@各大企業,這份“IP合規標準指引”已發布!(附:英文版)
2021年12月,浦東新區檢察院和信通院知識產權與創新發展中心共同發布了《企業知識產權合規標準指引(試行)》,成為上海市首個專項合規標準指引,為涉知產類企業合規有效評估提供了規范指引,也為上海市知識產權專項合規標準的制定提供了浦東樣本。指引發布后引起社會各界廣泛關注,現將全文予以公布。第一條【制定依據】 為加強企業的知識產權合規工作管理,有效防范和化解知識產權合規風險,引導企業依法合規經營、健康發展,根據《關于建立涉案企業合規第三方監督評估機制的指導意見(試行)》,參照《企業知識產權管理規范》,結合企業合規改革試點工作經驗,制定本指引。第二條【制定目的】 企業知識產權合規風險管理的目標是實現對知識產權合規風險的有效識別和管理,確保公司管理和各項經營活動的合法合規,推動企業全面加強知識產權合規管理,提升依法合規經營管理水平,保障企業持續健康發展。第三條【合規風險】 本指引所指的知識產權合規風險,是指企業及其員工因知識產權不合規行為,引發法律責任,造成刑事追責、經濟或聲譽損失以及其他負面影響。涉知識產權的法律風險包括但不限于:1.專利許可權濫用風險、專利申請權爭議風險、被侵犯專利的風險、被提起專利侵權訴訟的風險、專利轉讓糾紛風險等;2.未能有效開發和實施專利的風險、管理不善導致專利失效的風險等。1.商標申請風險,商標未注冊或被他人搶先注冊、申請類別不全、重點類別保護力度不夠、申請的標識不全面;2.商標使用風險,申請地域不全、未對目標市場全面布局、對商品或服務類別越權使用或許可他人使用、侵犯他人在先權利、商標使用不規范使用等。第四條【合規原則】 企業知識產權合規體系建設應當堅持獨立性、有效性、全面性、動態性和可查性原則:(一)獨立性原則:合規職能部門的運行不受任何不當的干擾和壓力;合規職能部門應嚴格依照法律法規及企業相關制度規定等對企業和員工行為進行客觀評價和處理;承擔合規管理職責的人員應獨立履行職責,不受其他部門和人員的干涉。(二)有效性原則:合規管理制度應有效嵌入到經營業務的具體環節當中,與法律風險防范、審計監察、內控及風險管理等工作相統籌、相銜接,并建立全員合規責任制,明確管理人員和各崗位員工的合規責任并督促有效落實,確保合規管理閉環。(三)全面性原則:企業知識產權合規管理的基礎性和關鍵領域包括專利、商業秘密、商標、著作權;合規工作應覆蓋業務涉及的研發、生產、銷售、對外合作、投資推廣、招投標及采購等各個環節,貫穿決策、執行、監督全流程,并確保所有與知識產權相關的業務、部門和人員均已納入合規工作體系。(四)動態性原則:合規工作應與企業經營范圍、組織結構和業務規模相適應;合規工作應根據企業內外部環境的變化適時進行調整和完善;企業經營管理中存在的合規風險問題,要能夠得到及時反饋、糾正和改進。(五)可查證原則:合規工作應有明確的流程規范作依據,確保企業合規管理有跡可循、有證可查。第五條【合規體系】 知識產權合規體系的建立應當涵蓋組織體系、制度體系、運行體系、風險識別處置體系等。第六條【合規職責】 企業可根據自身行業性質、經營規模等合理選擇和設置知識產權合規部門或合規人員,組織、協調和監督合規管理工作,在直接負責各項合規管理工作的同時為其他部門提供合規管理支持,并確保其對涉及重大合規風險事項的一票否決權。其具體工作職責主要包括:(一)研究起草合規管理計劃、制定合規管理制度,組織制訂合規管理戰略規劃及合規管理年度報告;(二)持續關注法律法規等規則變化,組織開展合規風險識別與預警;(三)參與企業重大決策并提出合規建議和意見,參與企業重大事項合規審查和風險應對;(四)參與業務部門對重要商業伙伴的合規盡調和定期評價;(五)指導各部門合規工作落地,并提供合規咨詢,組織合規認證;(六)組織開展合規檢查與考核,對制度和流程進行合規性評價,督促違規整改和持續改進;(九)建立合規舉報管理體系,受理合規管理職責范圍內的舉報,組織或參與對舉報事件的調查,并提出處理建議;(十)組織或協助業務部門、人力資源部門開展合規培訓;(十一)其他適合由合規職能部門承擔的合規管理職責。第七條【組織保障】 企業董事會、監事會、高級管理人員應當履行必要的合規管理職責,對知識產權合規計劃制定與執行給予支持,確保合規部門(人員)行使職權的獨立,保障資源充足。第八條【內部配合】 企業各部門在職權范圍內配合落實合規管理的日常工作,可在本部門設置合規聯絡員,進行合規風險信息收集和報送,配合合規部門就相關問題調查并及時整改。第九條【合規審查】 企業應建立健全規范化的知識產權事務管理和決策流程,將知識產權合規審查作為規章制度制定、重大事項決策、重要合同簽訂、重大項目運營等經營管理行為的必經程序,及時對不合規的內容提出修改建議,未經合規審查不得實施。第十條【合規監察】 企業應定期對知識產權合規體系進行合規監察,由合規管理部門人員落實實施,并形成合規監察報告。監察內容主要包括對知識產權合規體系運行有效性的評價和對知識產權合規績效進行評價,以確保知識產權合規目標的實現。第十一條【合規舉報】 企業鼓勵對潛在或實際存在的違反知識產權合規方針或合規義務的行為進行舉報。企業應拓寬合規績效反饋來源,為相關人員設立舉報機制、求助熱線、情況反饋、建議箱等,為供應商、承包商等第三方設立投訴處理系統,重點搜集有關企業不合規情況、合規疑問及對合規有效性和合規績效評價等反饋內容。第十二條【績效評價】 企業通過設立科學的知識產權合規績效考核評價指標,科學評價各部門合規工作績效及合規工作貢獻,把知識產權合規績效考核評價納入對各部門及相關負責人的年度綜合考核,將員工的合規履職情況作為員工考核、提拔、評先選優等工作的重要依據。績效評價重點圍繞合規風險特征相關的指標,包括不限于各項合規制度落實的主動性和有效性、部門人員被有效培訓的比例、相關監管機構介入的頻率、因不合規問題產生的被處罰、賠償、商譽受損等負面影響、潛在的不合規風險、合規相關信息的記錄保存情況等。第十三條【不合規調查】 企業應建立不合規的調查制度,堅持公平、公正的調查原則,及時、徹底地調查對本企業及員工或有關第三方不當行為的任何指控或懷疑。調查企業的應對性文件、采取的一切紀律或補救措施,以及在吸取經驗教訓后對知識產權合規管理體系的修訂。查明不當行為的根源、知識產權合規管理體系的漏洞和責任缺失的原因,包括管理者、最高管理層和治理機構的行為、職責。對查明的原因進行審慎分析,分析應考慮企業人員的數量、水平,以及不合規的程度、普遍性、嚴重性、持續時間和頻率等因素。第十四條【文件信息化管理】 企業應建立文件信息化管理制度,確保對企業管理中形成的相關知識產權的重要過程予以記錄、標識、貯存、保護、檢索、保存和處置;對行政決定、司法判決、律師函等外來文件進行有效管理,確保其來源與取得時間的準確性。外來文件和記錄文件應當完整,明確保管方式和保存期限。文件管理體系的載體,不限于紙質文件,也包括電子文件。第十五條【資源配置】 企業可以根據自身情況,設立知識產權經常性預算科目,保障知識產權合規管理工作的正常進行,經費項目科包括:用于知識產權申請、注冊、登記、維護、檢索、分析、評估、訴訟和培訓等費用;用于知識產權合規管理機構的運行費用;用于知識產權合規管理體系建立、運行、維護和更新的費用;用于知識產權激勵的費用。有條件的企業可設立知識產權風險準備金。第十六條【保密管理】企業應建立保密管理制度,明確涉密人員,設定保密登記和接觸權限,對容易造成企業知識產權秘密流失的設備,規范其使用人員、目的、方式和流通;明確涉密信息范圍,規定保密等級、期限和傳遞、保存及銷毀的要求;明確涉密區域,規定客戶及參訪人員活動范圍等。第十七條【合規文化】 企業應建立對技術人員、知識產權管理人員、全體員工分層級合規培訓制度。從增強知識產權保護意識、知識產權價值觀、營造崇尚創新尊重知識產權的氛圍、重視知識產權宣傳教育等方式進行知識產權文化的建設;結合知識產權管理制度建設和人才建設,構建有利于調動企業員工知識產權工作積極性的激勵機制,樹立尊重和保護知識產權的企業形象。第十八條【獲取合規】 企業應及時申請注冊登記各類知識產權,明確有關專利申請、集成電路布圖設計登記、商標注冊、著作權登記、商業秘密保護等知識產權獲取及其后續維護或主動放棄的管理措施和工作程序。第十九條【維護合規】 企業應明晰處置和運營知識產權管理規定,明確職務發明成果的界定條件以及委托或合作開發成果知識產權歸屬的處置原則,明確有關專利權、商標權、著作權等知識產權轉讓、許可、投資、質押的管理措施和工作程序。第二十條【運用合規】 企業應注重生產經營環節知識產權管理,明確在原材料及設備采購(包括軟件等)、技術和產品開發、技術轉讓(許可)與合作、委托加工、產品銷售、廣告宣傳或展銷、招投標、進出口貿易、企業合資及并購和上市等環節中所可能涉及的各類知識產權事務的管理措施和工作程序:(一)企業采購活動中的知識產權管理。企業應收集相關知識產權信息,必要時應要求供方提供權屬證明;做好供方信息、進貨渠道、進價策略等信息資料的管理和保密工作;在采購合同中應明確知識產權權屬、許可使用范圍、侵權責任承擔等內容。(二)企業生產活動中的知識產權管理。注意發現有知識產權價值的創新成果,及時采取相應的知識產權保護措施;對于生產過程中不宜對外公開的操作規程、各種報表和試驗記錄、檢驗檢測記錄等,應建立相應的保密制度,采取相應的保密措施;承攬委托加工、來料加工、貼牌生產等加工業務時,注意規避對外加工業務中的知識產權風險,明確雙方知識產權權利義務、保密責任。(三)企業研發活動中的知識產權管理。建立研發活動的知識產權跟蹤檢索分析與監控制度;明確對研發成果的知識產權歸屬管理;加強對研發活動的檔案和保密管理,建立技術研發檔案、記錄管理制度,確保研發活動具有可追溯性;加強對研發成果申請專利的挖掘與質量的管控。(四)企業營銷活動的知識產權管理。對產品即將投放的市場進行同類產品知識產權狀況的調查分析,防止遭遇知識產權侵權指控;正確使用注冊商標或專利號等知識產權標志,對消費者和有關市場主體進行必要提醒;建立產品銷售市場監控機制,多渠道地監控同類產品的市場情況;對發現侵權的,應當進行重點信息收集,必要情況時進行公證。第二十一條【上市審查】 企業上市前,應對已有的無形資產的法律狀態、存續年限、法律風險等進行整體的評估與規劃;對上市公司準備使用的無形資產的權屬和法律狀態以及招股說明書中的相關內容進行審查;完整地披露知識產權獲取、喪失、轉讓等信息。第二十二條【涉外業務】 企業應積極開展涉外業務中的知識產權布局;對擬引進的技術或者產品的相關知識產權狀況進行調查分析,并對侵權風險進行綜合評估;簽訂技術或產品引進合同、輸出合同(包括代理合同)應明確技術或產品引進的許可方式和范圍、后續改進成果的歸屬和分享、權利維護、雙方的保密責任和義務、引進技術或產品發生知識產權侵權時供方應承擔的法律責任等內容。第二十三條【識別與預警】 企業應通過完善合規風險信息收集機制,全面系統梳理企業經營活動中可能存在的合規風險,建立合規風險臺賬,對風險源、風險類別、風險形成因素、可能發生的后果及發生的概率等展開系統分析,對有典型意義、普遍存在的以及可能造成嚴重后果的風險應及時發布預警。第二十四條【風險檢查】 企業應由合規管理部門人員牽頭,負責組織、協調企業各項合規檢查工作,可抽調相關部門人員共同組成檢查組,根據企業業務情況定期開展合規風險檢查。針對檢查發現的合規風險,合規檢查組應提出整改建議,各部門提出具體解決方案,解決方案經合規檢查組確認后,由合規管理機構督促各部門積極落實整改方案。第二十五條【風險分級】 企業可對所識別的知識產權合規風險分為三類:重大知識產權風險、中等知識產權風險、一般知識產權風險。(一)重大知識產權風險包括:法律、規則、準則以及地方法治環境的重大變化對經營活動產生的知識產權風險;監管機構出具的各類處罰決定、監管意見、風險提示等情況;向監管機構報送證明性材料、專項匯報材料、監管意見落實整改情況、各類合規材料等相關情況;業務開展過程中存在的違反法律、規則和準則的重大知識產權風險信息;各類制度文件中存在的不符合法律、規則和準則要求的情況;因知識產權合規問題導致企業被訴的情況;其他應被確定為重要合規風險的事項。(二)中等知識產權風險包括:企業經營活動中新出現的知識產權風險或原有風險的變化;既定合規風險應對方案執行情況及執行效果發生變化,不能全部達到原來目標;對企業經營可能存在一定影響,但影響較小或未來造成直接損失較小;其他可以被認定為中等合規風險的事項。(三)除上述重要知識產權風險、中等知識產權風險外,企業對推動知識產權合規管理、提升依法合規經營管理水平、保障公司持續健康發展影響較小,需要通過加強管理等方式進行完善的事項,作為一般知識產權風險事項進行管理。第二十六條【風險應對】 企業應根據不同的合規風險類型制定和選擇知識產權風險應對方案,應對方案應包括總體方案和專項方案。對重大風險事項,企業合規管理部門和各部門應共同研究出臺具體整改方案,明確整改主體、具體責任人、整改時間節點等具體要求,合規管理部門以月為時間節點統計整改完成情況,并及時向企業決策層領導匯報。第二十七條【問責機制】 企業根據自身情況制定合規風險問責,對知識產權合規績效目標、績效獎金和其他激勵措施進行定期評審,以驗證是否有適當的措施來防止不合規行為;對違反企業知識產權合規義務、目標、制度和要求的人員,進行適當的紀律處分,必要時追究相關責任。第二十八條【設計評估】 合規管理體系設計的有效性評估和審查標準主要有:1.是否定期組織合規管理部門(人員),對可能面臨的知識產權合規風險進行全面評估,重點識別在知識產權研發、采購、生產、營銷等生產經營各階段的風險;2.是否根據風險識別和評估確定的合規管理重點問題,發展與可能面臨的知識產權合規風險相匹配的風險控制和處理能力;3.是否定期更新企業風險評估制度,及時識別和評估原有風險的新變化及新產生的風險。1.是否根據企業的合規風險、業務范圍、規模等,制定知識產權合規管理相關制度,對各個環節進行規范化管理;2.是否明確相關制度的執行標準,明確責任主體和責任內容;3.是否對知識產權合規獲取、維護、運用等重點環節建立合規管理運行機制,防控可能產生的風險。1.是否建立合規培訓制度,定期組織開展有針對性的知識產權合規學習培訓,確保員工充分認識到知識產權合規重要性、掌握崗位知識產權專業技能,通過培訓提升各層級的知識產權業務能力;2.是否建立知識產權及其合規管理的內部及外部溝通渠道,并將知識產權合規文化、合規目標及合規業務納入溝通內容,確保及時收集和反饋相關信息。1.是否建立知識產權合規舉報及調查管理辦法,是否對重點風險崗位人員建立專門檢查制度;2.是否以公開方式設置舉報途徑,是否確保所有人員了解舉報程序并能夠流暢使用相關舉報程序;3.是否建立不合規調查程序,確保及時、徹底地調查不合規行為及其原因。1.是否設立知識產權合規管理部門及合規人員,作為企業合規管理牽頭部門,組織、協調和監督管理工作;2.是否明確企業審計、監察、內控、質量、安全及各業務部門在各自職權范圍內配合落實知識產權合規管理的日常工作;3.是否在確定企業知識產權合規相關人員時,要求具備相應的專業資質、良好的業務素質及職業操守。1.是否定期對知識產權合規體系進行合規監察并形成合規監察報告,重點評價知識產權合規體系運行的有效性,以確保知識產權合規目標的實現;2.是否在必要時聘請第三方機構,對企業知識產權合規體系及合規風險管理有效性進行評估,并出具評估報告。第二十九條【執行評估】 合規管理體系執行的有效性評估和審查標準主要有:1.企業是否為知識產權合規管理配套相關基礎設施,將遵守企業知識產權合規業務、制度及要求作為人員的雇傭條件,配置相應人員;2.是否設立知識產權經常性預算科目,包括用于知識產權申請、注冊、登記、維持、分析、評估、訴訟、培訓、管理體系運行、維護及更新等費用,保障知識產權合規管理工作正常進行。1.是否明確知識產權合規管理部門及合規人員的崗位職責;2.是否明確企業董事會、監事會、高級管理人員應當履行的必要合規管理職責;3.是否明確企業各部門配合落實知識產權合規管理的日常工作的職責及溝通程序。1.企業管理層及責任人員是否具有知識產權合規意識,是否熟悉知識產權領域的法律法規,是否將知識產權合規工作列入公司管理、考核重點專項工作;2.企業員工是否具備知識產權合規基本意識,是否了解并遵守企業知識產權合規業務、制度及要求。1.企業知識產權合規管理相關制度是否能夠有效運行,知識產權合規重點環節的合規管理運行機制根是否運行流暢;2.是否制定知識產權合同管理制度,嚴格對合同有關知識產權約定進行審查,包括明確知識產權歸屬、保密業務、侵權風險預案等;3.是否加強對第三方合作企業的合規審查及風險防控,包括審查第三方資質、是否存在知識產權瑕疵、要求提供不侵犯知識產權承諾等。1.是否建立科學的知識產權合規績效考評指標,圍繞合規風險特征相關指標對員工進行考核;2.是否建立并實施相關激勵流程,調動員工進行知識產權創新及合規管理的積極性;3.是否對違反企業知識產權合規義務、目標、制度和要求的相關人員進行必要的處分。是否將知識產權合規管理過程中的各項要素創建為文件化信息,建立知識產權信息數據庫,并有效維護和及時更新。第三十條【質效評估】 合規管理體系效果的有效性評估和審查標準主要有:1.是否將經營活動各環節相關的知識產權風險管理要求通過流程、制度、合同以及培訓、會議等溝通方式向企業員工進行宣傳、推廣,將知識產權風險管理理念及企業合規價值觀根植于經營活動中,營造企業知識產權合規文化;2.是否構建有利于調動員工積極性的激勵機制,樹立尊重和保護知識產權的企業形象。1.企業所有的知識產權經營活動是否滿足合規目標、符合合規要求;2.實現企業合規目標的資源配置是否完善,是否有明確的時間安排及細化流程;3.是否定期監督、檢查、記錄、評估合規目標的進度并進行及時更新調整。1.是否根據知識產權相關法律規范的調整,及時調整企業的知識產權合規管理體系,確保其保持最新狀態,適應企業的知識產權合規目標;2.是否定期開展知識產權風險內部監察,針對發現的合規風險,及時提出具體解決方案并積極落實整改。1.發現違規事件時,企業是否及時采取措施控制并糾正,分析違規事件產生的原因;2.是否針對違規事件反映的管理問題及時進行改進和彌補管理漏洞,包括改進業務流程、重新培訓員工、加強預警機制等;3.是否向內部和外部通報違規事件相關情況,保留文件化信息。for Enterprise Compliance with Intellectual Property Rights(For Trial Implementation)Article 1 [Formulation Basis] The Guidelines are formulated in accordance with “The Guiding Opinions on Establishment of a Third-party Supervision and Evaluation Mechanism for the Compliance of Enterprises Involved in Criminal Cases(for Trail Implementation)”, the “Specifications for the Administration of Intellectual Property Rights of Enterprises” and the pilot working experience on enterprise compliance reforms, for the purposes of enhancing enterprises’ compliance management work for intellectual property rights, guarding against and defuse compliance risks related to intellectual property rights, and guiding enterprises to operate in compliance with relevant law and regulatory requirements as well as to develop healthily.Article 2 [Purpose] The purposes of compliance management for intellectual property rights of enterprises are to effectively identify and manage compliance risks related to intellectual property rights, ensuring that management of enterprises and other business activities conforms to relevant laws and regulatory requirements; and to promote enterprises to comprehensively enhance their compliance management on intellectual property rights, advance their lawful business management level, and guarantee the sustainable and healthy development of enterprises.Article 3 [Compliance Risks] The “compliance risks related to intellectual property rights” this Guidelines referred to, are legal responsibilities, criminal charges, financial or reputational losses or any other negative influences resulted from enterprises’ or its employees’ non-compliance actions. The legal risks concerning intellectual property rights include but not limited to:(1) Risks of Patent Rights: 1. risks related to patent license abuses, the right of patent application disputes, patent being infringed, being involved in patent infringement lawsuit, and patent transfer disputes; 2. risks in failing to effectively develop and implement patent, and poor management causing invalidity of patent, etc.1. risks in the application for trademarks: trademark not registered or pre-registered by others, incomplete registered categories, insufficient protection of key categories, incomplete application for marks; 2.risks in the implementation of trademarks: incomplete application for territories that registered trademarks can be used within, failure to make overall arrangements for target markets, using or licensing others to use the registered trademark beyond the licensed category of the goods or services, infringement of others’ prior rights, non-standardized use of trademarks, etc.1. risks related to service works, commissioned works, and the confirmation of corporates’ copyrights thereof; 2. risks of works’ material infringements; 3. right of dissemination via information networks infringements; 4. legal risks in the licensed use and transfer of copyrights, etc.(4) Risks of Trade Secrets: 1. risks of trade secrets being acquired by others via theft, spying or hacking; 2. risks of internal employees being bought off; 3. risks of trade secrets leakage in the course of external disseminations and collaborations; 4. risks of employees’ disclosure of trade secrets after leaving office, etc.Article 4 [Compliance Principles] The establishment of enterprise compliance system for intellectual property rights should adhere to the principles of independence, effectiveness, comprehensiveness, dynamism and traceability:(1) Independence: The operation of compliance management department shall be free from any undue interference and pressure; the compliance management department shall objectively evaluate and handle the acts of enterprises and its employees in strict accordance with laws and regulations as well as relevant rules of the enterprises; the personnel who undertake compliance management responsibilities shall perform its duties independently without any interference from other departments and personnel.(2) Effectiveness: The compliance management system shall be effectively embedded in the specific processes of business operation, be integrated and connected with legal risks prevention, audit and supervision, internal control and risks management, etc. A compliance responsibility system, which specifies the compliance responsibilities of managers and employees for each position and supervises their effective implementation, shall be established for all employees to ensure a closed loop of compliance management.(3) Comprehensiveness: The basic and key areas of enterprise compliance management for intellectual property rights include patents, trade secrets, trademarks and copyrights; the compliance work shall cover all business activities such as research and development, production, sales, cooperation, investment and marketing, biding, and procurement, etc., run through the whole process of decision-making, execution and supervision, and guarantee the inclusion of all intellectual property rights-related businesses, departments and personnel in the compliance system.(4) Dynamism: The compliance work shall be compatible with the business scope of the enterprise, its organizational structure and business scale; timely adjustments and improvements shall be made to the compliance work according to the internal and external environment changes of the enterprise; the compliance risks exist in the business management shall be reported, corrected and improved in time.(5) Traceability: The compliance work shall have clear procedural instructions to act upon, so as to ensure the compliance management of the enterprise can be traceable and provable.Article 5 [Compliance Management System] The establishment of a compliance system for intellectual property rights shall include organizational system, institutional system, operating system, risks identification and handling system, etc.Chapter II Compliance Management Organizational SystemArticle 6 [Compliance Responsibility] In light of its business nature and scales, enterprises may reasonably select and appoint intellectual property rights compliance management department or personnel, which can organize, coordinate and supervise enterprises’ compliance management work, take direct responsibilities for compliance management as well as simultaneously support other departments for compliance management. Enterprises may guarantee such department or personnel’s veto power for matters involving significant compliance risks. Their duties mainly include:(1) Researching and drafting compliance management plans, making compliance management rules, organizing the development of strategic plans and annual reports of compliance management;(2) Paying continuous attention to changes in laws, regulations and other rules, and organizing the identification and early warning of compliance risk;(3) Participating in the enterprises’ major decisions-making, providing compliance suggestions and opinions, and taking part in compliance reviews and risk management on the enterprises’ material matters;(4) Participating in the business sections’ due diligence and periodic evaluation for vital business partners;(5) Instructing the implementation of compliance work in each department, providing compliance consulting, and organizing compliance certification;(6) Organizing compliance inspection and assessment, conducting compliance evaluation over rules and procedures, and urging corrective actions and continuous improvements over non-compliance ;(7) Promoting the integration of compliance responsibilities into job duties and employee’s performance management;(8) Establishing compliance performance review indicators, monitoring and measuring compliance performance;(9) Establishing compliance reporting management system, accepting reports within the scope of compliance management duties, organizing or participating in the investigation of reported incidents, and offering suggestions for handling;(10) Organizing or assisting business departments and human resources sections to conduct compliance trainings;(11) Other compliance management duties suitable for the compliance management department.Article 7 [Organizational Support] The board of directors, board of supervisors and senior managers of enterprises shall perform necessary compliance management responsibilities, offer support for the formulation and implementation of the intellectual property rights’ compliance plan, and ensure the independent exercise of authority by the compliance management department (personnel), with sufficient resources guaranteed.Article 8 [Internal Collaborations] Each department of enterprises shall collaborate within the scope of their authorities to implement the routine work of compliance management, and appoint a section compliance liaison, who will be able to collect and report information regarding compliance risks as well as to cooperate with the compliance department to investigate relevant issues and make corrections.Chapter III Compliance Management Institutional SystemArticle 9 [Compliance Control] Enterprises shall establish a sound and standardized business management and decision-making process of intellectual property rights, take compliance control as a compulsory procedure for business management activities such as rules formulation, material matters’ decision-making, important contracts’ conclusion and significant projects’ operation, as well as propose changes to non-compliance content in time. Such activities shall not be implemented without compliancecontrol.Article 10 [Compliance Monitoring] Compliance monitoring on the compliance system of intellectual property rights shall be conducted regularly by enterprises. Such monitoring shall be implemented by the compliance management department personnel, and a compliance monitoring report shall be produced. The compliance monitoring shall mainly include evaluation for the effectiveness of the compliance system of intellectual property rights and the relevant compliance performance, so as to ensure the realization of the purposes of intellectual property rights compliance.Article 11 [Compliance Reporting] Enterprises shall encourage reporting of potential or actual violations of intellectual property rights’ compliance policies or obligations. Enterprises shall broaden the sources of feedbacks for compliance performance, establish reporting systems, help hotlines, feedback or suggestion boxes for relevant personnel, and set up a compliant handling system for third parties such as suppliers and contractors, focusing on the collection of feedbacks regarding the enterprises’ non-compliance actions, compliance queries and evaluations for compliance effectiveness and performance.Article 12 [Performance Review] Enterprises shall set up scientific compliance performance review indicators of intellectual property rights, evaluate each department’s compliance performance and contributions to the compliance work in a scientific manner, incorporate compliance performance review into the annual comprehensive assessment of each department and the relevant persons in charge, and take compliance performance as an important basis for employee assessment, promotion, merit rating and other work.The performance review shall mainly focus on the indicators related to compliance risk, including but not limited to, initiative and effectiveness of the implementation of each compliance rules, effective training ratio of departmental personnel, frequency of interventions by regulatory institutions, negative impacts arising from non-compliance issues such as penalties, compensations, damage to goodwill, etc., potential risks of non-compliance, and the record-keeping of compliance-related information, etc.Article 13 [Non-compliance Investigation] Enterprises shall establish an investigation system for non-compliance, adhering to principles of just and fair, and promptly and thoroughly investigate any claims or suspicions of misconducts by enterprises, its employees or related third parties. They shall investigate enterprises’ responsive documentations, disciplinary or remedial measures, and adjust the compliance management system for intellectual property rights in light of these lessons learned; find out the roots of misconducts, loopholes in the system and reasons for responsibility deficiency, including the acts and duties of managers, top management and governance bodies; and prudently analyze the identified causes, taking into account the number and level of the personnel, as well as the degree, prevalence, severity, duration and frequency of non-compliance incidents.Article 14 [Documented Information Management] Enterprises shall establish a system of documented information management to ensure that the important process in the formation of relevant intellectual property rights in business management are recorded, marked, stored, protected, retrieved, preserved and disposed. Effective management shall be conducted over external documents such as administrative decisions, judicial judgements and lawyer’s letters, ensuring the accuracy of the sources and timing when those documents were obtained. The documents of external origin and record files shall be complete with clear preserve methods and retention periods. The carriers of the documents management system are not limited to paper documents, but also include electronic ones.Article 15 [Resource Allocation] In order to ensure the proper implementation of compliance management, enterprises may set up regular budget accounts for intellectual property rights, which may include: expenses for the application, registration, maintenance, retrieval, analysis, evaluation, assessment, litigation and training for intellectual property rights; expenses for operation of compliance management institution of intellectual property rights; expense for the establishment, operation, maintenance and update of the compliance management system regarding intellectual property rights; expenses for intellectual property incentives. Enterprises that meet certain conditions may also set up reserves for intellectual property risks.Article 16 [Confidentiality Management] Enterprises shall establish a system of confidentiality management, which specifies secret-related personnel and requires confidentiality registration and access permissions. Regarding the equipment that may easily cause leakage of intellectual property secrets, enterprises shall regulate the users, purposes, usage modes and circulation of such equipment; specify the scope of confidential information, classified level and period, as well as the requirements for transmission, preservation and destruction. The confidential areas and the areas which customers and visitors have access to shall also be identified.Article 17 [Compliance Culture] Enterprises shall establish a hierarchical compliance training system for technical personnel, intellectual property management personnel and all employees. The construction of intellectual property culture shall be carried out in terms of enhancing the awareness of intellectual property protection and intellectual property values, creating an atmosphere of active pursuit of innovation and due respect for knowledge, attaching importance to intellectual property publicity and education. Enterprises shall combine the construction of intellectual property management system with talents cultivation, establish an incentive mechanism that is conducive to mobilize employees’ enthusiasm for intellectual property work, and build up an enterprise image that respects and protects intellectual property rights.Chapter IV Compliance Management Operating SystemArticle 18 [Compliance In Acquisition ] Enterprises shall make timely applications for the registration of various types of intellectual property rights, clarify the management measures and procedures for applications and registrations for patent, layout design of integrated circuits, trademarks and copyrights, trade secrets protection as well as their subsequent maintenance or abandonment.Article 19 [Compliance In Maintenance] Enterprises shall clarify the rules regarding the disposal and implementation of intellectual property rights, specify the conditions for defining service works as well as principles to determine the ownership of intellectual property rights for commissioned work or co-authored work, and provide the management measures and procedures for the transfer, licensing, investment and pledge of intellectual property rights such as patents, trademarks and copyrights.Article 20 [Compliance in Implementation] Enterprises shall focus on the management of intellectual property rights in the processes of production and operation, clarify the management measures and procedures for all kinds of matters concerning intellectual property rights that might arise in the procurement of raw materials and equipment (including softwares, etc.), technology and product development, technology transfer(licensing) and cooperation, commissioned processing, sales of product, advertising or sales exhibition, biding, import and export trade, joint ventures, mergers and acquisitions, and listing, etc. The measures and procedures include:(1) Intellectual property management in procurement. Enterprises shall collect relevant information of intellectual property and request the supplier to produce proof of ownership where necessary; conduct management and confidentiality work for suppliers’ information, purchase channels, and purchase price strategies, etc.; and specify the ownership of intellectual property rights, the scope of licensing, and tort liability, etc., in the procurement agreement.(2) Intellectual property management in production. Enterprises shall focus on finding out the innovative achievements with intellectual property values, and take corresponding protective measures in a timely manner. Regarding those operating procedures, various reports and test records, inspection and testing records, etc., which are not suitable for public disclosure during production, an appropriate confidentiality system shall be established and relevant measures of confidential nature shall be taken. Enterprises shall also pay attention to avoiding intellectual property risks in the overseas processing when being engaged in commissioned processing, processing trade with supplied materials, original equipment manufacturer and other processing business, and clarifying rights, obligations and confidentiality of both parties concerning intellectual property.(3) Intellectual property management in research and discovery(“R&D”). Enterprises shall build an intellectual property tracking, retrieval, analysis and monitoring system for R&D activities; clarify intellectual property ownership management of R&D achievements; strengthen the management of the archives and confidentiality of R&D activities, establish a management system of R&D archives and records, which guarantees the traceability of R&D activities; and enhance the selection and quality control over R&D results that proceed to patent application.(4) Intellectual property management in marketing. Enterprises shall investigate and analyze the existing intellectual property rights of the products of the same kinds in the market where their products are to be launched, so as to prevent from encountering claims of intellectual property rights infringements; correctly use registered trademarks or patent numbers and other proof of intellectual property rights, and remind consumers and relevant market entities where necessary; establish a mechanism to monitor the market for the sales of product and use multiple channels to monitor the market situation of the products of the same kinds. For those found to be infringing, key information should be collected, and notarization should be conducted where necessary.Article 21 [Listing Examination] Before enterprise listing, a comprehensive evaluation and planning for the legal status, duration and legal risks of existing intangible assets shall be conducted. The ownership and legal status of the intangible assets prepared by the listed company as well as relevant content in the prospectus shall be examined, and the acquisition, loss and transfer of the intellectual property rights shall be completely disclosed.Article 22 [Overseas Business] Enterprises shall actively carry out the layout of intellectual property rights in overseas business; investigate and analyze status of relevant intellectual property rights of the technology or products to be introduced and comprehensively evaluate the risks of infringements. When concluding contracts for technology or products import or export (including agency agreements), these issues which include the licensing mode and scope of the imported technology or products, the ownership of the subsequent improvement results, sharing and maintenance of rights, confidential responsibilities and obligations of both parties, and legal liabilities the supplier undertakes in the case of intellectual property infringement of the introduced technology or products shall be provided in the contracts.Chapter V Compliance Risk Identification and Handling SystemArticle 23 [Identification and Early Warning] By improving compliance risk information collection mechanism, enterprises shall comprehensively and systematically tease out the possible compliance risks in their business activities, establish a compliance risk ledger, and systematically analyze the origin, category and forming factors of risks, possible consequences and its probability, etc. For risks that are of typical significance, widespread or capable to cause serious consequences, early warnings should be issued in a timely manner.Article 24 [Risk Inspection] Compliance management department shall lead, organize and coordinate all kinds of compliance inspection work. An joint inspection team may be formed by personnel selected from relevant departments to conduct periodical compliance risk inspections based on the business conditions of enterprises.As to the compliance risk found in inspection, the inspection team shall put forward corrective suggestions, and each department shall propose specific solutions. After the solutions being confirmed by the inspection team, the compliance management institution shall supervise and urge all departments to actively implement the corrective plans. Article 25 [Risks Level] Enterprises may classify the compliance risks of intellectual property rights into three levels: Significant, Medium, and General.(1) Significant risks include: intellectual property risks arising from significant changes in laws, regulations, guidelines and local legal environment; penalty decisions, regulatory suggestions and risk warnings issued by regulatory agencies; submissions to regulatory agencies of supporting materials, special reporting materials, implementation of regulatory suggestions and rectification, compliance materials and other relevant information; information of significant intellectual property risks that are in violations of laws, regulations and guidelines during the course of business operations; any kind of regulatory documents that fail to meet the requirements of laws, regulations and guidelines; cases in which enterprises are being sued due to intellectual property compliance issues; other matters that should be identified as significant compliance risks.(2) Medium Risks include: newly generated intellectual property risks or changes of original risks in business activities; changes in the measures or consequences of implementing the established compliance risk solutions, which fail to fully meet the original objectives; possible impacts on business operations, but the impacts are relatively insignificant or may cause small direct losses in the future; other matters that can be defined as medium compliance risks.(3) Apart from the above-mentioned significant and medium risks, matters that have less impact on promoting the enterprises’ compliance management for intellectual property rights, improving its compliance management level pursuant to the law, or ensuring the healthy development of the companies, shall be managed as General Compliance Risks, although these issues still need to be improved by enhancing management work or by other means.Article 26 [Risks Solutions] Enterprises shall develop and select risks solutions for intellectual property rights, including general solutions and special solutions, according to different levels of compliance risks. As to significant risks, compliance management department and other departments shall work jointly to study and introduce specific rectification plans, clarify particular requirements for rectification subjects, specific responsible persons and rectification time nodes, etc. Compliance management department shall take month as time nodes to summarize the completion of rectification, and report to the enterprises’ decision-making body in time.Article 27 [Accountability Mechanism] An accountability mechanism shall be established based on enterprises’ own conditions. It shall conduct periodic reviews of performance objectives, bonus and other incentive measures for intellectual property compliance so as to verify whether appropriate measures are in place to avoid non-compliance actions; take appropriate disciplinary actions against personnel who violate the enterprises’ compliance obligations, objectives, systems and requirements of intellectual property rights, and hold them accountable when necessary.Chapter VI Third-party Evaluation and Supervision SystemArticle 28 [Design Evaluation] The criteria for assessing and reviewing the effectiveness of the design of compliance management system mainly include:(1) Identification and evaluation for non-compliance risks: 1. whether the compliance management departments/personnel are regularly organized to conduct a comprehensive assessment of the possible compliance risks of intellectual property rights, with a focus on the identification of risks in all stages of production and operation such as intellectual property research and discovery, procurement, production and marketing;2. whether a risk control and handling capacity matching the probable intellectual property compliance risks to be faced with, is developed based on the prioritized issues in the compliance management of risks identification and evaluation; 3. whether risks evaluation systems are periodically updated, which can identify and evaluate new changes to the original risks as well as newly generated risks in a timely manner.(2) Policy and procedure arrangements: 1. whether relevant compliance management systems for intellectual property rights are established in accordance with compliance risks, business scopes and scales of enterprise, etc., and standardized managements are conducted in all the processes; 2. whether the execution standards of relevant systems, responsible entities and contents are clarified; 3. whether a compliance management operation mechanism for key segments such as the compliance acquisition, maintenance and implementation of intellectual property rights, is established, and being protected from possible risks.(3) Training and communication arrangements: 1. whether a compliance training system is established, organizing and conducting targeted training on intellectual property compliance regularly, ensuring the employees’ fully recognition of the importance of intellectual property compliance and acquisition of professional skills for intellectual property, and improving business capacities at all levels through training; 2. whether internal and external communication channels for intellectual property and its compliance management are established, incorporating compliance culture, objectives and business of intellectual property into the content of communication, and ensuring timely collection and feedbacks of relevant information.(4) Reporting and investigation mechanisms: 1. whether a reporting and investigation management approach for intellectual property rights is set up, and whether a special inspection system for personnel positions involving key risks is established; 2. whether a reporting channel in an open way is settled, and whether all personnel can understand and being fluent in using the relevant reporting procedures are guaranteed; 3. whether non-compliance investigation processes are established, ensuring a timely and thoroughly investigation of the non-compliance actions and its causes.(5) Execution and guarantee institutions: 1. whether compliance management departments and personnel for intellectual property rights are set up, organizing, coordinating and supervising management work as the leading department of enterprise compliance management; 2. whether the enterprise audit, supervision, internal control, quality, security and all business departments being required in their respective areas of competence to cooperate with the implementation of the routine work of compliance managements for intellectual property rights are clarified; 3. whether corresponding professional qualifications, good business competence and morality are required in the course of appointing the enterprises’ intellectual property compliance personnel .(6) Third-party supervision mechanism: 1. whether periodical compliance supervisions for intellectual property compliance system are conducted and compliance supervision reports are produced, focusing on evaluating the effectiveness of the intellectual property compliance system to ensure the realization of the objectives of intellectual property compliance; 2. whether a third-party institution is appointed when necessary, evaluating the effectiveness of the enterprises’ intellectual property compliance system and compliance risks management, and issuing evaluation reports.Article 29 [Execution Evaluation] Standards of evaluation and reviewing for effectiveness of the execution of compliance management system include:1. whether enterprises provide relevant infrastructure for intellectual property compliance management, and take abidance of enterprise compliance business, rules and requirements of intellectual property rights as a condition for employment, as well as for staffing corresponding personnel; 2. whether regular budget accounts for intellectual property rights are set, including expenses for application, registration, maintenance, analyze, evaluation, litigation and training for intellectual property, and operation, maintenance and update for management system, in order to guarantee the normal operation of the compliance management work for intellectual property rights.(2) Responsibilities and authorities: 1. whether responsibilities of compliance management departments and personnel for intellectual property rights are provided; 2. whether necessary compliance management responsibilities that the board of directors, board of supervisors and senior managers should perform are clarified; 3. whether responsibilities and communication procedures of each department to cooperate with the routine work of implementing compliance management for intellectual property rights are clearly defined.(3) Compliance awareness: 1. whether enterprises’ management level and responsible personnel are aware of intellectual property compliance, whether they are familiar with the laws and regulations in the field of intellectual property, and whether compliance work for intellectual property rights are included in the key work of enterprises’ management and assessment; 2. whether employees of the enterprises have basic compliance awareness for intellectual property , and whether they understand and comply with enterprises’ compliance business, rules and requirements for intellectual property rights.(4) Compliance management capability: 1. whether relevant compliance management systems for intellectual property rights can operate effectively, and whether compliance management operation system in key aspects of intellectual property compliance can operate smoothly; 2. whether contracts management system for intellectual property is established to strictly review the terms related to intellectual property rights in the contracts, including the clarification of intellectual property rights ownerships, confidentiality obligations, and infringements risks solutions, etc.; 3. whether compliance examination and risks control of third-party cooperative enterprises are strengthened, including the examination of third party’s qualifications, the existence of intellectual property defects, and requirements of providing intellectual property non-infringement commitments.(5) Rewards and punishments mechanism: 1. whether scientific compliance performance indicators are established and employees are evaluated by relevant indicators of compliance risks characteristics; 2. whether relevant incentive processes are established and implemented, motivating employees to carry out intellectual property innovations and compliance managements; 3. whether necessary sanctions are imposed on relevant personnel who violate enterprises’ compliance obligations, objectives, rules and requirements for intellectual property rights.(6) Documented information management: whether all elements in the processes of compliance management for intellectual property rights are created as documented information, and effectively maintained and updated in a timely manner.Article 30 [Quality and effectiveness evaluation] The criteria of evaluation and review for effectiveness of the compliance management system mainly include:1.whether the requirements for intellectual property risks management related to all aspects of business activities are publicized and disseminated to employees through processes, rules, contracts and communication methods such as training and conference, so as to embed concepts and values of risks management and enterprise compliance for intellectual property rights into business activities, creating an compliance culture for intellectual property rights; 2. whether incentive mechanisms conducive to mobilizing employees’ motivation is built, creating an enterprises’ image of respecting and protecting intellectual property rights.(2) Compliance objectives: 1. whether all the business activities related to intellectual property rights of the enterprises meet the compliance objectives and comply with compliance requirements; 2. whether the resource allocation for achieving enterprises’ compliance objectives is adequate, and whether there is a clear time schedule and detailed process; 3. whether the progresses of the compliance objectives are regularly monitored, inspected, recorded, evaluated and timely update and adjusted.1. whether compliance management systems for intellectual property is adjusted in a timely manner according to the changes of legal norms related to intellectual property rights to ensure that it remains up-to-date and adapts to the enterprises’ compliance objectives for intellectual property rights; 2. whether periodical internal supervision of intellectual property risks is carried out, and specific solutions are proposed and rectification is actively implemented in response to the identified compliance risks.(4) Non-compliance incident and its handling: 1. After the non-compliance incidents are found, whether measures to control and correct are taken, and the causes for the incidents are sort out; 2. whether improvements and remedies for management loopholes are made in response to non-compliance incidents, including improving business processes, retraining employees and enhancing early warning mechanisms, etc.; 3. whether internal and external parties are informed of the relevant situations of non-compliance incidents and documented information are retained.
400-883-1990
info@aciplaw.com
