Closing in on intellectual property theft

By Craig Moss, COO, Center for Responsible Enterprise and Trade (

We can no longer assume the legal function is solely responsible for stopping the threat.  We know a better way, one that pairs the right people (both legal and contract management practitioners) with a robust action plan. This new method is flexible.  It can be tailored to fit many industries, regardless of industry diversity.

The problem

By definition, IP — copyrights, patents, trademarks, registered designs and trade secrets — is the lifeblood of many companies and, increasingly, the key to competitiveness. But, in a global economy where doing business means working with diverse partners and using digitized information, IP is increasingly vulnerable to theft and infringement whether or not it is intentional.

Actually, this challenge opens the door to opportunity for contract managers to take on a new management systems approach to protecting IP, one that…

  • supplements the work normally handled by the legal department;
  • positions contract managers to prevent IP theft and infringement throughout the contract cycle; and
  • promises to help preserve competitive advantage and avoid costly legal action.

Outsmarting types of IP theft

IP theft is getting smarter. Gone are the days when IP theft meant scam artists selling counterfeit products like cheap watches and phony handbags.  IP abuse has crept into virtually every industry, with increasingly serious implications, spreading like a tidal wave from the supply process to the industry to the consumer — threatening every aspect of an enterprise and its end-to-end supply chain.

The fallout creeps from businesses to personal lives…

  • Counterfeiters take advantage of complex supply chains by introducing fake parts or cheaper ingredients into the production process.
  • Fake parts and adulterated ingredients flood many industries from automotive and military to foods and prescription drugs.
  • Bogus products threaten the health and safety of consumers. Adulterated drugs alone have led to more deaths in one year than the past four decades of terrorist attacks.

Businesses suffer massive product recalls, reputational damage, lawsuits and loss of future contracts. With the digitization of information, IP has become extremely vulnerable to loss. IP loss takes many forms ranging from computers being accessed remotely by hackers to inadvertent sharing through email or improper downloads by employees.

Leaking trade secrets such as customer lists, research data, production formulae and processes and tactical information are other forms of IP theft. In many countries, companies have little legal recourse for the loss of this competitive information. Such data may have cost millions in investments and years of research to develop.

Research suggests the magnitude of the trade secret theft problem.  Two examples:

  • The chemical industry in European Union member nations may be losing as much as 30 percent of revenues to misappropriation of trade secrets, according to a document published in November 20131 by the European Commission.
  • In a single case in 2006, an engineer for the Ford Motor Company copied thousands of company documents2 onto an external hard drive and took it with him to work for a Chinese competitor. Ford estimated damages from that breach at more than $50 million.

In a 2012 survey of executives from multinational companies conducted by The Conference Board3, 93 percent of the respondents said that IP protection is a function of their company’s legal department. But the survey also highlighted a lack of confidence in this traditional approach and a lack of results.

More than two-thirds (68 percent) of those surveyed said trade secret theft in emerging markets presented the greatest IP risk, but only 36 percent felt that their company’s compliance program was “very effective” at managing that risk. They were only somewhat more confident in their current approach to protecting other forms of IP.

New approach – the management system

The challenge of protecting IP does not mean releasing the legal department from responsibility.  It means supplementing it, using a management systems approach that can…

  • weave IP protection into the culture of the company and its business operations; and
  • help to prevent IP infringement inside the company and its supply chain.

This approach is…

  • preventive and proactive;
  • creates awareness throughout the company;
  • builds on management systems that are already in place; and
  • leverages the expertise among existing employees.

Role of contract managers is essential

In a management systems approach, IP protection becomes a consideration with suppliers and business partners before contracts are drafted and signed.

After contracts are signed, IP protection becomes part of ongoing monitoring, integrating into the entire contract life cycle and becoming a factor in pre-contract risk assessment and due diligence. It is also an aspect of contract fulfillment and monitoring for the full duration of the contract where the contract manager is already deeply engaged.

Eight steps to building robust IP protection

Although each industry has unique requirements and priorities, these eight steps can help most companies evaluate the ability of a supplier or business partner to protect IP and prevent problems resulting from counterfeit goods flowing into the supply chain, or pirated software exposing IT systems or trade secrets being stolen.

1.     Policies, procedures, and records: These foundations safeguard and reinforce the value of company IP.

  • Are they comprehensive and clearly communicated to company employees?
  • Is record-keeping adequate and accurate?

2.     IP compliance team: In a management systems approach, the team responsible for IP protection in the company and the supply chain is cross-functional, with representation from senior management.

3.     Scope and quality of risk assessment: When evaluating a business opportunity or potential partnership, you should ask…

  • Is the risk of IP misappropriation considered in the context of industry, IP type and the legal system where business will be located?
  • Is IP risk factored into due diligence of a potential business partner, along with financial stability, quality control, cost, reliability and other considerations?

4.     Supply chain management:

  • Do business partners, contractors and suppliers have IP protection policies and procedures in place, and do they clearly communicate these expectations to their employees?
  • Do your contracts have provisions requiring the third party to have an IP protection program?

5.     Security and confidentiality management:

  • Does the company maintain physical and electronic security to protect trade secrets and other confidential and proprietary information?
  • Is this critical material made accessible to third parties on a need-to-know basis, and subject to adequate confidentiality agreements?
  • Are clear restrictions available on the use of unlicensed software that can create gateways for hackers?

6.     Training and capacity building:

  • Does the company provide routine training in IP protection procedures internally?
  • Does management extend this training to supply chain companies, at least those where the greatest risk exists?

7.     Monitoring and measuring:

  • Are mechanisms in place to monitor adherence to the IP protection policies inside the company and with key third parties?
  • Are the contractual provisions regarding IP protection being met?

8.     Corrective actions and improvements:When a problem or potential issue is uncovered…

  • Is it analyzed for a root cause, and is the root cause addressed?
  • Does the company have a process to drive continual improvement both internally and with key business partners?

How a management system protects IP

A holistic management systems approach helps to eliminate the all too common unintentional lapses in IP protection. Indeed, many gaps in IP protection involve lack of attention to events such as an employee leaving confidential drawings out in the open, or employees not knowing to question when some of the products’ packaging looks incorrect.

One success story

This approach works even when legal action might be warranted. For example, in 2010, a global consumer electronics company discovered that its largest licensed distributor was selling knockoffs (imitation or fake products) of its product to retailers.  Fakes were mixed in with the real products. Customers returned the fake devices, and the electronics company had to replace them at huge cost to preserve its reputation.

The electronics company later adopted a management systems approach:

  • They implemented new procedures to prevent counterfeits from entering the supply chain, which it then applied to all of its distributors.
  • They rolled out new controls, tighter procedures for record keeping, improved monitoring and training to heighten awareness about the damage caused by counterfeit goods.
  • Within a year, they had eliminated the counterfeit problem with the distributor and still maintained good business relations.

Contract manager role expansion—IP monitoring

In a management systems approach, we have a compelling case for contract managers to play a central role in the IP compliance team, because of their engagement with business partners throughout the life of contracts.

Contract managers’ most obvious contribution is monitoring IP compliance among supply chain partners. Organizations have the weakest performance in this area, according to findings of a pilot project conducted by the Center for Responsible Enterprise and Trade (

The pilot project, which included global companies in aviation, consumer products, services and information technology based in India, China, Brazil, Japan, Germany and the United States, evaluated the maturity of IP protection in each of the eight key process categories outlined earlier.(See also Pilot updates)

  • A contract manager, charged with ensuring business partners and suppliers meet their obligations, is well positioned to spot a gap in IP protection that leads to a preventative remedy, such as new policy, procedures or training.
  • The contract manager can also play a valuable role long before the contract is signed, weighing in at the risk assessment and due diligence phases.

Concluding thoughts

The management systems approach can be applied across industries and supply chains. Supplementing the legal approach with a management systems approach helps to integrate IP protection into the core activities of a company and its supply chain.

Under the guidance and leadership of the contract manager, IP protection can shift from being reactive to being proactive and preventive. The contract manager can help guide IP protection through the pre-contract risk assessment and due diligence process, help suggest effective contractual provisions, and participate in the post-contract monitoring and corrective action process.

In some global companies, contract managers may already be tracking hundreds of agreements. Working to identify and address IP gaps in the execution of these contracts may seem daunting. But it is now abundantly clear that businesses in virtually every sector must address the security of their IP if they hope to thrive in the evolving world marketplace. The challenge of protecting these valuable assets is an opportunity for the contract manager to assume an expanded role in the company’s future success.


1.  Importance of Trade Secrets

2.  Article appeared in the Wall Street Journal, online, originally dated Nov 17, 2012, written by Matthew Dolan

3.  Safeguarding Intellectual Property and Addressing Corruption in the Global Supply Chain. Press release dated December 19, 2012 from (The Conference Board).


Craig Moss is Chief Operating Officer of the Center for Responsible Enterprise and Trade ( where he is responsible for developing CREATe Leading Practices, a program designed to help companies and their suppliers reduce the risks associated with trade secret theft, counterfeiting, piracy and corruption. He has developed definitive guides for organizations including World Bank Group’s International Finance Corporation and the United Nations. Craig is an Executive Advisor for Social Accountability International (SAI) and previously led Social Fingerprint®, a program helping companies and their supply chains implement sustainability practices. Previously, he founded Global Access Corporation, where he led more than 3,000 business development projects in 50 countries.

TO CONTACT THE AUTHOR, please mail your question to Info IACCM   or connect using the IACCM Member Search (login required).