企业知识产权合规标准指引(试行)第一章 总则第一条【制定依据】 为加强企业的知识产权合规工作管理,有效防范和化解知识产权合规风险,引导企业依法合规经营、健康发展,根据《关于建立涉案企业合规第三方监督评估机制的指导意见(试行)》,参照《企业知识产权管理规范》,结合企业合规改革试点工作经验,制定本指引。 第二条【制定目的】 企业知识产权合规风险管理的目标是实现对知识产权合规风险的有效识别和管理,确保公司管理和各项经营活动的合法合规,推动企业全面加强知识产权合规管理,提升依法合规经营管理水平,保障企业持续健康发展。 第三条【合规风险】 本指引所指的知识产权合规风险,是指企业及其员工因知识产权不合规行为,引发法律责任,造成刑事追责、经济或声誉损失以及其他负面影响。涉知识产权的法律风险包括但不限于:(一)专利权法律风险:1.专利许可权滥用风险、专利申请权争议风险、被侵犯专利的风险、被提起专利侵权诉讼的风险、专利转让纠纷风险等;2.未能有效开发和实施专利的风险、管理不善导致专利失效的风险等。(二)商标权法律风险:1.商标申请风险,商标未注册或被他人抢先注册、申请类别不全、重点类别保护力度不够、申请的标识不全面;2.商标使用风险,申请地域不全、未对目标市场全面布局、对商品或服务类别越权使用或许可他人使用、侵犯他人在先权利、商标使用不规范使用等。(三)著作权法律风险:1.职务作品、委外创作、版权商的权属确定风险;2.作品素材侵权风险;3.互联网信息网络传播权侵权;4.许可使用和转让中的法律风险等。(四)商业秘密风险:1.被他人盗窃、以间谍或黑客手段窃取;2.内部员工被收买;3.对外宣传、合作过程中泄露;4.员工离职泄密等。 第四条【合规原则】 企业知识产权合规体系建设应当坚持独立性、有效性、全面性、动态性和可查性原则:(一)独立性原则:合规职能部门的运行不受任何不当的干扰和压力;合规职能部门应严格依照法律法规及企业相关制度规定等对企业和员工行为进行客观评价和处理;承担合规管理职责的人员应独立履行职责,不受其他部门和人员的干涉。(二)有效性原则:合规管理制度应有效嵌入到经营业务的具体环节当中,与法律风险防范、审计监察、内控及风险管理等工作相统筹、相衔接,并建立全员合规责任制,明确管理人员和各岗位员工的合规责任并督促有效落实,确保合规管理闭环。(三)全面性原则:企业知识产权合规管理的基础性和关键领域包括专利、商业秘密、商标、著作权;合规工作应覆盖业务涉及的研发、生产、销售、对外合作、投资推广、招投标及采购等各个环节,贯穿决策、执行、监督全流程,并确保所有与知识产权相关的业务、部门和人员均已纳入合规工作体系。(四)动态性原则:合规工作应与企业经营范围、组织结构和业务规模相适应;合规工作应根据企业内外部环境的变化适时进行调整和完善;企业经营管理中存在的合规风险问题,要能够得到及时反馈、纠正和改进。(五)可查证原则:合规工作应有明确的流程规范作依据,确保企业合规管理有迹可循、有证可查。 第五条【合规体系】 知识产权合规体系的建立应当涵盖组织体系、制度体系、运行体系、风险识别处置体系等。 第二章 合规管理组织体系 第六条【合规职责】 企业可根据自身行业性质、经营规模等合理选择和设置知识产权合规部门或合规人员,组织、协调和监督合规管理工作,在直接负责各项合规管理工作的同时为其他部门提供合规管理支持,并确保其对涉及重大合规风险事项的一票否决权。其具体工作职责主要包括:(一)研究起草合规管理计划、制定合规管理制度,组织制订合规管理战略规划及合规管理年度报告;(二)持续关注法律法规等规则变化,组织开展合规风险识别与预警;(三)参与企业重大决策并提出合规建议和意见,参与企业重大事项合规审查和风险应对;(四)参与业务部门对重要商业伙伴的合规尽调和定期评价;(五)指导各部门合规工作落地,并提供合规咨询,组织合规认证;(六)组织开展合规检查与考核,对制度和流程进行合规性评价,督促违规整改和持续改进;(七)推动合规责任纳入岗位职责和员工绩效管理;(八)建立合规绩效考核指标,监控和衡量合规绩效;(九)建立合规举报管理体系,受理合规管理职责范围内的举报,组织或参与对举报事件的调查,并提出处理建议;(十)组织或协助业务部门、人力资源部门开展合规培训;(十一)其他适合由合规职能部门承担的合规管理职责。 第七条【组织保障】 企业董事会、监事会、高级管理人员应当履行必要的合规管理职责,对知识产权合规计划制定与执行给予支持,确保合规部门(人员)行使职权的独立,保障资源充足。第八条【内部配合】 企业各部门在职权范围内配合落实合规管理的日常工作,可在本部门设置合规联络员,进行合规风险信息收集和报送,配合合规部门就相关问题调查并及时整改。 第三章 合规管理制度体系 第九条【合规审查】 企业应建立健全规范化的知识产权事务管理和决策流程,将知识产权合规审查作为规章制度制定、重大事项决策、重要合同签订、重大项目运营等经营管理行为的必经程序,及时对不合规的内容提出修改建议,未经合规审查不得实施。 第十条【合规监察】 企业应定期对知识产权合规体系进行合规监察,由合规管理部门人员落实实施,并形成合规监察报告。监察内容主要包括对知识产权合规体系运行有效性的评价和对知识产权合规绩效进行评价,以确保知识产权合规目标的实现。 第十一条【合规举报】 企业鼓励对潜在或实际存在的违反知识产权合规方针或合规义务的行为进行举报。企业应拓宽合规绩效反馈来源,为相关人员设立举报机制、求助热线、情况反馈、建议箱等,为供应商、承包商等第三方设立投诉处理系统,重点搜集有关企业不合规情况、合规疑问及对合规有效性和合规绩效评价等反馈内容。 第十二条【绩效评价】 企业通过设立科学的知识产权合规绩效考核评价指标,科学评价各部门合规工作绩效及合规工作贡献,把知识产权合规绩效考核评价纳入对各部门及相关负责人的年度综合考核,将员工的合规履职情况作为员工考核、提拔、评先选优等工作的重要依据。绩效评价重点围绕合规风险特征相关的指标,包括不限于各项合规制度落实的主动性和有效性、部门人员被有效培训的比例、相关监管机构介入的频率、因不合规问题产生的被处罚、赔偿、商誉受损等负面影响、潜在的不合规风险、合规相关信息的记录保存情况等。 第十三条【不合规调查】 企业应建立不合规的调查制度,坚持公平、公正的调查原则,及时、彻底地调查对本企业及员工或有关第三方不当行为的任何指控或怀疑。调查企业的应对性文件、采取的一切纪律或补救措施,以及在吸取经验教训后对知识产权合规管理体系的修订。查明不当行为的根源、知识产权合规管理体系的漏洞和责任缺失的原因,包括管理者、最高管理层和治理机构的行为、职责。对查明的原因进行审慎分析,分析应考虑企业人员的数量、水平,以及不合规的程度、普遍性、严重性、持续时间和频率等因素。 第十四条【文件信息化管理】 企业应建立文件信息化管理制度,确保对企业管理中形成的相关知识产权的重要过程予以记录、标识、贮存、保护、检索、保存和处置;对行政决定、司法判决、律师函等外来文件进行有效管理,确保其来源与取得时间的准确性。外来文件和记录文件应当完整,明确保管方式和保存期限。文件管理体系的载体,不限于纸质文件,也包括电子文件。 第十五条【资源配置】 企业可以根据自身情况,设立知识产权经常性预算科目,保障知识产权合规管理工作的正常进行,经费项目科包括:用于知识产权申请、注册、登记、维护、检索、分析、评估、诉讼和培训等费用;用于知识产权合规管理机构的运行费用;用于知识产权合规管理体系建立、运行、维护和更新的费用;用于知识产权激励的费用。有条件的企业可设立知识产权风险准备金。 第十六条【保密管理】企业应建立保密管理制度,明确涉密人员,设定保密登记和接触权限,对容易造成企业知识产权秘密流失的设备,规范其使用人员、目的、方式和流通;明确涉密信息范围,规定保密等级、期限和传递、保存及销毁的要求;明确涉密区域,规定客户及参访人员活动范围等。 第十七条【合规文化】 企业应建立对技术人员、知识产权管理人员、全体员工分层级合规培训制度。从增强知识产权保护意识、知识产权价值观、营造崇尚创新尊重知识产权的氛围、重视知识产权宣传教育等方式进行知识产权文化的建设;结合知识产权管理制度建设和人才建设,构建有利于调动企业员工知识产权工作积极性的激励机制,树立尊重和保护知识产权的企业形象。 第四章 合规管理运行体系 第十八条【获取合规】 企业应及时申请注册登记各类知识产权,明确有关专利申请、集成电路布图设计登记、商标注册、著作权登记、商业秘密保护等知识产权获取及其后续维护或主动放弃的管理措施和工作程序。 第十九条【维护合规】 企业应明晰处置和运营知识产权管理规定,明确职务发明成果的界定条件以及委托或合作开发成果知识产权归属的处置原则,明确有关专利权、商标权、著作权等知识产权转让、许可、投资、质押的管理措施和工作程序。 第二十条【运用合规】 企业应注重生产经营环节知识产权管理,明确在原材料及设备采购(包括软件等)、技术和产品开发、技术转让(许可)与合作、委托加工、产品销售、广告宣传或展销、招投标、进出口贸易、企业合资及并购和上市等环节中所可能涉及的各类知识产权事务的管理措施和工作程序:(一)企业采购活动中的知识产权管理。企业应收集相关知识产权信息,必要时应要求供方提供权属证明;做好供方信息、进货渠道、进价策略等信息资料的管理和保密工作;在采购合同中应明确知识产权权属、许可使用范围、侵权责任承担等内容。(二)企业生产活动中的知识产权管理。注意发现有知识产权价值的创新成果,及时采取相应的知识产权保护措施;对于生产过程中不宜对外公开的操作规程、各种报表和试验记录、检验检测记录等,应建立相应的保密制度,采取相应的保密措施;承揽委托加工、来料加工、贴牌生产等加工业务时,注意规避对外加工业务中的知识产权风险,明确双方知识产权权利义务、保密责任。(三)企业研发活动中的知识产权管理。建立研发活动的知识产权跟踪检索分析与监控制度;明确对研发成果的知识产权归属管理;加强对研发活动的档案和保密管理,建立技术研发档案、记录管理制度,确保研发活动具有可追溯性;加强对研发成果申请专利的挖掘与质量的管控。(四)企业营销活动的知识产权管理。对产品即将投放的市场进行同类产品知识产权状况的调查分析,防止遭遇知识产权侵权指控;正确使用注册商标或专利号等知识产权标志,对消费者和有关市场主体进行必要提醒;建立产品销售市场监控机制,多渠道地监控同类产品的市场情况;对发现侵权的,应当进行重点信息收集,必要情况时进行公证。第二十一条【上市审查】 企业上市前,应对已有的无形资产的法律状态、存续年限、法律风险等进行整体的评估与规划;对上市公司准备使用的无形资产的权属和法律状态以及招股说明书中的相关内容进行审查;完整地披露知识产权获取、丧失、转让等信息。第二十二条【涉外业务】 企业应积极开展涉外业务中的知识产权布局;对拟引进的技术或者产品的相关知识产权状况进行调查分析,并对侵权风险进行综合评估;签订技术或产品引进合同、输出合同(包括代理合同)应明确技术或产品引进的许可方式和范围、后续改进成果的归属和分享、权利维护、双方的保密责任和义务、引进技术或产品发生知识产权侵权时供方应承担的法律责任等内容。 第五章 合规风险识别处置体系 第二十三条【识别与预警】 企业应通过完善合规风险信息收集机制,全面系统梳理企业经营活动中可能存在的合规风险,建立合规风险台账,对风险源、风险类别、风险形成因素、可能发生的后果及发生的概率等展开系统分析,对有典型意义、普遍存在的以及可能造成严重后果的风险应及时发布预警。 第二十四条【风险检查】 企业应由合规管理部门人员牵头,负责组织、协调企业各项合规检查工作,可抽调相关部门人员共同组成检查组,根据企业业务情况定期开展合规风险检查。针对检查发现的合规风险,合规检查组应提出整改建议,各部门提出具体解决方案,解决方案经合规检查组确认后,由合规管理机构督促各部门积极落实整改方案。 第二十五条【风险分级】 企业可对所识别的知识产权合规风险分为三类:重大知识产权风险、中等知识产权风险、一般知识产权风险。(一)重大知识产权风险包括:法律、规则、准则以及地方法治环境的重大变化对经营活动产生的知识产权风险;监管机构出具的各类处罚决定、监管意见、风险提示等情况;向监管机构报送证明性材料、专项汇报材料、监管意见落实整改情况、各类合规材料等相关情况;业务开展过程中存在的违反法律、规则和准则的重大知识产权风险信息;各类制度文件中存在的不符合法律、规则和准则要求的情况;因知识产权合规问题导致企业被诉的情况;其他应被确定为重要合规风险的事项。(二)中等知识产权风险包括:企业经营活动中新出现的知识产权风险或原有风险的变化;既定合规风险应对方案执行情况及执行效果发生变化,不能全部达到原来目标;对企业经营可能存在一定影响,但影响较小或未来造成直接损失较小;其他可以被认定为中等合规风险的事项。(三)除上述重要知识产权风险、中等知识产权风险外,企业对推动知识产权合规管理、提升依法合规经营管理水平、保障公司持续健康发展影响较小,需要通过加强管理等方式进行完善的事项,作为一般知识产权风险事项进行管理。第二十六条【风险应对】 企业应根据不同的合规风险类型制定和选择知识产权风险应对方案,应对方案应包括总体方案和专项方案。对重大风险事项,企业合规管理部门和各部门应共同研究出台具体整改方案,明确整改主体、具体责任人、整改时间节点等具体要求,合规管理部门以月为时间节点统计整改完成情况,并及时向企业决策层领导汇报。第二十七条【问责机制】 企业根据自身情况制定合规风险问责,对知识产权合规绩效目标、绩效奖金和其他激励措施进行定期评审,以验证是否有适当的措施来防止不合规行为;对违反企业知识产权合规义务、目标、制度和要求的人员,进行适当的纪律处分,必要时追究相关责任。 第六章 第三方监督评估体系 第二十八条【设计评估】 合规管理体系设计的有效性评估和审查标准主要有:(一)违规风险的识别和评估:1.是否定期组织合规管理部门(人员),对可能面临的知识产权合规风险进行全面评估,重点识别在知识产权研发、采购、生产、营销等生产经营各阶段的风险;2.是否根据风险识别和评估确定的合规管理重点问题,发展与可能面临的知识产权合规风险相匹配的风险控制和处理能力;3.是否定期更新企业风险评估制度,及时识别和评估原有风险的新变化及新产生的风险。(二)政策和程序安排:1.是否根据企业的合规风险、业务范围、规模等,制定知识产权合规管理相关制度,对各个环节进行规范化管理;2.是否明确相关制度的执行标准,明确责任主体和责任内容;3.是否对知识产权合规获取、维护、运用等重点环节建立合规管理运行机制,防控可能产生的风险。(三)培训和沟通安排:1.是否建立合规培训制度,定期组织开展有针对性的知识产权合规学习培训,确保员工充分认识到知识产权合规重要性、掌握岗位知识产权专业技能,通过培训提升各层级的知识产权业务能力;2.是否建立知识产权及其合规管理的内部及外部沟通渠道,并将知识产权合规文化、合规目标及合规业务纳入沟通内容,确保及时收集和反馈相关信息。(四)举报和调查机制:1.是否建立知识产权合规举报及调查管理办法,是否对重点风险岗位人员建立专门检查制度;2.是否以公开方式设置举报途径,是否确保所有人员了解举报程序并能够流畅使用相关举报程序;3.是否建立不合规调查程序,确保及时、彻底地调查不合规行为及其原因。(五)执行和保障机构:1.是否设立知识产权合规管理部门及合规人员,作为企业合规管理牵头部门,组织、协调和监督管理工作;2.是否明确企业审计、监察、内控、质量、安全及各业务部门在各自职权范围内配合落实知识产权合规管理的日常工作;3.是否在确定企业知识产权合规相关人员时,要求具备相应的专业资质、良好的业务素质及职业操守。(六)第三方监管机制:1.是否定期对知识产权合规体系进行合规监察并形成合规监察报告,重点评价知识产权合规体系运行的有效性,以确保知识产权合规目标的实现;2.是否在必要时聘请第三方机构,对企业知识产权合规体系及合规风险管理有效性进行评估,并出具评估报告。 第二十九条【执行评估】 合规管理体系执行的有效性评估和审查标准主要有:(一)资源配置:1.企业是否为知识产权合规管理配套相关基础设施,将遵守企业知识产权合规业务、制度及要求作为人员的雇佣条件,配置相应人员;2.是否设立知识产权经常性预算科目,包括用于知识产权申请、注册、登记、维持、分析、评估、诉讼、培训、管理体系运行、维护及更新等费用,保障知识产权合规管理工作正常进行。(二)职责权限:1.是否明确知识产权合规管理部门及合规人员的岗位职责;2.是否明确企业董事会、监事会、高级管理人员应当履行的必要合规管理职责;3.是否明确企业各部门配合落实知识产权合规管理的日常工作的职责及沟通程序。(三)合规意识:1.企业管理层及责任人员是否具有知识产权合规意识,是否熟悉知识产权领域的法律法规,是否将知识产权合规工作列入公司管理、考核重点专项工作;2.企业员工是否具备知识产权合规基本意识,是否了解并遵守企业知识产权合规业务、制度及要求。(四)合规管理能力:1.企业知识产权合规管理相关制度是否能够有效运行,知识产权合规重点环节的合规管理运行机制根是否运行流畅;2.是否制定知识产权合同管理制度,严格对合同有关知识产权约定进行审查,包括明确知识产权归属、保密业务、侵权风险预案等;3.是否加强对第三方合作企业的合规审查及风险防控,包括审查第三方资质、是否存在知识产权瑕疵、要求提供不侵犯知识产权承诺等。(五)奖惩机制:1.是否建立科学的知识产权合规绩效考评指标,围绕合规风险特征相关指标对员工进行考核;2.是否建立并实施相关激励流程,调动员工进行知识产权创新及合规管理的积极性;3.是否对违反企业知识产权合规义务、目标、制度和要求的相关人员进行必要的处分。(六)文件化信息管理:是否将知识产权合规管理过程中的各项要素创建为文件化信息,建立知识产权信息数据库,并有效维护和及时更新。 第三十条【质效评估】 合规管理体系效果的有效性评估和审查标准主要有:(一)合规文化:1.是否将经营活动各环节相关的知识产权风险管理要求通过流程、制度、合同以及培训、会议等沟通方式向企业员工进行宣传、推广,将知识产权风险管理理念及企业合规价值观根植于经营活动中,营造企业知识产权合规文化;2.是否构建有利于调动员工积极性的激励机制,树立尊重和保护知识产权的企业形象。(二)合规目标:1.企业所有的知识产权经营活动是否满足合规目标、符合合规要求;2.实现企业合规目标的资源配置是否完善,是否有明确的时间安排及细化流程;3.是否定期监督、检查、记录、评估合规目标的进度并进行及时更新调整。(三)可持续发展能力:1.是否根据知识产权相关法律规范的调整,及时调整企业的知识产权合规管理体系,确保其保持最新状态,适应企业的知识产权合规目标;2.是否定期开展知识产权风险内部监察,针对发现的合规风险,及时提出具体解决方案并积极落实整改。(四)违规事件及其处理:1.发现违规事件时,企业是否及时采取措施控制并纠正,分析违规事件产生的原因;2.是否针对违规事件反映的管理问题及时进行改进和弥补管理漏洞,包括改进业务流程、重新培训员工、加强预警机制等;3.是否向内部和外部通报违规事件相关情况,保留文件化信息。 英文版Guidelinesfor Enterprise Compliance with Intellectual Property Rights(For Trial Implementation)Chapter I General Rules Article 1 [Formulation Basis] The Guidelines are formulated in accordance with “The Guiding Opinions on Establishment of a Third-party Supervision and Evaluation Mechanism for the Compliance of Enterprises Involved in Criminal Cases(for Trail Implementation)”, the “Specifications for the Administration of Intellectual Property Rights of Enterprises” and the pilot working experience on enterprise compliance reforms, for the purposes of enhancing enterprises’ compliance management work for intellectual property rights, guarding against and defuse compliance risks related to intellectual property rights, and guiding enterprises to operate in compliance with relevant law and regulatory requirements as well as to develop healthily. Article 2 [Purpose] The purposes of compliance management for intellectual property rights of enterprises are to effectively identify and manage compliance risks related to intellectual property rights, ensuring that management of enterprises and other business activities conforms to relevant laws and regulatory requirements; and to promote enterprises to comprehensively enhance their compliance management on intellectual property rights, advance their lawful business management level, and guarantee the sustainable and healthy development of enterprises. Article 3 [Compliance Risks] The “compliance risks related to intellectual property rights” this Guidelines referred to, are legal responsibilities, criminal charges, financial or reputational losses or any other negative influences resulted from enterprises’ or its employees’ non-compliance actions. The legal risks concerning intellectual property rights include but not limited to: (1) Risks of Patent Rights: 1. risks related to patent license abuses, the right of patent application disputes, patent being infringed, being involved in patent infringement lawsuit, and patent transfer disputes; 2. risks in failing to effectively develop and implement patent, and poor management causing invalidity of patent, etc. (2) Risks of Trademarks: 1. risks in the application for trademarks: trademark not registered or pre-registered by others, incomplete registered categories, insufficient protection of key categories, incomplete application for marks; 2.risks in the implementation of trademarks: incomplete application for territories that registered trademarks can be used within, failure to make overall arrangements for target markets, using or licensing others to use the registered trademark beyond the licensed category of the goods or services, infringement of others’ prior rights, non-standardized use of trademarks, etc. (3) Risks of Copyrights: 1. risks related to service works, commissioned works, and the confirmation of corporates’ copyrights thereof; 2. risks of works’ material infringements; 3. right of dissemination via information networks infringements; 4. legal risks in the licensed use and transfer of copyrights, etc. (4) Risks of Trade Secrets: 1. risks of trade secrets being acquired by others via theft, spying or hacking; 2. risks of internal employees being bought off; 3. risks of trade secrets leakage in the course of external disseminations and collaborations; 4. risks of employees’ disclosure of trade secrets after leaving office, etc. Article 4 [Compliance Principles] The establishment of enterprise compliance system for intellectual property rights should adhere to the principles of independence, effectiveness, comprehensiveness, dynamism and traceability: (1) Independence: The operation of compliance management department shall be free from any undue interference and pressure; the compliance management department shall objectively evaluate and handle the acts of enterprises and its employees in strict accordance with laws and regulations as well as relevant rules of the enterprises; the personnel who undertake compliance management responsibilities shall perform its duties independently without any interference from other departments and personnel. (2) Effectiveness: The compliance management system shall be effectively embedded in the specific processes of business operation, be integrated and connected with legal risks prevention, audit and supervision, internal control and risks management, etc. A compliance responsibility system, which specifies the compliance responsibilities of managers and employees for each position and supervises their effective implementation, shall be established for all employees to ensure a closed loop of compliance management. (3) Comprehensiveness: The basic and key areas of enterprise compliance management for intellectual property rights include patents, trade secrets, trademarks and copyrights; the compliance work shall cover all business activities such as research and development, production, sales, cooperation, investment and marketing, biding, and procurement, etc., run through the whole process of decision-making, execution and supervision, and guarantee the inclusion of all intellectual property rights-related businesses, departments and personnel in the compliance system. (4) Dynamism: The compliance work shall be compatible with the business scope of the enterprise, its organizational structure and business scale; timely adjustments and improvements shall be made to the compliance work according to the internal and external environment changes of the enterprise; the compliance risks exist in the business management shall be reported, corrected and improved in time. (5) Traceability: The compliance work shall have clear procedural instructions to act upon, so as to ensure the compliance management of the enterprise can be traceable and provable. Article 5 [Compliance Management System] The establishment of a compliance system for intellectual property rights shall include organizational system, institutional system, operating system, risks identification and handling system, etc. Chapter II Compliance Management Organizational System Article 6 [Compliance Responsibility] In light of its business nature and scales, enterprises may reasonably select and appoint intellectual property rights compliance management department or personnel, which can organize, coordinate and supervise enterprises’ compliance management work, take direct responsibilities for compliance management as well as simultaneously support other departments for compliance management. Enterprises may guarantee such department or personnel’s veto power for matters involving significant compliance risks. Their duties mainly include: (1) Researching and drafting compliance management plans, making compliance management rules, organizing the development of strategic plans and annual reports of compliance management; (2) Paying continuous attention to changes in laws, regulations and other rules, and organizing the identification and early warning of compliance risk; (3) Participating in the enterprises’ major decisions-making, providing compliance suggestions and opinions, and taking part in compliance reviews and risk management on the enterprises’ material matters; (4) Participating in the business sections’ due diligence and periodic evaluation for vital business partners; (5) Instructing the implementation of compliance work in each department, providing compliance consulting, and organizing compliance certification; (6) Organizing compliance inspection and assessment, conducting compliance evaluation over rules and procedures, and urging corrective actions and continuous improvements over non-compliance ; (7) Promoting the integration of compliance responsibilities into job duties and employee’s performance management; (8) Establishing compliance performance review indicators, monitoring and measuring compliance performance; (9) Establishing compliance reporting management system, accepting reports within the scope of compliance management duties, organizing or participating in the investigation of reported incidents, and offering suggestions for handling; (10) Organizing or assisting business departments and human resources sections to conduct compliance trainings; (11) Other compliance management duties suitable for the compliance management department. Article 7 [Organizational Support] The board of directors, board of supervisors and senior managers of enterprises shall perform necessary compliance management responsibilities, offer support for the formulation and implementation of the intellectual property rights’ compliance plan, and ensure the independent exercise of authority by the compliance management department (personnel), with sufficient resources guaranteed.Article 8 [Internal Collaborations] Each department of enterprises shall collaborate within the scope of their authorities to implement the routine work of compliance management, and appoint a section compliance liaison, who will be able to collect and report information regarding compliance risks as well as to cooperate with the compliance department to investigate relevant issues and make corrections. Chapter III Compliance Management Institutional System Article 9 [Compliance Control] Enterprises shall establish a sound and standardized business management and decision-making process of intellectual property rights, take compliance control as a compulsory procedure for business management activities such as rules formulation, material matters’ decision-making, important contracts’ conclusion and significant projects’ operation, as well as propose changes to non-compliance content in time. Such activities shall not be implemented without compliancecontrol. Article 10 [Compliance Monitoring] Compliance monitoring on the compliance system of intellectual property rights shall be conducted regularly by enterprises. Such monitoring shall be implemented by the compliance management department personnel, and a compliance monitoring report shall be produced. The compliance monitoring shall mainly include evaluation for the effectiveness of the compliance system of intellectual property rights and the relevant compliance performance, so as to ensure the realization of the purposes of intellectual property rights compliance. Article 11 [Compliance Reporting] Enterprises shall encourage reporting of potential or actual violations of intellectual property rights’ compliance policies or obligations. Enterprises shall broaden the sources of feedbacks for compliance performance, establish reporting systems, help hotlines, feedback or suggestion boxes for relevant personnel, and set up a compliant handling system for third parties such as suppliers and contractors, focusing on the collection of feedbacks regarding the enterprises’ non-compliance actions, compliance queries and evaluations for compliance effectiveness and performance. Article 12 [Performance Review] Enterprises shall set up scientific compliance performance review indicators of intellectual property rights, evaluate each department’s compliance performance and contributions to the compliance work in a scientific manner, incorporate compliance performance review into the annual comprehensive assessment of each department and the relevant persons in charge, and take compliance performance as an important basis for employee assessment, promotion, merit rating and other work. The performance review shall mainly focus on the indicators related to compliance risk, including but not limited to, initiative and effectiveness of the implementation of each compliance rules, effective training ratio of departmental personnel, frequency of interventions by regulatory institutions, negative impacts arising from non-compliance issues such as penalties, compensations, damage to goodwill, etc., potential risks of non-compliance, and the record-keeping of compliance-related information, etc. Article 13 [Non-compliance Investigation] Enterprises shall establish an investigation system for non-compliance, adhering to principles of just and fair, and promptly and thoroughly investigate any claims or suspicions of misconducts by enterprises, its employees or related third parties. They shall investigate enterprises’ responsive documentations, disciplinary or remedial measures, and adjust the compliance management system for intellectual property rights in light of these lessons learned; find out the roots of misconducts, loopholes in the system and reasons for responsibility deficiency, including the acts and duties of managers, top management and governance bodies; and prudently analyze the identified causes, taking into account the number and level of the personnel, as well as the degree, prevalence, severity, duration and frequency of non-compliance incidents. Article 14 [Documented Information Management] Enterprises shall establish a system of documented information management to ensure that the important process in the formation of relevant intellectual property rights in business management are recorded, marked, stored, protected, retrieved, preserved and disposed. Effective management shall be conducted over external documents such as administrative decisions, judicial judgements and lawyer’s letters, ensuring the accuracy of the sources and timing when those documents were obtained. The documents of external origin and record files shall be complete with clear preserve methods and retention periods. The carriers of the documents management system are not limited to paper documents, but also include electronic ones. Article 15 [Resource Allocation] In order to ensure the proper implementation of compliance management, enterprises may set up regular budget accounts for intellectual property rights, which may include: expenses for the application, registration, maintenance, retrieval, analysis, evaluation, assessment, litigation and training for intellectual property rights; expenses for operation of compliance management institution of intellectual property rights; expense for the establishment, operation, maintenance and update of the compliance management system regarding intellectual property rights; expenses for intellectual property incentives. Enterprises that meet certain conditions may also set up reserves for intellectual property risks. Article 16 [Confidentiality Management] Enterprises shall establish a system of confidentiality management, which specifies secret-related personnel and requires confidentiality registration and access permissions. Regarding the equipment that may easily cause leakage of intellectual property secrets, enterprises shall regulate the users, purposes, usage modes and circulation of such equipment; specify the scope of confidential information, classified level and period, as well as the requirements for transmission, preservation and destruction. The confidential areas and the areas which customers and visitors have access to shall also be identified. Article 17 [Compliance Culture] Enterprises shall establish a hierarchical compliance training system for technical personnel, intellectual property management personnel and all employees. The construction of intellectual property culture shall be carried out in terms of enhancing the awareness of intellectual property protection and intellectual property values, creating an atmosphere of active pursuit of innovation and due respect for knowledge, attaching importance to intellectual property publicity and education. Enterprises shall combine the construction of intellectual property management system with talents cultivation, establish an incentive mechanism that is conducive to mobilize employees’ enthusiasm for intellectual property work, and build up an enterprise image that respects and protects intellectual property rights. Chapter IV Compliance Management Operating System Article 18 [Compliance In Acquisition ] Enterprises shall make timely applications for the registration of various types of intellectual property rights, clarify the management measures and procedures for applications and registrations for patent, layout design of integrated circuits, trademarks and copyrights, trade secrets protection as well as their subsequent maintenance or abandonment. Article 19 [Compliance In Maintenance] Enterprises shall clarify the rules regarding the disposal and implementation of intellectual property rights, specify the conditions for defining service works as well as principles to determine the ownership of intellectual property rights for commissioned work or co-authored work, and provide the management measures and procedures for the transfer, licensing, investment and pledge of intellectual property rights such as patents, trademarks and copyrights. Article 20 [Compliance in Implementation] Enterprises shall focus on the management of intellectual property rights in the processes of production and operation, clarify the management measures and procedures for all kinds of matters concerning intellectual property rights that might arise in the procurement of raw materials and equipment (including softwares, etc.), technology and product development, technology transfer(licensing) and cooperation, commissioned processing, sales of product, advertising or sales exhibition, biding, import and export trade, joint ventures, mergers and acquisitions, and listing, etc. The measures and procedures include: (1) Intellectual property management in procurement. Enterprises shall collect relevant information of intellectual property and request the supplier to produce proof of ownership where necessary; conduct management and confidentiality work for suppliers’ information, purchase channels, and purchase price strategies, etc.; and specify the ownership of intellectual property rights, the scope of licensing, and tort liability, etc., in the procurement agreement. (2) Intellectual property management in production. Enterprises shall focus on finding out the innovative achievements with intellectual property values, and take corresponding protective measures in a timely manner. Regarding those operating procedures, various reports and test records, inspection and testing records, etc., which are not suitable for public disclosure during production, an appropriate confidentiality system shall be established and relevant measures of confidential nature shall be taken. Enterprises shall also pay attention to avoiding intellectual property risks in the overseas processing when being engaged in commissioned processing, processing trade with supplied materials, original equipment manufacturer and other processing business, and clarifying rights, obligations and confidentiality of both parties concerning intellectual property. (3) Intellectual property management in research and discovery(“R&D”). Enterprises shall build an intellectual property tracking, retrieval, analysis and monitoring system for R&D activities; clarify intellectual property ownership management of R&D achievements; strengthen the management of the archives and confidentiality of R&D activities, establish a management system of R&D archives and records, which guarantees the traceability of R&D activities; and enhance the selection and quality control over R&D results that proceed to patent application. (4) Intellectual property management in marketing. Enterprises shall investigate and analyze the existing intellectual property rights of the products of the same kinds in the market where their products are to be launched, so as to prevent from encountering claims of intellectual property rights infringements; correctly use registered trademarks or patent numbers and other proof of intellectual property rights, and remind consumers and relevant market entities where necessary; establish a mechanism to monitor the market for the sales of product and use multiple channels to monitor the market situation of the products of the same kinds. For those found to be infringing, key information should be collected, and notarization should be conducted where necessary. Article 21 [Listing Examination] Before enterprise listing, a comprehensive evaluation and planning for the legal status, duration and legal risks of existing intangible assets shall be conducted. The ownership and legal status of the intangible assets prepared by the listed company as well as relevant content in the prospectus shall be examined, and the acquisition, loss and transfer of the intellectual property rights shall be completely disclosed. Article 22 [Overseas Business] Enterprises shall actively carry out the layout of intellectual property rights in overseas business; investigate and analyze status of relevant intellectual property rights of the technology or products to be introduced and comprehensively evaluate the risks of infringements. When concluding contracts for technology or products import or export (including agency agreements), these issues which include the licensing mode and scope of the imported technology or products, the ownership of the subsequent improvement results, sharing and maintenance of rights, confidential responsibilities and obligations of both parties, and legal liabilities the supplier undertakes in the case of intellectual property infringement of the introduced technology or products shall be provided in the contracts. Chapter V Compliance Risk Identification and Handling System Article 23 [Identification and Early Warning] By improving compliance risk information collection mechanism, enterprises shall comprehensively and systematically tease out the possible compliance risks in their business activities, establish a compliance risk ledger, and systematically analyze the origin, category and forming factors of risks, possible consequences and its probability, etc. For risks that are of typical significance, widespread or capable to cause serious consequences, early warnings should be issued in a timely manner. Article 24 [Risk Inspection] Compliance management department shall lead, organize and coordinate all kinds of compliance inspection work. An joint inspection team may be formed by personnel selected from relevant departments to conduct periodical compliance risk inspections based on the business conditions of enterprises. As to the compliance risk found in inspection, the inspection team shall put forward corrective suggestions, and each department shall propose specific solutions. After the solutions being confirmed by the inspection team, the compliance management institution shall supervise and urge all departments to actively implement the corrective plans. Article 25 [Risks Level] Enterprises may classify the compliance risks of intellectual property rights into three levels: Significant, Medium, and General. (1) Significant risks include: intellectual property risks arising from significant changes in laws, regulations, guidelines and local legal environment; penalty decisions, regulatory suggestions and risk warnings issued by regulatory agencies; submissions to regulatory agencies of supporting materials, special reporting materials, implementation of regulatory suggestions and rectification, compliance materials and other relevant information; information of significant intellectual property risks that are in violations of laws, regulations and guidelines during the course of business operations; any kind of regulatory documents that fail to meet the requirements of laws, regulations and guidelines; cases in which enterprises are being sued due to intellectual property compliance issues; other matters that should be identified as significant compliance risks. (2) Medium Risks include: newly generated intellectual property risks or changes of original risks in business activities; changes in the measures or consequences of implementing the established compliance risk solutions, which fail to fully meet the original objectives; possible impacts on business operations, but the impacts are relatively insignificant or may cause small direct losses in the future; other matters that can be defined as medium compliance risks. (3) Apart from the above-mentioned significant and medium risks, matters that have less impact on promoting the enterprises’ compliance management for intellectual property rights, improving its compliance management level pursuant to the law, or ensuring the healthy development of the companies, shall be managed as General Compliance Risks, although these issues still need to be improved by enhancing management work or by other means. Article 26 [Risks Solutions] Enterprises shall develop and select risks solutions for intellectual property rights, including general solutions and special solutions, according to different levels of compliance risks. As to significant risks, compliance management department and other departments shall work jointly to study and introduce specific rectification plans, clarify particular requirements for rectification subjects, specific responsible persons and rectification time nodes, etc. Compliance management department shall take month as time nodes to summarize the completion of rectification, and report to the enterprises’ decision-making body in time. Article 27 [Accountability Mechanism] An accountability mechanism shall be established based on enterprises’ own conditions. It shall conduct periodic reviews of performance objectives, bonus and other incentive measures for intellectual property compliance so as to verify whether appropriate measures are in place to avoid non-compliance actions; take appropriate disciplinary actions against personnel who violate the enterprises’ compliance obligations, objectives, systems and requirements of intellectual property rights, and hold them accountable when necessary. Chapter VI Third-party Evaluation and Supervision System Article 28 [Design Evaluation] The criteria for assessing and reviewing the effectiveness of the design of compliance management system mainly include: (1) Identification and evaluation for non-compliance risks: 1. whether the compliance management departments/personnel are regularly organized to conduct a comprehensive assessment of the possible compliance risks of intellectual property rights, with a focus on the identification of risks in all stages of production and operation such as intellectual property research and discovery, procurement, production and marketing; whether a risk control and handling capacity matching the probable intellectual property compliance risks to be faced with, is developed based on the prioritized issues in the compliance management of risks identification and evaluation; 3. whether risks evaluation systems are periodically updated, which can identify and evaluate new changes to the original risks as well as newly generated risks in a timely manner. (2) Policy and procedure arrangements: 1. whether relevant compliance management systems for intellectual property rights are established in accordance with compliance risks, business scopes and scales of enterprise, etc., and standardized managements are conducted in all the processes; 2. whether the execution standards of relevant systems, responsible entities and contents are clarified; 3. whether a compliance management operation mechanism for key segments such as the compliance acquisition, maintenance and implementation of intellectual property rights, is established, and being protected from possible risks. (3) Training and communication arrangements: 1. whether a compliance training system is established, organizing and conducting targeted training on intellectual property compliance regularly, ensuring the employees’ fully recognition of the importance of intellectual property compliance and acquisition of professional skills for intellectual property, and improving business capacities at all levels through training; 2. whether internal and external communication channels for intellectual property and its compliance management are established, incorporating compliance culture, objectives and business of intellectual property into the content of communication, and ensuring timely collection and feedbacks of relevant information. (4) Reporting and investigation mechanisms: 1. whether a reporting and investigation management approach for intellectual property rights is set up, and whether a special inspection system for personnel positions involving key risks is established; 2. whether a reporting channel in an open way is settled, and whether all personnel can understand and being fluent in using the relevant reporting procedures are guaranteed; 3. whether non-compliance investigation processes are established, ensuring a timely and thoroughly investigation of the non-compliance actions and its causes. (5) Execution and guarantee institutions: 1. whether compliance management departments and personnel for intellectual property rights are set up, organizing, coordinating and supervising management work as the leading department of enterprise compliance management; 2. whether the enterprise audit, supervision, internal control, quality, security and all business departments being required in their respective areas of competence to cooperate with the implementation of the routine work of compliance managements for intellectual property rights are clarified; 3. whether corresponding professional qualifications, good business competence and morality are required in the course of appointing the enterprises’ intellectual property compliance personnel . (6) Third-party supervision mechanism: 1. whether periodical compliance supervisions for intellectual property compliance system are conducted and compliance supervision reports are produced, focusing on evaluating the effectiveness of the intellectual property compliance system to ensure the realization of the objectives of intellectual property compliance; 2. whether a third-party institution is appointed when necessary, evaluating the effectiveness of the enterprises’ intellectual property compliance system and compliance risks management, and issuing evaluation reports. Article 29 [Execution Evaluation] Standards of evaluation and reviewing for effectiveness of the execution of compliance management system include: (1) Resource allocation: 1. whether enterprises provide relevant infrastructure for intellectual property compliance management, and take abidance of enterprise compliance business, rules and requirements of intellectual property rights as a condition for employment, as well as for staffing corresponding personnel; 2. whether regular budget accounts for intellectual property rights are set, including expenses for application, registration, maintenance, analyze, evaluation, litigation and training for intellectual property, and operation, maintenance and update for management system, in order to guarantee the normal operation of the compliance management work for intellectual property rights. (2) Responsibilities and authorities: 1. whether responsibilities of compliance management departments and personnel for intellectual property rights are provided; 2. whether necessary compliance management responsibilities that the board of directors, board of supervisors and senior managers should perform are clarified; 3. whether responsibilities and communication procedures of each department to cooperate with the routine work of implementing compliance management for intellectual property rights are clearly defined. (3) Compliance awareness: 1. whether enterprises’ management level and responsible personnel are aware of intellectual property compliance, whether they are familiar with the laws and regulations in the field of intellectual property, and whether compliance work for intellectual property rights are included in the key work of enterprises’ management and assessment; 2. whether employees of the enterprises have basic compliance awareness for intellectual property , and whether they understand and comply with enterprises’ compliance business, rules and requirements for intellectual property rights. (4) Compliance management capability: 1. whether relevant compliance management systems for intellectual property rights can operate effectively, and whether compliance management operation system in key aspects of intellectual property compliance can operate smoothly; 2. whether contracts management system for intellectual property is established to strictly review the terms related to intellectual property rights in the contracts, including the clarification of intellectual property rights ownerships, confidentiality obligations, and infringements risks solutions, etc.; 3. whether compliance examination and risks control of third-party cooperative enterprises are strengthened, including the examination of third party’s qualifications, the existence of intellectual property defects, and requirements of providing intellectual property non-infringement commitments. (5) Rewards and punishments mechanism: 1. whether scientific compliance performance indicators are established and employees are evaluated by relevant indicators of compliance risks characteristics; 2. whether relevant incentive processes are established and implemented, motivating employees to carry out intellectual property innovations and compliance managements; 3. whether necessary sanctions are imposed on relevant personnel who violate enterprises’ compliance obligations, objectives, rules and requirements for intellectual property rights. (6) Documented information management: whether all elements in the processes of compliance management for intellectual property rights are created as documented information, and effectively maintained and updated in a timely manner. Article 30 [Quality and effectiveness evaluation] The criteria of evaluation and review for effectiveness of the compliance management system mainly include: (1) Compliance culture:1.whether the requirements for intellectual property risks management related to all aspects of business activities are publicized and disseminated to employees through processes, rules, contracts and communication methods such as training and conference, so as to embed concepts and values of risks management and enterprise compliance for intellectual property rights into business activities, creating an compliance culture for intellectual property rights; 2. whether incentive mechanisms conducive to mobilizing employees’ motivation is built, creating an enterprises’ image of respecting and protecting intellectual property rights. (2) Compliance objectives: 1. whether all the business activities related to intellectual property rights of the enterprises meet the compliance objectives and comply with compliance requirements; 2. whether the resource allocation for achieving enterprises’ compliance objectives is adequate, and whether there is a clear time schedule and detailed process; 3. whether the progresses of the compliance objectives are regularly monitored, inspected, recorded, evaluated and timely update and adjusted. (3) Sustainability: 1. whether compliance management systems for intellectual property is adjusted in a timely manner according to the changes of legal norms related to intellectual property rights to ensure that it remains up-to-date and adapts to the enterprises’ compliance objectives for intellectual property rights; 2. whether periodical internal supervision of intellectual property risks is carried out, and specific solutions are proposed and rectification is actively implemented in response to the identified compliance risks. (4) Non-compliance incident and its handling: 1. After the non-compliance incidents are found, whether measures to control and correct are taken, and the causes for the incidents are sort out; 2. whether improvements and remedies for management loopholes are made in response to non-compliance incidents, including improving business processes, retraining employees and enhancing early warning mechanisms, etc.; 3. whether internal and external parties are informed of the relevant situations of non-compliance incidents and documented information are retained.
