Friday, 8 January 2016

Where do IP-related risks originate?

Last year this weblog carried some guest posts from Donal O’Connell (Managing Director, Chawton Innovation Services Ltd, developers of the Alder IP Risk Management Tool).  Donal, who is also a consultant to Aistemos, has been asking a critical question about IP-related risks: where do they come from?  This is what he writes:
Where do IP-related risks originate?

By the very nature of intellectual property (IP), there are both rewards and risks associated with it. Risk is the chance of something going wrong, and the danger that damage or loss will occur. Risk management is the process of analysing exposure to risk and determining how best to then handle such exposure.

Not all IP risks are the same and they may be broken down into a variety of different categories. One such category is ‘origin’ -- identifying from where the IP related risk comes.

Sources of risk

Companies and organisations face IP-related risks from a multitude of sources:

  • From within the organisation itself.
  • From entities in the ecosystem of the organization.
  • From competitors.
  • From independent third parties.
  • From Governments entities.
  • From illegal entities.
  • From the organisation’s own network of IP Service & Solution Providers.
Let's explore each of these in more detail, giving real life examples to illustrate each source.

From within the organisation itself

A significant percentage of the IP-related risks that an organisation faces originates within the organisation itself due to the activities of its own people. Sometimes it is due to a lack of awareness and education of IP by employees; other times it is a deliberate act.

Mercedes Benz announced just recently that they were taking legal action against an engineer who allegedly took confidential information as he prepared to join Formula 1 rivals Ferrari. The engineer, who works for engine manufacturers Mercedes AMG High Performance Powertrains, is alleged to have searched and saved race data. He was set to leave Mercedes at the end of 2015.

AMD filed a complaint back in early 2013 alleging that four of its former employees—one former vice-president and three former managers—transferred sensitive AMD documents before joining competing graphics chip maker Nvidia and then violated a “no-solicitation of employees” promise. The company alleged that the four employees collectively downloaded over 100,000 files on to external hard drives in the six months before leaving the company. They were also accused of recruiting AMD employees after leaving for Nvidia.

These two examples highlight deliberate employee theft, but other times it may just be related to poor decision making by employees –- signing NDAs without fully understanding the content of such agreements, divulging confidential information at a conference without thinking, using the IP of others without permission, and so on.

Sadly, many IP-related risks facing organisations are in fact due to the behaviour of their own people.

From entities in the ecosystem of the organisation

Traditionally, internal innovation was the paradigm under which most firms operated, with most innovative companies keeping their discoveries highly secret, making no attempt to assimilate information from outside their own R&D labs.  However, in recent years the world has seen major advances in technology and society which have facilitated the diffusion of information, and companies now work with people inside and outside of the organisation.

Collaborative innovation can take many forms, from working with universities, cooperating closely with key suppliers and vendors, collaborating with application developers, content providers, technology house and design houses, plus working with various communities including 'open’ communities, innovation networks, as well as customers and end-users.  It can also involve working with start-ups and venture capital funded entities, as some of the smallest companies can achieve great things with limited funding.

However, many IP risks originate from these very same entities within the ecosystem of a company, namely its suppliers, partners, distributors, customers and even end-users.

One technology company based in the UK is currently involved in a number of collaborative innovation projects with a variety of different partners (some universities, some start-ups, some European FP7 and Horizon 2020 projects, etc). Each project involves different parts of their IP portfolio (patents, data, software, etc) being utilized. Each project has different IP terms and conditions (definition, ownership, usage, scope, etc) associated with it. They have recognized that these collaborative innovation projects are bringing both IP-related value as well as some IP risks to the company, and they are working diligently to maximize the value and minimize the risks. By the way, their situation is not that dissimilar from many other companies.

Some entities within the ecosystem of a company just may not treat the company’s IP or the IP of third parties with the proper attention and respect it deserves, resulting in IP-related risks to the company.

From competitors

IP-related risks posed by competitors tend to get most press attention. Given the very nature of IP and the legal rights associated with it, IP assets belonging to competitors who design, develop, manufacture, distribute and/or sell similar products or services pose a potential IP risk to any company.

This is well illustrated by looking at the smartphone sector. Smartphones and mobile electronic devices have taken the world by storm. The ubiquity of smartphones has given rise to an incredibly large number of patents being issued to protect all of the technologies vital to these devices. The smartphone wars or smartphone patents licensing and litigation battles are an ongoing business battle by smartphone manufacturers, among others. The conflict may be seen as part of the wider "patent wars" between multinational technology and software corporations.

To secure and increase their market share, companies granted a patent can sue to prevent competitors from using the methods the patent covers. Since 2010 the number of lawsuits, counter-suits, and trade complaints based on patents and designs in the market for smartphones, and devices based on smartphone operating systems such as Android and iOS, has increased significantly.

From independent third parties

IP-related risks may originate from entities like IP holding companies, patent assertion entities, and non-practising entities (NPEs) plus others. Recent US patent statistics show that patent litigation, driven by such type entities, could reach an all-time high in 2015.

Although primarily focus on patents and centred in the US, IP-related risks coming from independent third parties is not limited to that particular form of IP or to that particular jurisdiction.

In the pharma industry sector, we have seen the rise of IP risks from hedge fund managers. One well-known hedge-fund manager is taking a novel approach to making money, by filing and publicizing patent challenges against pharmaceutical companies while also betting against their shares. That strategy utilizes an administrative process known as Inter Partes Review that allows petitions to strike down patents to be heard by a Patent Office Panel. The process was created by the US Congress in 2011 to help companies fight so-called patent trolls, non-operating companies that extract cash settlements from companies they accuse of patent infringement. The Patent Office Panel is a less expensive and faster option than trials in US Federal Courts.

From Government entities

IP-related risks may come from the activities of Government Departments, Industry Regulators, Inter-Operability Standards Setting Bodies, and Intellectual Property Offices themselves.

At the beginning of 2015, the Board of Directors of the Institute of Electrical and Electronics Engineers (IEEE) voted to approve a set of amendments to the organisation’s patent policy.  The changes largely relate to the commitment of IEEE members to license patents to users of IEEE standards on terms that are “fair, reasonable and non-discriminatory” (FRAND).  These FRAND commitments have been the subject of much recent litigation between many of the members of IEEE. Such an IP policy changes brings major benefits to some, but not to others.

There are a number of significant changes or debates about possible changes taking place in the world of IP at the present time. It would be impossible to list all of them here, but it is worthwhile to highlight a few.

The US has already pushed ahead with some patent reform, including already switching to the first to file system. There are numerous pending bills relating to various aspects of US patent law and procedure with the Innovation Act, the STRONG Patents Act, and the TROL Act being three of the major legislative proposals.

There are discussions about trying to move the IP environment to a more permissive environment and away from an exclusive one. There are strong debates about such things as copyright levies, the European patent and pan-European IP licences. Some countries have pushed ahead with some national initiatives such as establishing patent banks in places like Taiwan and Korea. A recent study of IP in the UK placed much emphasis on the creation of a digital copyright exchange. Some are pushing to expand the 'licence of rights' concept.

Many IP Offices face funding challenges and some are pushing to be self-funding or profit making. Debates rages about patent thickets, and a number of countries have already deployed patent box tax initiatives or are about to do so.

Trade secrets can be an important part of an organization's portfolio of IP assets. It is fascinating to see the EU working to harmonize trade secrets laws across Europe. The US is trying to strengthen trade secrets laws with the Defend Trade Secrets Act. China’s State Administration for Industry and Commerce (SAIC) has announced the opening of a discussion regarding a revision to the 1993Anti-Unfair Competition Law (AUCL) which includes trade secret law.

Some companies will clearly benefit from these reforms but others may find their IP risk profile changes in an adverse manner.

From illegal entities

Here I refer to the activities of illegal entities like hackers and counterfeiters, posing major IP risks to many companies.

Hackers are generally external individuals, criminal gangs or even Government sponsored entities whose sole objective is to gain illegal access to the company’s computer infrastructure, with the intention of committing a crime such as the theft of confidential information or trade secrets. Companies that become victims of online espionage are often not aware of any loss until it is far too late. Cyber experts estimate that every company utilizing a computer network is actually being attacked by hackers who are continuously probing for weaknesses.

Counterfeit goods can include fake designer clothes, bags, watches, accessories and perfumes as well as pirate DVDs, CDs, smartphones and computer games. They can also include medicines and components of automobiles and aircraft. The size of the problem posed by counterfeiters is staggering.  According to FBI, Interpol, World Customs Organization and International Chamber of Commerce estimates, roughly 7-8% of world trade every year is in counterfeit goods. That is the equivalent of as much as $512 billion in global lost sales.

IP theft poses a risk to all industry sectors; those most commonly affected by IP theft are manufacturing, consumer goods, technology, software, and biotechnology, including pharmaceuticals. Having personally attended some events organized by Customs officials and Trading Standards Officers in the UK, I am absolutely shocked by some of the counterfeit goods which they have seized.

From the organisation’s own network of IP Service & Solution Providers

Involving an external IP Firm or IP Service Provider into a company’s IP operations basically means buying certain work results from third parties. Subcontract work is normally based on the company’s specifications and requirements but, the company, and the external IP Firm or IP Service Provider may also compile specifications together. This is a better approach as it enables the external entity to contribute based on their skills, competencies and knowledge.

There are many reasons to subcontract work to an external IP Firm or IP Service Provider. Outsourcing may increase the flexibility of the company’s in-house IP in terms of resourcing, leading to faster response times and wider overall opportunities when the competence and capacity pool is expanded. The company may wish to focus its limited in-house IP resources on what it considers to be core activities, critical cases or key competence areas.

Some or all of the tasks of a typical in-house IP function can be subcontracted to external IP Firms or IP Service Providers. The management of external IP Firms or IP Service Providers is, in many ways, very similar to the management of in-house IP resource. It is all about fact-based management and values-based leadership.

Subcontracting to an external entity is not always easy. Yes it can bring tremendous value but it can also bring risks.

Final thoughts

IP risk management is about ensuring that the business really understands its IP related risks, and then mitigates proactively. The rationale for this may be driven by the need for freedom to use technologies already in use or being considered for use in the company’s products, but there are many other reasons why businesses need to take IP risk management seriously.

Truly understanding the origins of many of the IP risks facing a company is a key aspects of proper and professional IP risk management.

Finally it is important not to underestimate or exaggerate the risks associated with IP. As IP relates to innovation and creativity, it can sometimes be an emotive subject and some care is needed.


  1. Risks from within also come from poor or non-existent record-keeping, particularly where there has been M&A or divestment activity. A business may find that it has lost track of its own IP or that it is using divested IP on the assumption that it still owns it or is licensed to do so. This is why regular due diligence is so important.

  2. What point are you trying to make regarding FRAND? It isn't clear to me whether they are a factor that causes/increases risk or if they actually do the opposite.

  3. Not sure I'd add Regulators to my list of IP-related threats, since they are equally a threat in all sectors at all times, regardless of whether there is any IP around or not. Apart from that, good article.

  4. So basically IP risk management is a management issue, not an IP one?