IP protection: key to China localisation strategy

Analysis 14 May 2024

Mark Young Thomas Zhang

Asia Pacific Organisational Resilience Investigation Services Security Risk Management

Multinational companies (MNCs) operating in China are finding that their China-based competitors are innovating rapidly, adopting a fast-to-fail approach for product development: innovate and launch it on the market. If it succeeds, run with it; if it fails, rip it out and try again.

Gone are the days of multi-year development cycles for new products for China, and MNCs are finding it hard to keep up. Many MNCs are trying to become more local to maintain market share and capture new opportunities.

MNCs are therefore considering bringing more Intellectual Property (IP) into China or developing more IP locally, so they too can innovate more rapidly – but risk management efforts are struggling to keep pace. More than ever, MNCs are concerned about losing IP to competitors as they transfer R&D projects into China under localisation strategies. Engaging in local partnerships while facing uncertainties on how to handle disputes and infringement in the current local legal framework adds to MNCs’ wariness.

It is important to note that if risks are properly managed, there are significant opportunities for well-planned localisation efforts. Benefits vary widely across industries and locales, but can include:

Access to preferential policies related to housing, talent, financing and land
Corporate income tax relief
Decreased barriers to public procurement
Avoidance of restrictions on imports
Cost savings on manufacturing for the China market

The starting point is to include commensurate planning for IP risk mitigation as a component of any localisation strategy. The first step is asking whether your current practices are commensurate with your awareness of risks by conducting vulnerability assessments and process reviews. The next step is to understand typical challenges to IP protection, followed by creating a bespoke IP risk management programme.

Challenges to protecting IP

Historically, employee theft, counterfeiting and infringement have been common challenges for businesses operating in China. This is why MNCs previously chose to keep critical IP outside China. According to an InterChina - Control Risks survey, which drew from a unique data set that benchmarked nearly 180 MNC executives in March 2024, some 27% of respondents listed innovation and IP-related work in China as the localisation initiatives that pose the greatest risk, ranking first among all options. Although awareness of IP risk is high, operational capabilities to address these risks lag behind.

While many MNCs had departments called “R&D”, they did very little research and mostly focused on development, localising foreign IP for the China market. As a result, operational security (including physical and data security) was often quite lax. As MNCs look at bringing IP into China (and developing more in country), they need to adapt their operations to protect their assets and know-how. To capture new market opportunities, MNCs need to take new approaches to identifying risks, improving IP security and creating a safe space to host and leverage IP.

Typical gaps that MNCs need to address are:

“Whack-a-mole” mentality: Businesses tend to take a piecemeal or superficial approach to management, reacting to problems as they occur, instead of anticipating and preventing them before they can take place. Businesses often fail to proactively identify their IP, let alone implement controls and train employees to protect it. Protective efforts are frequently not considered until after a serious breach has occurred.

Cost controls: IP protection cannot be separated from a company’s overall investment in internal controls. Businesses often face a dilemma: cost management versus investing in securing IP. Processes associated with scrapping and recycling are often low priorities for investment in control improvements. While waste and scrap disposal bring non-operating income to a company, even well-intentioned recycling efforts can present a security risk, as failing to properly destroy sensitive, confidential or valuable IP scrap material can encourage counterfeiting and IP loss. Control Risks worked with a client that found “scrapped” new development products on the market after being transferred to a recycler. The disposal of scrapped goods was handled without onsite destruction, so the scrapped pre-release goods could have been repackaged for sale or reverse engineered.

Inadequate processes: Production processes are often not created or reviewed from an IP risk perspective. Rather, they focus on manufacturing goods efficiently in an environment that continually evolves to reduce waste and inefficiency. The concept of “waste” in the context of lean manufacturing does not account for losses due to malfeasance. In addition, manufacturers generally have inadequate compliance policies, training or reporting methods to encourage employees to report suspected misconduct. Insufficient checks and balances also cause IP losses. A lack of cross-functional controls leads to supervisory weakness.

Mitigating risks with vulnerability assessments

To achieve operational success in China, businesses should develop an IP protection programme that: 1) identifies IP (both current and future); 2) conducts a gap analysis of protective measures, looking at what should be in place versus what is currently in place; and 3) assesses current vulnerabilities using an investigative mindset. From a compliance perspective, it is critical to shift from a reactive management style to one that encourages employees to speak up on matters related to IP protection.

Vulnerability assessments using an investigative mindset

MNCs should conduct an onsite risk assessment of procedures related to surveillance, storage, production, packaging, waste and scrap management. This will identify vulnerabilities regarding IP, check whether these are in line with corporate SOPs (Standard Operating Procedures) and ensure that there is robust information technology to mitigate unauthorised access to critical IP.

Identify, classify and risk-rate your IP. Are physical prototypes at risk, or is the risk logical in nature – such as a recipe or design file? Are there some protections such as patents protecting your IP, or is it know-how or otherwise not patentable by nature? What would a competitor need to bring your IP to market – production expertise, customer lists, supplier data?
Treat the priority risks identified and take measures to prevent them in a timely manner. Create an IP protection plan, including policies and procedures, which inform who, what, why and how a protection mechanism for critical physical assets and IP is to be implemented.
Use value-stream mapping with a risk focus to shift analysis of traditional manufacturing efficiency towards the goal of IP protection. Mapping the production value-stream from a risk perspective can help identify security gaps. Many manufacturers focus on improving security regarding high-value materials (which often contain IP) and finished goods, while other processes – such as repair, scrap, recycling and general waste – can be overlooked. Fraudsters can circumvent these processes to divert IP via the waste stream, often colluding with scrap companies.

In lean manufacturing, a “Gemba walk” refers to an informal visit to the production line in which managers make first-hand observations of the manufacturing environment in terms of quality, safety and general tidiness. By using an investigative mindset, Gemba walks can be an invaluable tool in pinpointing control gaps.

Here are a few tips for investigators on Gemba walks:

Are the empty cartons in the recycling bin really empty? Could the cardboard recycling stream be used to divert products and materials containing IP to colluding recyclers?
Is digital IP safe in your systems? Are there any log in credentials visible on system access points? Do they suggest password sharing? Is the username something generic, such as “Admin” or “DayShiftPackout1”?
Do employees use camera-enabled mobile phones? Can employees take/transmit photos from design areas?
Are managers allowed to skip security protocols when entering/exiting production area? Could they remove prototypes from “black box” development areas?

Internal controls and compliance

A number of internal steps can be taken to improve IP security:

Establish a dedicated internal control and compliance function. Define the objectives and values of IP protection, formulate an organisational structure based on the future direction of the company, and clarify roles and responsibilities. Ensure that the team is independent.
Enhance checks and balances in production to strengthen cross-functional supervision for IP protection and ensure that IP protection is part of the compliance programme and included in the employee handbook.
Conduct root-cause analysis, distil post-incident learnings and carry out improvements to prevent IP breaches from recurring.
Conduct due diligence before engaging in any partnerships that involve sharing IP.
Develop an employee training programme to educate all staff on the importance of IP protection and foster a culture of IP protection within the company. Educate employees to understand that the true cost of losses related to IP is not just financial; it has an impact on the company’s brand, reputation and operations.
Assess the business’s overall “speak-up” culture and design appropriate programmes to identify weaknesses and address concerns.

Developing resilience in IP protection in China is more challenging than ever before. Companies need to have deeper insights into what their key assets are and where their vulnerabilities lie. Stakeholders need to embrace the scepticism associated with having an investigative mindset to temper manufacturing experts’ focus on efficiency, quality and the elimination of waste. They should establish a robust IP protection programme that covers both preventative measures as well as response and containment capabilities, building awareness among employees.

A mix of formal and informal assessment processes can help prevent costly breaches and reactive investigations, and internal controls and compliance improvements can help break the cycle of knee-jerk responses. Keep your China business resilient by making IP protection a key component of your localisation strategy.