As the world becomes progressively dependent on technology, the increasing intertwinement of intellectual property and compliance is evident in the business setting. In the face of unprecedented yet inevitable legal transformations, it is crucial to identify the risks and solutions associated with compliance in both the virtual and real intellectual property world.
How are intellectual property and compliance related?
Compliance describes the practice of acting in accordance with a set of laws, regulations, global standards and specific internal policies. As regulatory compliance protects and directs a business’s resources and reputation, intellectual property has become an integral part of the assets worthy of protection. A 11.7% increase in trademark filings at the which is a strong testament to the growing significance of intellectual property. Furthermore, with the digitalisation of business models and assets, these codes of conduct should encompass intellectual property protection as external threats such as counterfeiting and cyber-attacks become ever-more rampant. It was estimated that the value of counterfeiting goods amounted to 2.5% of world trade in 2019, along with a 22% surge in domain name disputes in 2021. According to the European Union’s Cybersecurity Agency (Enisa), the number of cyber-attacks against critical sectors and institutions in Europe has doubled (304 incidents recorded) since the beginning of the pandemic.
The interconnection between the two fields had not always been apparent. Initially, the interactions between intellectual property and compliance departments were rather limited. It was common practice to operate each department separately and to focus on matters concerning their own subject. This isolation was later broken by the Vinci case, which led the way to radical changes in the co-working of the two sectors.
The Vinci case concerned the domain name ‘vinci.group’ for the French concessions and construction company Vinci and another fraudulent domain name which was registered. Although Vinci’s monitoring services detected this fraudulent domain name, due to it being inactive for over three weeks, they did not pursue any actions against it. Once it became active, it was associated with a fake website leading Vinci’s customers to believe it was legitimate. Using a fake email address, the fraudsters sent press releases alerting the customers that the performance and revision of the previous year’s account releases were subject to inaccuracy and fraud. As a result, Vinci’s share price fell by 18%.
This highlights how a company’s reputation and financial well-being can be damaged due to the fraudulent use of a domain name. Since then, market regulators have set up guidelines to mitigate domain name risks to avoid similar situations. The Vinci case illustrates the importance of compliance and intellectual property departments working hand in hand – the ultimate goal being efficient risk management. Such a joint effort facilitates the implementation of preventive
measures and timely retaliation to suspected intellectual property infringements.
As such, companies, regardless of their sectors of expertise, should put in place a compliance program for the identification, protection and maintenance of their intellectual property rights. Such a program should be fully comprehensive, taking into consideration all potential risks, especially those concerning intellectual property. As intellectual property takes on increasing importance, it constitutes substantially heightened risks related to other crimes as well. For instance, money laundering is a common consequence of a primary domain name offence. Criminals camouflage their illicit proceeds through the violation of intellectual property ownership by exploiting its commercially viable and flexible nature. While intangible assets have to be appraised to be accounted for as company capital, the assessments of their economic value are often arbitrary. This creates a loophole which enables infringers to transfer to façade companies abroad to round trip dirty money back to its source masqueraded as legitimate earnings. In this sense, the prevention of the primary intellectual property infringement could likely limit the manifestation of any further illegal activity.
Who is at risk?
Banks, particularly online banking, and insurance firms are most likely to be exposed to such risks. As a matter of fact, any industry that engages in e-commerce can be at risk on Web 2.0 and 3.0. As for counterfeiting, the luxury industry falls victim to intellectual property infringement. Recently, the EUI jointly published a report on intellectual property crime & threat assessment, in which a study estimated that 5.8% of all EU imports in 2019 were pirated and counterfeited goods. These luxury fashion brand counterfeits were worth around EUR 119 billion.
Apart from major corporates, everybody is exposed to such risks as well. The degree of exposure depends on different factors, such as the nature of underlying activities, the size of the organisation, the geographical location and the jurisdictions applied. In a nutshell, companies should direct their efforts towards properly comprehending their intellectual property risks and include them in their compliance setup. It is vital for companies’ intellectual property departments to take the lead and show the compliance departments the risks related to intellectual property, specifically those on the internet.
Impact of Web 3.0 on Intellectual Property and Compliance
Over the past few years, the Web 3.0 decentralisation revolution has emerged from obscurity and gained growing acceptance even in the most conservative of practices. One notable example is the enforcement of contracts. Powered by blockchain technology, a smart contract automatically implements itself once the predetermined conditions come to fruition. The irreversible and autonomous nature of smart contracts could translate to vast applications in the realms of intellectual property. Rather than documenting intellectual property registries in the traditional database, the entire life cycle of an intellectual property right could be recorded effectively in a distributed, immutable ledger. It displays clear, authoritative evidence of the use of intellectual property rights and creatorship, which often comes in handy whenever disputes or revocation proceedings arise. These ledgers also allow for provenance authentication, with which consumers and businesses alike could verify genuine products and distinguish them from counterfeits.
However, as with many new technologies, these benefits do come with risks. The resilience of a smart contract heavily depends upon the coding prowess of its developer and whether due diligence was carried out for these protocols. In 2021, one of the most high-profile heists was pulled off when hackers stole $613 million from Poly Network by exploiting a vulnerability in their smart contracts. As blockchains keep transactions out of reach of governments and courts, the distribution of unauthorized, copyrighted materials to encrypted servers could go untraced and unpunished. Even if these illegalities come to light, an injunction would hardly be enforceable since these programs exist on thousands of machines dispersed everywhere around the world.
Despite the rapidly increasing reliance on Web 3.0 technologies, legislations have yet to stipulate a solid legal framework which provides legal certainty in commercial activities. With traditional intermediaries obliterated, there has to be sufficient legal supervision to ensure the compliance of agreements as in conventional contracts. For this reason, a solid technical team is needed in order to work with the legal department to draft a comprehensive compliance plan. An intellectual property compliance program could effectively prevent commitments to activities which undermine or conflict the company’s intellectual property interests. The construction of a compliance framework around Web 3.0 could be complex, yet also immensely valuable.
Additionally, a three-step process is recommended for the protection and enforcement of intellectual property rights for companies; (I) develop audits (II) carry out prior rights searches and (III) put in place a solid monitoring system. This includes the monitoring of blockchain domain names and virtual lands in the metaverse and marketplaces.
Though Web 3.0 could appear challenging and intimidating, one major advantage of blockchain is the traceability of all transactions. Take blockchain domain names as an example. Though it is hard to find the holder of a fraudulent domain name, it is not impossible. Fraudulent domain names can be tracked down through the same blockchain, and a ‘cease and desist’ letter can be sent to try to arrange a transfer, withdrawal or purchase of the blockchain domain.
Web 3.0: a challenge or an opportunity?
It’s both. Web 3.0 offers powerful functionalities relevant to intellectual property rights, for example, the traceability of artistic owners through blockchain technology. Decentralisation is definitely the future of law in terms of ownership rights over virtual assets and personal data, and its protection. Regulation is still needed in order to provide similar protection as in the real world. Web 3.0 should be seen as a double-edged sword where users cannot seek its benefits without being ready to meet its risks and challenges.
Hence, I recommend a three-step strategy to avoid situations like the one encountered in the Vinci case.
First, to conduct prior research among domain names to get an idea of the current situation: identify the legitimate domain names and the fraudulent domain names.
Second, to conduct an audit. The audit allows us to set up the right strategy tailored to the company’s needs. We can then assess the risks and map them out for companies. We also help to put in place a crisis management policy to tackle fake news.
Third, to set up a daily monitoring on domain names and worldwide. This is important because it helps us to identify immediately relevant domain names, analyse them, and assess the level of risk to plan out the right actions.
Finally, I advise a collaboration between intellectual property and compliance departments to tackle the risks. For example, by identifying the key people to contact and having a process in place to secure proofs of a fraud or infringement.
We can also take immediate actions. How do we do so? We start with a technical IP/IT study of the situation. We then set up the right strategy. For example, a request of disclosure of registrant data, blocking a domain, taking down a website and removing e-mail servers. If the domain name is of interest to the company, we initiate action to obtain the amicable transfer of the domain name or we file ADR complaints such as UDRP.
BRAND & NEW EPISODES