What is Intellectual Property Risk Management? It is the process of identifying, analyzing and responding to risk factors related to IP throughout the life of an IP right. Proper risk management implies control of possible future events and is proactive rather than reactive. Proper IP Risk Management will reduce not only the likelihood of an adverse event occurring, but also the magnitude of its impact on the business. If risk management is set up as a continuous, disciplined process of problem identification and resolution, then the system will easily supplement other systems. This includes; organization, planning and budgeting, and cost control. Surprises will be diminished because emphasis will now be on proactive rather than reactive management.
IPEG consultant Donal O’Connell has done extensive research on IP Risk Management. In this first part he deals with the source of IP risks: where do IP related risks originate? In the second part he will analyze IP Risk Management using seven case studies showing the impact of risk management (or the lack of it).
IP Risk – What are they?
By its very nature, there are both rewards and risks associated with intellectual property (IP). Risk is the chance of something going wrong and the danger that damage or loss will occur with detrimental or harmful effects for the organization or company. Risk management is the process of analyzing exposure to risk and determining how best to then handle such exposure. Of course, not all IP risks are the same and they may be broken down into a variety of different categories. One such category is ‘origin’ namely identifying from where the IP related risk comes.
Where do IP related risks originate?
Companies and organizations face IP related risks from a multitude of sources, namely:
- from within the organization itself
- from entities in the eco-system of the organization
- from competitors
- from independent 3rd parties
- from Governments entities
- from illegal entities
- from the organization’s own network of IP Service & Solution Providers
In this blog we explore each of these in more detail giving real life examples to illustrate each source.
From within the organization itself
A significant percentage of the IP related risks that an organization faces originates within the organization itself due to the activities of its own people. Sometimes it is due to a lack of awareness and education of IP by employees, other times it is a deliberate act. Mercedes Benz announced just recently that they are taking legal action against an engineer who allegedly took confidential information as he prepared to join Formula 1 rival Ferrari. The engineer who works for engine manufacturers Mercedes AMG High Performance Powertrains, is alleged to have searched and saved race data. He was set to leave Mercedes at the end of 2015.
AMD filed a complaint back in early 2013 alleging that four of its former employees—one former vice-president and three former managers—transferred sensitive AMD documents before joining competing graphics chip maker Nvidia and then violated a “no-solicitation of employees” promise. The company alleged that the four employees collectively downloaded over 100,000 files onto external hard drives in the six months before leaving the company. They were also accused of recruiting AMD employees after leaving for Nvidia.
These two examples highlight potential employee theft, but other times it may just be related to poor decision making by employees – signing NDAs without fully understanding the content of such agreements, divulging confidential information at a conference without thinking, using the IP of others without permission, etc. Sadly, many IP related risks facing organizations are in fact due to the behavior of their own people.
From entities in the eco-system of the organization
Traditionally, internal innovation was the paradigm under which most firms operated, with most innovative companies keeping their discoveries highly secret and no attempt made to assimilate information from outside their own R&D labs. However, in recent years the world has seen major advances in technology and society which have facilitated the diffusion of information, and companies now work with people inside and outside of the organization.
Collaborative innovation can take many forms, from working with universities, cooperating closely with key suppliers and vendors, collaborating with application developers, content providers, technology house and design houses, plus working with various communities including ‘open’ communities, innovation networks, as well as customers and end-users. It can also involve working with start-ups and venture capital funded entities, as some of the smallest companies can achieve great things with limited funding.
However, many IP risks originate from these very same entities within the eco system of a company, namely its suppliers, partners, distributors, customers and even end-users.
One technology company based in the UK is currently involved in a number of collaborative innovation projects with a variety of different partners (some universities, some start-ups, some European FP7 and Horizon 2020 projects, etc.). Each project involves different parts of their IP portfolio (patents, data, software, etc.) being utilized. Each project has different IP terms and conditions (definition, ownership, usage, scope, etc.) associated with it. They have recognized that these collaborative innovation projects are bringing both IP related value as well as some IP risks to the company, and they are working diligently to maximize the value and minimize the risks. By the way, their situation is not that dis-similar from many other companies.
Some entities within the ecosystem of a company just may not treat the company’s IP or the IP of 3rd parties with the proper attention and respect it deserves, resulting in IP related risks to the company.
IP relates risks posed by competitors tend to get most press attention. Given the very nature of IP and the legal rights associated with it, IP assets belonging to competitors who are designing, developing, manufacturing, distributing and/or selling similar products or services, pose a potential IP risk to any company.
This is perhaps best illustrated by looking at the smartphone sector. Smartphones and mobile electronic devices have taken the world by storm. The ubiquity of smartphones has given rise to an incredibly large number of patents being issued to protect all of the technologies vital to these devices. The smartphone wars or smartphone patents licensing and litigation battles are an ongoing business battle by smartphone manufacturers among others. The conflict may be seen as part of the wider “patent wars” between multinational technology and software corporations.
To secure and increase their market share, companies granted a patent can sue to prevent competitors from using the methods the patent covers. Since 2010 the number of lawsuits, counter-suits, and trade complaints based on patents and designs in the market for smartphones, and devices based on smartphone operating systems such as Android and iOS, has increased significantly.
From independent 3rd parties
IP related risks may originate from entities like IP holding companies, patent assertion entities, and non-practicing entities (NPEs) plus others. Recent US patent statistics show that patent litigation, driven by such type entities, could reach an all-time high in 2015. Although primarily focus on patents and centered in the US, IP related risks coming from independent 3rd parties is not limited to that particular form of IP or to that particular jurisdiction.
In the pharma industry sector, we have seen the rise of IP risks from hedge fund managers. One well-known hedge-fund manager is taking a novel approach to making money, namely filing and publicizing patent challenges against pharmaceutical companies while also betting against their shares. That strategy utilizes an administrative process known as Inter Partes Review that allows petitions to strike down patents to be heard by a Patent Office Panel. The process was created by the US Congress in 2011 to help companies fight so-called patent trolls, non-operating companies that extract cash settlements from companies they accuse of patent infringement. The Patent Office Panel is a less expensive and faster option than trials in US Federal Courts.
From Government entities
IP relates risks may come from the activities of Government Departments, Industry Regulators, Inter-Operability Standards Setting Bodies, and of course Intellectual Property Offices themselves. At the beginning of 2015, the Board of Directors of the Institute of Electrical and Electronics Engineers (IEEE) voted to approve a set of amendments to the organization’s patent policy. The changes largely relate to the commitment of IEEE members to license patents to users of IEEE standards on terms that are “fair, reasonable and nondiscriminatory” (FRAND). These FRAND commitments have been the subject of much recent litigation between many of the members of IEEE. Such an IP policy changes brings major benefits to some, but not to others.
There are a number of interesting changes or debates about possible changes taking place in the world of IP at the present time. It would be impossible to list all of them here, but it is worthwhile to highlight a few.
The US has already pushed ahead with some patent reform, including already switching to the first to file system. There are numerous pending bills relating to various aspects of US patent law and procedure with the Innovation Act, the STRONG Patents Act, and the TROL Act being three of the major legislative proposals.
There are discussions about trying to move the IP environment to a more permissive environment and away from an exclusive one. There are strong debates about such things as copyright levies, the European patent and pan European IP licenses. Some countries have pushed ahead with some national initiatives such as establishing patent banks in places like Taiwan and Korea. The recent study of IP in the UK placed much emphasis on the creation of a digital copyright exchange. Some are pushing to expand the ‘license of rights’ concept. Many IP Offices face funding challenges and some are pushing to be self-funding or profit making. Debates rages about patent thickets, and a number of countries have already deployed patent box tax initiatives or are about to do so.
Trade secrets can be an important part of an organization’s portfolio of IP assets. It is interesting to see the EU working to harmonize trade secrets laws across Europe. The US is trying to strengthen trade secrets laws with the Defend Trade Secrets Act. China’s State Administration for Industry and Commerce (SAIC) has announced the opening of a discussion regarding a revision to the 1993 Anti-Unfair Competition Law (AUCL) which includes trade secret law.
Some companies will clearly benefit from these reforms but others may find their IP risk profile changes in an adverse manner.
From illegal entities
Here I refer to the activities of illegal entities like hackers and counterfeiters, posing major IP risks to many companies. Hackers are generally external individuals, criminal gangs or even Government sponsored entities whose sole objective is to gain illegal access to the company’s computer infrastructure, with the intention of committing a crime such as the theft of confidential information or trade secrets. Companies that become victims of online espionage are often not aware of any loss until it is far too late. Cyber experts estimate that every company utilizing a computer network is actually being attacked by hackers, who are continuously probing for weaknesses.
Counterfeit goods can include fake designer clothes, bags, watches, accessories and perfumes as well as pirate DVDs, CDs, smartphones and computer games. They can also include medicines and components of automobiles and aircraft. The size of the problem posed by counterfeiters is staggering. According to FBI, Interpol, World Customs Organization and International Chamber of Commerce estimates, roughly 7-8% of world trade every year is in counterfeit goods. That is the equivalent of as much as $512 billion in global lost sales.
IP theft poses a risk to all industry sectors; those most commonly affected by IP theft are manufacturing, consumer goods, technology, software, and biotechnology, including pharmaceuticals. Having personally attended some events organized by Customs officials and Trading Standards Officers here in the UK, I am absolutely shocked by some of the counterfeit goods which they have seized.
From the organization’s own network of IP Service & Solution Providers
Involving an external IP Firm or IP Service Provider into a company’s IP operations basically means buying certain work results from third parties. Subcontract work is normally based on the company’s specifications and requirements but, the company, and the external IP Firm or IP Service Provider may also compile specifications together. This is a better approach as it enables the external entity to contribute based on their skills, competencies and knowledge.
There are many reasons to subcontract work to an external IP Firm or IP Service Provider. Outsourcing may increase the flexibility of the company’s in-house IP in terms of resourcing, leading to faster response times and wider overall opportunities when the competence and capacity pool is expanded. The company may wish to focus its limited in-house IP resources on what it considers to be core activities, critical cases or key competence areas.
Some or all of the tasks of a typical in-house IP function can be subcontracted to external IP Firms or IP Service Providers. The management of external IP Firms or IP Service Providers is, in many ways, very similar to the management of in-house IP resource. It is all about fact-based management and values-based leadership.
Subcontracting to an external entity is not always easy. Yes it can bring tremendous value but it can also bring risks.
Summary Part 1
IP risk management is about ensuring that the business really understands its IP related risks, and then mitigates pro-actively. The rationale for this may be driven by the need for freedom to use technologies already in use or being considered for use in the company’s products, but there are many other reasons why businesses need to take IP risk management seriously.
Truly understanding the origins of many of the IP risks facing a company is a key aspects of proper and professional IP risk management.
Finally it is important not to underestimate or exaggerate the risks associated with IP. As IP relates to innovation and creativity, it can sometimes be an emotive subject and some care is needed.
Donal O’Connell is IPEG consultant. He developed with a team of software engineers a new IP Risk Management Tool, the Alder tool brought to you by IPEG. Demonstrations of this tool can be given in an online presentation. Please contact us at firstname.lastname@example.org for more information.
 Risk Management…the What, Why, and How, Michael Stanleigh, Business Improvement Architects