Scope

This document specifies the mandatory structure of every audit report issued by Trading Integrity Bureau (TIB), the conventions for presenting evidence and findings, the determination scale to be used, the classification of confidentiality, and the requirements for publication to the TIB Public Registry.

Application

This Framework applies to every verification engagement conducted under the TIB name, regardless of engagement type, jurisdiction, or scope. It is binding on TIB. It is incorporated by reference into every Engagement Agreement and forms part of the documented basis for the issuance of any Determination.

Out of scope

This Framework does not:

• Define the substantive criteria evaluated in an engagement — those are published in the universal Integrity Standards (TIB-IS) and the type-specific modules;
• Define how an engagement is conducted — that is published in the Verification Methodology (TIB-MTH);
• Bind any party other than TIB to its requirements; reference to the Framework by external parties does not create rights enforceable by them.

Normative references

The following documents are referred to in the body of this Framework in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition (including any amendments) applies.

• TIB-IS-1.0 — TIB Integrity Standards. (Standards)
• TIB-MTH-1.0 — TIB Verification Methodology. (Methodology)
• TIB-GOV-1.0 — TIB Team & Governance. (Governance)
• TIB-LGD-1.0 — TIB Legal & Disclosures. (Legal)
• TIB-PRV-1.0 — TIB Privacy Policy. (Privacy)
• TIB-TOS-1.0 — TIB Terms of Service. (Terms)

External standards adopted with adaptation are listed in Annex A and described in detail in the published Conformance Statement.

Terms and definitions

For the purposes of this document, the terms and definitions given in TIB-TOS-1.0 § 2, TIB-MTH-1.0 § 2, and TIB-IS-1.0 apply. The full TIB glossary is published at /framework/glossary/ and contains the consolidated definitions used across the TIB Standards Library.

Specific terms used in this Framework

• Audit Report — the formal document recording the conduct and outcome of a verification engagement.
• Public Report — the redacted version of the Audit Report published to the Public Registry, where the Determination permits publication.
• Confidential Report — the full Audit Report delivered to the Firm, including evidence references and reviewer working observations.
• Finding — a discrete, evidenced observation against a criterion, classified in accordance with § 14.
• Determination — the conclusion of an engagement at criterion, pillar, and overall level, expressed on the scale in § 13.
• Material, in relation to a Finding — reasonably likely to affect a participant decision, expose a participant to unreimbursable loss, breach a binding commitment, or indicate a systemic control weakness.
• Pillar — one of the six universal evaluation pillars defined in TIB-IS-1.0.
• Module — a type-specific extension to the universal Standards listed in § 23.

Authority and binding effect

On TIB

This Framework binds TIB. Every Audit Report issued under the TIB name shall conform to its requirements. Variations are permitted only where (a) expressly identified as a "Limited-scope departure", (b) supported by a reasoned justification recorded in the working file, and (c) noted in the Public Report.

On Firms

This Framework does not impose obligations on Firms. The Firm's obligations arise under the executed Engagement Agreement, which incorporates the Framework by reference.

Inconsistency rule

Hierarchy of documents

Where conflict arises between TIB-published standards in respect of a specific engagement, precedence is taken in the following order: (1) the Engagement Agreement; (2) the universal Standards (TIB-IS) and applicable type-specific modules; (3) the Methodology (TIB-MTH); (4) this Framework (TIB-FRM); (5) other TIB-published documents.

Document identifier scheme

Every Audit Report shall carry a unique identifier of the form:

TIB·{YYYY}·{TYPE}·{SEQ}

Component	Definition	Format	Example
TIB	Issuer prefix	Fixed	TIB
YYYY	Year of issue	Four digits	2026
TYPE	Engagement type code	Two characters — FV Full verification · LS Limited-scope · RA Re-assessment · RV Revocation · PI Public-Information Assessment	FV
SEQ	Sequential number	Four digits, zero-padded	0001

Identifiers for engagement-based Reports (FV, LS, RA, RV) are issued at the moment the Engagement Agreement is signed. PI Assessments are issued at scoping commencement and are clearly distinguished from engagement-based Reports per § 27. Identifiers are immutable. Re-issue or material amendment produces a new identifier with the prior identifier referenced under "Supersedes".

Mandatory report sections

Every Audit Report shall contain the following sections in the order shown. Sections marked Public appear in both the Confidential Report and the Public Report; sections marked Confidential appear in the Confidential Report only.

#	Section	Confidential	Public	Spec
01	Cover Page	Yes	Yes	§ 7
02	Executive Summary	Yes	Yes	§ 8
03	Entity Profile	Yes	Yes	§ 9
04	Engagement Scope	Yes	Yes	§ 10
05	Methodology Statement	Yes	Yes	§ 11
06	Pillar Findings (six sub-sections)	Yes	Summary only	§ 12
07	Determination	Yes	Yes	§ 13
08	Findings Schedule	Yes	Yes	§ 14
09	Evidence Ledger	Yes	No	§ 16
10	Remediation Tracking	Yes	Where applicable	§ 17
11	Limitations and Disclaimers	Yes	Yes	§ 18
12	Authorisation	Yes	Yes	§ 19

Cover page

The Cover Page shall present the engagement at a glance for an institutional reader.

Required fields

• Document identifier in accordance with § 5;
• Document classification (Confidential or Public);
• Firm display name (or anonymised reference for revoked entries pre-publication);
• Engagement type and applicable type-specific module(s);
• Universal Standards version applied (e.g. TIB-IS v1.0) and any module versions;
• Date of issue, Effective date, Next scheduled review date;
• Headline Determination in the form prescribed by § 13;
• Statement of independence with cross-reference to TIB-GOV-1.0 § 5;
• Distribution statement.

Prohibited content

• Use of titles or descriptions implying regulatory authority (e.g. "Authority", "Regulator");
• The Verified Mark in the cover badge prior to issue of a Pass or Conditional Determination;
• Marketing copy, taglines, or aspirational language;
• Any composite numerical score;
• Logos of third parties not party to the engagement.

Executive summary

The Executive Summary shall be one page maximum, written in plain language for non-specialist readers.

Required content

• Headline Determination — one of the values in § 13, presented prominently;
• Pillar grid — six pillars (TIB-IS.1 through TIB-IS.6) with criterion-level Determinations rendered as Pass / Conditional / Fail badges in accordance with § 22;
• Module grid — where applicable, type-specific module criteria with Determinations;
• Material Findings — up to five Findings classified Material per § 14;
• Effective date and next scheduled review;
• Cross-reference to the Limitations section under § 18.

Prohibited content

• Composite numerical scores or rankings (the Determination scale is exhaustive);
• Adjectival qualifiers beyond Pass / Conditional / Fail (no "Excellent", "Strong", "Above average", "Top quartile", etc.);
• Comparison to other Firms in the Executive Summary itself; sector benchmarking, where relied upon, is confined to a clearly labelled informative annex;
• Recommendations to participants regarding the Firm.

Entity profile

The Entity Profile shall be presented as a structured table without narrative editorial.

Required fields

• Legal name (and trading name if different);
• Jurisdiction of incorporation, registration number, registered office;
• Group structure where the Firm is part of a wider group, including a related-party disclosure;
• Regulatory status declared by the Firm in any jurisdiction, with caveats where TIB has not independently verified status;
• Principal address and business contact for the engagement;
• Beneficial-ownership disclosure to the extent permitted by law.

Engagement scope

The Engagement Scope section shall record precisely what was and was not in scope.

Required content

• Engagement type (Full / Limited-scope / Re-assessment / Revocation);
• Pillars in scope — for limited-scope engagements, an explicit list with the omitted pillars also enumerated;
• Type-specific modules invoked (PF, BR, AM, HF, EX, CU);
• Products, programmes, venues, or jurisdictions in scope;
• Standards version applied;
• Engagement window (start and end of evidence-gathering phase);
• Material exclusions (e.g. internal financial statements not within scope; retail-marketing material outside the Firm's primary jurisdiction).

Methodology statement

The Methodology Statement shall cross-reference rather than duplicate.

Required content

• Reference to Methodology TIB-MTH-1.0 and any module references;
• Description of the four engagement phases as applied (Scoping / Evidence gathering / Assessment / Publication);
• Categories of evidence sources consulted (specific sources in the Confidential Report only);
• Sampling approach where used, with the sampling rationale;
• Statement of two-reviewer compliance and reviewer-independence declaration reference.

Pillar findings

The Pillar Findings section shall contain six sub-sections, one per pillar, in the order published in TIB-IS-1.0 (TIB-IS.1 Governance through TIB-IS.6 Disclosure & Conduct). Where type-specific modules are invoked, criteria from those modules are presented in dedicated sub-sections after the universal pillar findings.

Required structure per pillar sub-section

• Pillar header with pillar code, name, and pillar-level Determination;
• Criterion grid — every binding criterion in the pillar with its individual Determination (Pass / Conditional / Fail);
• Evidence references — abbreviated in the Public Report (e.g. EV-12, EV-15); full in the Confidential Report;
• Findings narrative — concise narrative explaining the basis for the pillar Determination;
• Conditional items — if any criterion is Conditional, the remediation specification per § 17.

Prohibited

• Pillar-level numerical scores (e.g. "84/100"); pillar Determinations are categorical only;
• Editorial qualifications softening or strengthening a Determination beyond what the evidence supports.

Determination scale

The Framework adopts the Determination scale published in the Methodology, § 7. The scale is exhaustive; no other values are permitted.

Criterion and pillar level

Overall Registry status

Status	Required pillar profile	Public Registry effect
Verified	All in-scope pillars at Pass.	Listed; Verified Mark licensed.
Conditional	All in-scope pillars at Pass or Conditional, with at least one at Conditional and a remediation plan.	Listed with Conditional marker and remediation deadline.
Not Verified	One or more pillars at Fail.	Not listed; reason recorded internally.
Revoked	Previously Verified or Conditional Determination withdrawn after issue.	Retained in registry history with Revoked marker and effective date of revocation.

Findings classification

Every observation in a Report shall be classified under one of four categories.

Class	Definition	Effect on Determination	Public Report visibility
Strength	Practice that exceeds the criterion floor in a way relevant to participants.	None.	Up to five surfaced in Executive Summary.
Observation	Note recording a fact or context, not amounting to a deficiency.	None.	Summarised in pillar narrative.
Conditional Item	Deficiency capable of remediation within an agreed window.	Pillar Determination set to Conditional until remediation evidenced.	Listed with deadline.
Material Finding	Deficiency that, on a reasonable view, affects participant outcomes or controls integrity.	Pillar Determination set to Fail unless remediated within engagement window.	Surfaced in Executive Summary.

Evidence standards

Evidence relied upon in support of a Determination shall meet the hierarchy published in Methodology, § 5. The Framework records the presentation conventions only.

Source hierarchy (preference order)

1. Primary system evidence — direct extracts from production systems (logs, ledgers, telemetry), preferably under TIB-supervised collection.
2. Contemporaneous documentation — policies, board minutes, register entries, dated and version-controlled.
3. Third-party confirmations — custodian statements, auditor letters, counterparty acknowledgements.
4. Management representations — used only to corroborate and contextualise items above; not relied upon as primary evidence for Material Findings.

Detailed evidence-quality conventions are set out in Annex D.

Evidence ledger

The Evidence Ledger appears in the Confidential Report only. It is presented as a tabular schedule with one row per Evidence Item.

Required columns

• Evidence ID (EV-{NNN}) — sequential within the engagement;
• Source (system, document type, third-party confirmation);
• Date of collection;
• Method of collection (TIB-supervised extract, Firm-supplied, third-party direct);
• Hash where electronic and applicable;
• Criterion or criteria addressed;
• Reviewer initials.

The Evidence Ledger is retained in accordance with the Privacy Policy, § 9.

Remediation tracking

Where any criterion is Conditional, the Report shall specify the remediation plan with sufficient precision for re-assessment.

Required fields per Conditional item

• Description of the deficiency (concise);
• Required remediation (specific, observable, evidenceable);
• Remediation deadline (typically 90 days from issue; longer windows require recorded justification);
• Method of confirmation (re-evidence, follow-up review, third-party confirmation);
• Owner identified by role (not by name in the Public Report);
• Consequence of failure to remediate — Determination updated to Fail; Registry entry adjusted to Not Verified.

Limitations and disclaimers

Every Report shall contain a Limitations section addressing:

• The point-in-time nature of the Determination;
• Reliance on Firm-supplied evidence and the controls TIB applied to it;
• Sampling caveats where applicable;
• Scope exclusions (matters outside the Standards or applicable modules);
• Statement that the Determination is not a regulatory licence, warranty of future conduct, recommendation, or insurance.

The Disclaimers sub-section shall reproduce, verbatim, the standard disclosure block published at TIB-LGD-1.0 § 4 (No advice, no solicitation) and § 5 (Nature and scope of verifications).

Authorisation

Every Report shall be authorised by:

• The two assigned Reviewers (co-signed Determination);
• The Engagement Lead (issuance authorisation);
• The Head of Verification (or designated alternate) for issuance to the Registry.

Where the named role-holders have not yet been publicly disclosed, the Report carries the role title only, and the Confidential Report records the named individual under separate cover. Public role-holders, when disclosed, are listed at /team/.

Publication and registry

On issue of a Verified or Conditional Determination, the following are published to the Public Registry within five (5) business days:

• Public Report at the canonical URL registry.integritybureau.org/firm/?id={slug};
• Pillar grid with criterion-level Determinations;
• Effective date, Standards version, scope, next scheduled review;
• Plain-language summary;
• Limitations and disclaimers cross-reference.

For Not Verified or Revoked outcomes, publication procedure follows the Methodology, § 10 (pre-publication notice and right of factual reply).

Confidentiality

Reports shall use exactly two confidentiality classifications.

Classification	Distribution	Visual marker
Confidential	The Firm and TIB only. Disclosure to third parties only with the express written consent of both parties.	"Confidential" watermark on every page; red Cover Page classification badge.
Public	Published in the Public Registry. Free for journalistic, academic, and informational use with attribution.	No watermark; green Cover Page classification badge.

Use of marketing terms such as "Sensitive", "Restricted", or "Internal Use" is prohibited.

Visual conventions

Reports shall use the TIB visual identity and conventions defined below.

Typography

• Body and headings: Switzer (or system-equivalent if Switzer is unavailable).
• Identifiers, IDs, codes: ui-monospace.
• Defined terms in body text: small-caps with letter-spacing 0.02em.

Determination palette

• Pass: green family (#10b981 / background #ecfdf5).
• Conditional: amber family (#d97706 / background #fffbeb).
• Fail: red family (#dc2626 / background #fef2f2).

Codes

• Universal pillar codes: TIB-IS.{pillar}.{letter} (e.g. TIB-IS.4.B).
• Module criterion codes: {TYPE}-{N} (e.g. PF-7).
• Evidence IDs: EV-{NNN}.

Charts and visualisations

• Permitted where they communicate the underlying data faithfully.
• Composite scores rendered as gauges, dials, single numbers, or radar charts that imply ranking are prohibited.

Type-specific modules

The universal Standards (TIB-IS) and the universal report sections of this Framework apply to every engagement. Each entity type additionally invokes a type-specific module that adds binding criteria, evidence pathways, and reporting requirements unique to that entity's operations.

Module catalogue

Entity type	Module ID	Reference
Proprietary trading firms	TIB-FRM-PF-1.0	/framework/prop-firms/
Brokers & dealers	TIB-FRM-BR-1.0	/framework/brokers/
Asset managers	TIB-FRM-AM-1.0	/framework/asset-managers/
Hedge funds	TIB-FRM-HF-1.0	/framework/hedge-funds/
Exchanges & trading venues	TIB-FRM-EX-1.0	/framework/exchanges/
Custodians	TIB-FRM-CU-1.0	/framework/custodians/

Application rules

• The applicable module is determined at the Scoping phase and recorded in the Engagement Agreement;
• Module criteria are added to the universal pillar grid — not in place of it;
• Module versions are tracked independently; an engagement uses the module version current at Scoping;
• Where an entity straddles two types (e.g. a broker that also operates a funded-trader programme), both modules are invoked and the Public Report records both module IDs;
• Modules add scope; they never relax universal criteria.

Conformance

The TIB Standards Library is published in conformance with internationally recognised auditing-standard architecture, with adaptations appropriate to the verification context. The detailed conformance statement is published at /framework/conformance/. A summary follows.

Reference	Adopted	Adapted	Departed
ISO 19011:2018 — Guidelines for auditing management systems	Yes	Partial	—
IFAC Code of Ethics — independence, objectivity	Yes	—	—
IIA International Standards — performance and attribute	Yes	Partial	—
IOSCO Objectives and Principles of Securities Regulation	Partial	Yes	—
BCBS — Compliance and the compliance function in banks	Partial	Yes	—
COSO Internal Control — Integrated Framework	Partial	Yes	—

Adopted — aligned without material adaptation. Adapted — principles incorporated with adjustments documented in the Conformance Statement. Departed — the published standard is expressly not followed; rationale recorded.

Quality assurance

Reports issued under this Framework are subject to the quality controls published in TIB-GOV-1.0 § 12, including:

• Working-paper review by personnel not involved in the engagement;
• Periodic file sampling for adherence to Methodology and Framework;
• Annual Standards Committee review of the Framework;
• Post-revocation review of every revoked Determination for lessons learned.

Public-Information Assessments (PI)

A Public-Information Assessment (PI) is an indicative assessment of a Firm conducted on the basis of publicly available information only, without a signed Engagement Agreement. PI Assessments coexist alongside engagement-based Reports (FV, LS, RA, RV) but are subject to distinct procedural and presentational requirements set out in this section.

27.1 Purpose

PI Assessments serve to (a) demonstrate the application of TIB Methodology to firms whose engagement is invited but not yet executed; (b) maintain Registry coverage of publicly notable firms in the proprietary trading and adjacent sectors; (c) provide a transparent indicative reference point for participants and counterparties pending formal engagement.

27.2 Lawful basis and protections

PI Assessments are issued in reliance on the following legal protections:

• Truth defence — every factual claim in a PI Assessment is supported by a quoted public source with URL and access date;
• Honest opinion / fair comment — interpretive observations are explicitly labelled as indicative and grounded in the published TIB Methodology;
• Public interest — assessments concern firms operating in cross-border financial-adjacent activity affecting consumer / participant outcomes;
• Equal-treatment principle — the same Methodology and criteria are applied to every Firm assessed under PI;
• Nominative fair use of the Firm's name, used only as necessary to identify the subject of the Assessment; no Firm logo, brand mark, or visual identity is reproduced;
• Right of pre-publication reply — per § 27.5;
• Take-down on demonstrated material error — per § 27.6.

27.3 Distinctions from engagement-based Reports

Element	Engagement Reports (FV / LS / RA / RV)	Public-Information Assessment (PI)
Engagement basis	Signed Engagement Agreement	None — unsolicited or invited
Evidence basis	Public + private (data-room) + TIB-supervised	Public information only
Reviewer rule	Two-Reviewer (TIB-MTH § 6)	Single Reviewer + Engagement Lead approval
Determination scale	Pass / Conditional / Fail; overall Verified / Conditional / Not Verified / Revoked	PI-Pass / PI-Conditional / PI-Concern (indicative); overall PI-Indicative
Verified Mark licence	Issued on Verified or Conditional	Not issued
Registry visual	Verified (green) / Conditional (amber)	PI marker (blue) with disclaimer banner
Re-assessment cadence	Annual or as scheduled in Agreement	Annual; or earlier on Firm-supplied factual update

27.4 PI Determination scale

PI Determinations are categorical and indicative. The PI scale is exhaustive; numerical scoring or adjectival ladders are prohibited under the same rule as § 13.

• PI-Pass — public-information evidence is consistent with satisfaction of the criterion or pillar at the time of assessment;
• PI-Conditional — public-information evidence shows a deficiency capable of remediation through editorial / filing actions visible in public sources;
• PI-Concern — public-information evidence shows a structural or material deficiency that would require formal engagement to confirm or refute;
• PI-Insufficient evidence — public information does not permit a determination on the criterion (recorded; not adverse).

The overall PI status of a Firm is recorded as PI-Indicative with a one-line summary of pillar-level outcomes. PI status does not constitute Verified or Conditional under § 13.

27.5 Right of pre-publication reply

Before publication of a PI Assessment to the Registry, TIB shall:

1. Issue a written Notice of Pre-Publication to the Firm at the most appropriate publicly disclosed contact (compliance, legal, or general business address);
2. Attach the draft PI Assessment in full;
3. Allow a window of fourteen (14) calendar days for the Firm to submit factual corrections, supporting documents, or a substantive reply;
4. Consider all factual corrections supported by evidence and amend the Assessment accordingly;
5. Where the Firm declines to engage or fails to respond within the window, publish the Assessment as drafted, recording the Firm's non-response in the Methodology Statement;
6. Where the Firm provides a substantive reply that does not change findings, append the reply (or a Firm-approved summary) to the published Assessment.

27.6 Take-down and correction policy

A published PI Assessment is subject to correction or removal where:

• The Firm demonstrates that a specific finding rests on a factual error in TIB's evidence (correction issued within 5 business days; revision noted in changelog);
• The public source on which a finding rests has been amended or removed and the underlying issue no longer exists (re-assessment within 14 days);
• The Firm enters into a formal Engagement Agreement converting the assessment into a FV, LS, or RA Report (PI Assessment retained in archive but superseded);
• A court of competent jurisdiction orders removal (immediate compliance with order; right of appeal preserved).

27.7 Conversion to engagement-based Report

A PI Assessment may be converted to an engagement-based Report on execution of an Engagement Agreement. On conversion: the PI identifier is retained in the Report's "Supersedes" field; private evidence collected during the engagement is added to the working file; the engagement-based Report supersedes the PI Assessment in the Registry.

27.8 Pricing and fees

PI Assessments may be issued (a) unsolicited — no fee, at TIB's editorial discretion; (b) invited — commissioned by the Firm at published rates per the Pricing page. Fee payment for invited PI does not vary the methodology, the criteria applied, or the indicative outcome.

Updates and changelog

This Framework is reviewed at least annually. Each version is identified by a document code (TIB-FRM-x.y) and an Effective Date. Engagements in flight at the time of an update continue under the version stated in their Engagement Agreement. Type-specific modules are versioned independently; the active versions at Scoping are recorded in the Engagement Agreement.

Version	Effective	Approved by	Notes
TIB-FRM-1.1	16 April 2026	TIB Standards Committee	Added Section 27 (Public-Information Assessments); added PI engagement type code; added PI Determination scale (PI-Pass / PI-Conditional / PI-Concern / PI-Insufficient evidence); added pre-publication notice and take-down policy.
TIB-FRM-1.0	16 April 2026	TIB Standards Committee	Initial publication. 26 sections + 5 annexes; Pass / Conditional / Fail Determination scale only; no composite scoring; six type-specific modules introduced.