The following op-ed was originally published on the FCPA Blog on January 25, 2018.
The theft of intellectual property (IP) is a challenge facing organizations and industries operating globally. A special risk involves Chinese nationals both in and outside the PRC using less than sophisticated methods to steal IP.
While there are obvious ways that an organization’s IP can be misappropriated, through hacking schemes, or even when China blatantly requires organizations to “share” their IP with Chinese entities that have ties to the government, there are often simple ways that IP is stolen by employees, vendors, and partners.
Vendors and employees pose special risks to IP. They have access to your IP and understand weaknesses in your systems. Employees, especially those working in procurement, can readily steal IP by selling it to the shell companies they have created, as one example of a simple scheme. Many employees have access to IP, and knowing its value, are intent upon stealing it. Vendors also have access to IP, and they can exploit limitations inherent in your internal controls.
In an effort to combat these and other concerns, U.S. Trade Representative Robert Lighthizer is in current negotiations with China to stem the tide of IP theft and infringement. The U.S. has banned the PRC telecom company Huawei from doing business in the United States and has urged other nations to follow suit. These efforts may help, but every organization needs to consider more immediately updating their own IP safeguards.
Organizations active in the PRC and those partnering with Chinese entities or hiring Chinese nationals need to put special emphasis upon the protection of their IP.
Here are some thoughts about protecting your organization’s IP:
IP theft occurs when opportunity is present.
The Association of Certified Fraud Examiners
(ACFE) has analyzed the ins and outs of theft and fraud. Their findings show that fraud and theft occur when opportunity arises rather than when devious minds get together. This concept applies equally to the protection and theft of IP. Assume people will steal if you don’t have good controls.
IP theft occurs when internal controls are insufficient.
Internal controls must, at every point, account for the ways in which IP is held, transferred, sold, and shared. Protections must be put into place to meet all these scenarios and must go beyond technological solutions. Technology is only one layer of IP protection. People find creative ways to steal, regardless of whether equipment or microchips are being taken.
IP theft does not require sophisticated technological schemes.
The people behind these attacks aren’t all technology experts. IP theft may not be a tech problem. It may be a simple theft issue.
IP theft might involve equipment, drawings, software, trade secrets, or client and vendor lists.
Regardless, IP has value and people will want to take it, whether for their own purposes, or for someone else’s.
IP theft is prevented and detected through simple tools.
Effective hotlines, third-party due diligence, training, audit, and other standard compliance and internal controls are a useful protection against theft of IP.