Editor: How does Sarbanes-Oxley ("SOX") affect the practice of
intellectual property law?
Friedman: Sarbanes-Oxley was adopted in July 2002, bringing
much heightened scrutiny to corporate governance. Under SOX, particularly
Sections 302, 404, and 409, companies must be very diligent in disclosing and
certifying their "tangible" and "intangible" assets in all financial reports.
They must identify and then list their important intellectual property ("IP")
assets, value the IP assets and disclose any "impairment" to those asset values,
IP assets must be identified and reviewed at least on an annual basis to
determine whether there has been any impairment or loss that needs to be
accounted for under FASB rules.
The Act places a requirement on all publicly held companies to conduct
regular audits - at least once per year - of their IP assets, and to report on
any material changes to those assets likely to impact the company's financial
operations and well-being. This must be done under the close scrutiny of IP
counsel. If you follow the Act through to a logical conclusion in the light of
its statutory purpose, companies must at least annually (if not more often)
follow a process for determining what intellectual property exists, what the
strengths and weaknesses of its pool of IP property are, and what changes have
transpired since the last reporting period. The IP property pool includes not
only patents, filed trademarks, copyrights, trade secrets, and also, arguably,
IP or know-how not yet subject to governmental certification, i.e., still in the
lab or test tube.
As you can see, SOX has significantly changed the IP landscape for publicly
held companies. In order to make the certification required by SOX, CEOs and
CFOs have to become as familiar with their IP assets as with their accounts
receivable.
Editor: What mechanisms should be put in place to assure compliance with
SOX?
Friedman: All companies, not just those publicly held, should set up a
multi-disciplinary IP audit team. The IP audit team would include IP counsel,
accountants, engineers and perhaps some of the sales personnel. Their function
is to determine what constitutes IP, the importance of these assets to the
company's well being, how the assets should be valued, and what changes have
taken place in the value of the assets. As I said earlier, under SOX, the
company must certify to the value and/or impairment of both tangible and
intangible assets.
Section 404 of SOX requires companies to document and certify their internal
financial reporting procedures and controls, including any self-assessments of
the business risks. Under this section the company and its officers must certify
that they have procedures in place which they are following such as identifying
all the IP, assigning values to it, and measuring any impairment to those
values. A multi-disciplinary IP audit team including IP counsel is necessary in
order to do this successfully.
Editor: The Sentencing Guidelines require that there be employee
compliance training. Also, Sarbanes-Oxley would require such training since it
requires control systems to protect important assets. Should there be
specialized employee compliance training programs to alert employees to the
necessity for protecting and preserving IP assets?
Friedman: As a result of SOX, there has to be training for those at
the company who are charged with developing, identifying and assessing the value
of IP.
A firm like ours, with experience in handling IP issues for sophisticated
companies and employee training, is well-equipped to help clients devise,
implement and execute the procedures that are necessary to comply with SOX
insofar as intangible assets, like IP, are concerned. This subject matter needs
to be taught to research and development personnel, including scientists and
engineers, financial personnel, and those involved in management. There are many
different legs beneath the table of SOX compliance.
Editor: What about other company personnel who are involved only
tangentially with technology, such as those involved in protecting the systems
from viruses?
Friedman: This multi-disciplinary IP audit team, tasked with the
mission of identifying and assessing IP, must be aware of viruses and other
problems that may affect the value of intellectual property. Even if you are
with a company that is merely licensing technology from another party, this
technology also has to be identified. valued. disclosed, and if there is any
impairment, this would have to be disclosed.
Editor: In the case where a company receives a notice that products it is
selling may have used processes in their manufacture which may be in violation
of another party's patent and the company chooses to ignore the notice, would
this be a violation of SOX?
Friedman: Failure to disclose the notice would, in some instances, be
a SOX violation.
Editor: Is your firm involved in helping clients adopt comprehensive
training systems so that these various bases in the law are touched?
Friedman: Outside counsel, such as our firm, who represent publicly
held companies are encouraging our clients to do so. Publicly held companies are
slow to move in this area since there is a cultural abyss to be spanned.
Auditors and executives who are used to dealing with non-IP assets may not be
able to identify IP assets that are not covered by issued patents or trademarks
such as IP that may reside in an engineer's notebook.
A knotty problem also arises under SOX in cases where a patent pending
application is involved, implicating many issues - such as trade secret issues
and attorney-client problems. For example, what happens under SOX if you have to
report on a pending patent application as well as any impairment thereof?
What if you have a pending patent application on key technology and you
receive an office action from a patent examiner who says: "Look I am rejecting
claims #1, 6 and 12"? How do you comply with SOX requirement 302 or 409? This is
uncharted territory.
Editor: If you do not have state-of-the-industry security for your
systems. such as allowing your trade secrets to walk out the door each day in
someone's laptop, what kind of breach of SOX might this trigger?
Friedman: The Company has to certify as to its internal controls. The
safeguarding of IP should be part of a set of those controls that must be
certified to.
Editor: While the main thrust of commentary on SOX has been primarily
concerned with accounting controls, what you are telling me is that all assets
and processes within a company are covered by the Act - anything which exposes a
material weakness that could affect the finances of a company long-range.
Friedman: If SOX requires you to disclose and certify information
regarding important assets and risk factors related to those assets, and if one
agrees with the proposition that many publicly held companies have IP that is
among their most important assets, then those disclosures are required, systems
must be installed and executed to ascertain that information, and the
appropriate disclosures under SOX made. This is truly a stealth issue. People
are starting to wake up to the view that IP assets increasingly influence a
company's financial health. And like other tangible and intangible assets, these
assets must be identified, valued and any impairments to value disclosed.
Editor: How important is it to have in-house or outside counsel interface
with management involved with IP and technology issues? Do you consider it
important to have someone embedded in these management groups dealing with these
issues competent to assess legal risks, including the possibility of litigation
or of excessive damages, in looking at an intellectual property problem?
Friedman: Here is an example that makes your point: you and I are the
executives of a company that owns a particular valuable and important technology
which we believe is proprietary. Suppose in a pending patent infringement
action, in which we are not a party, the patentee alleges that someone who has
technology similar to ours is infringing its patent. Would not that be something
that could impair the value of our IP even though our company is not a party to
that proceeding?
This underscores the need for companies to create an interdisciplinary team
consisting of management, scientists, researchers, and IP lawyers who create the
controls so the company can make the analyses and disclosures required by SOX.
As a result of SOX, IP lawyers must be drawn right into the mix. The risk of
not doing so is too great for any responsible corporation, its officers and
directors to ignore.
Editor: How important is speed in analyzing a problem once in-house
counsel senses one is brewing?
Friedman: You cannot be an ostrich. The moment any corporate attorney,
executive or director, or employee senses that there could be a problem, it is
critically important that SOX counsel be contacted. Early intervention is
necessary for a good recovery. You must assemble a competent team of inside and
outside professionals to quickly preserve the information, evaluate it and then
chart a course of compliance. This will reduce the likelihood of a SOX
violation.
Editor: Do you foresee a number of situations emerging that will require
these rescue operations?
Friedman: I'm not so sure you are going to see a groundswell of
enforcement actions or litigation related to the failure to identify, value and
describe the impairment of IP assets because it is only now that people who are
deeply involved in this are beginning to say. "What are the IP implications of
SOX?" I can foresee a stockholders' suit against the company on the basis of its
documents' failure to disclose a substantial impairment of value of one of its
key IP assets.
Editor: You have a vast body of plaintiffs' counsel waiting to seize upon
product failures.
Friedman: It may be an explosion waiting to happen.
Editor: Does it make sense for a company to document its state-of-the-art
internal controls and compliance record?
Friedman: In my view, SOX requires that a company document and certify
to its IP controls. There is no substitute for creating a record of not only
compliance but also exemplary conduct. One should practice exemplary corporate
conduct as an end in itself. This is a brave new world - Aldous Huxley would
have been at home in 2005.
Published January 1, 2005.