but the material might be sourced from high-risk jurisdictions and therefore LBMA will determine the refiner to have a high-risk business model.

Refiner Risk Categorisation

LBMA has developed an internal tool to determine the appropriate level of scrutiny. The rationale behind the risk categories and their rating (low, medium or high) is described below. A high-risk rating or a combination of medium risk ratings will require enhanced scrutiny.