03:30 PM
Patent Issues a Growing Concern for Banks
Patents are one of the issues that hover in the backs of bankers' minds -- they know patents can be important, but seldom do they address the topic unless prompted to do so by a lawsuit, say experts. Unfortunately for the banking industry, legal wrangling around financial services patents is becoming all too common.
The technology and processes that banks possess often are unique in many ways. And increasingly, this intellectual property is the source of an institution's competitive advantage. As James Malackowski, president and CEO of Ocean Tomo, a Chicago-based merchant bank that specializes in intellectual property transactions, told attendees at a recent symposium on patents hosted by the Securities Industry and Financial Markets Association (SIFMA), with manufacturing moving to China and servicing moving to India, proprietary innovation is all that's left for U.S. institutions.
According to Malackowski, over the past 30 years or so, the proportion of tangible components of the economy versus the intangible components has flipped dramatically. In 1975, more than 80 percent of the economy consisted of tangible assets, he said; today nearly 80 percent is intangible. This transformation from concrete mechanical elements to intangible assets, such as software, has thrown the U.S. Patent & Trademark Office (PTO) for a loop as it struggles along with the courts to define what items are patentable, experts agree.
Financial services -- perhaps more so than any other industry, except high tech -- finds itself at the center of the conundrum as banks attempt to convey the unique, beneficial qualities of the technologies and processes on which their businesses are built. Initially, it appeared as if banks' intellectual property would be covered by patents. In a 1998 case involving Boston-based State Street Bank & Trust, the courts agreed that the business process developed by the bank was in fact a patentable article. That, say law experts, was an affirmation to the financial services industry that its technology and processes warranted protection.
Andrew Barbour, vice president of government affairs with the Washington, D.C.-based Financial Services Roundtable (FSR), confirms that patents are of growing importance to the FSR's financial institution members. "For years, the industry protected intellectual property through trade secrets. But that began to change in the late '90s, and things shifted into high gear with the State Street ruling on business method patents," Barbour explains.
"My members want to move from trade secrets to patents because this works offensively as well as defensively, and it's the way other industries are moving," he continues. "We have a lot of novel, nonobvious ideas to share with the public."
The progress banks have made in obtaining patents, however, may come to a screeching halt in some instances. According to observers, the Court of Appeals for the Federal Circuit may overturn the State Street ruling as it examines what's being referred to as the Bilski case, which asserts that a company cannot file a patent on something as intangible as a business process, especially if it does not involve a machine (i.e., a computer) in some manner.
"The Bilski case will directly impact the financial services industry since it addresses a patent on a method of managing consumption risk costs of a commodity [with no computer apparatus]," explains Esther Lim, a Washington, D.C.-based partner with the law firm Finnegan, Henderson, Farabow, Garrett & Dunner. "Today there's a lot of uncertainty around what's eligible for patent protection."
Lim adds that the court considers these rulings so important that the entire court will sit in on the Bilski case. "This is a big issue for the financial services industry because many of the cases deal with innovation around software and processes," she explains. "With the State Street case, the court was very clear that business methods and financial processes should not be treated differently."
"This is a very big deal for financial institutions," adds Lewis Hudnell, a principal with the law firm Fish & Richardson (New York). "The court will consider whether the application is eligible subject matter, whether the method is a physical transformation of an article, and whether it's appropriate to consider the Federal Circuit decision on State Street and whether that should be overruled."
Understanding the Underlying Technology
This sudden change of heart by the courts, say some experts, is due in large part to public outcry over "bad patents" that unfairly restrict competition and a lack of understanding of the underlying technology. "There has always been resistance in the public to business method patents," Hudnell contends. "Some feel they are intangible processes that are simple and obvious." In fact, Hudnell says, in other countries, it's difficult -- if not impossible -- to get a patent on a business method.
"The courts struggle to determine what is and is not a business method. The State Street case doesn't tell us how to figure this out," he adds.
"With patents, the more tangible, the better," Hudnell continues. "Things get a bit fuzzy when you're dealing with a mathematical algorithm, for example. Is the mathematics used to generate a tangible result or an increased utility of something that will translate into a benefit you can see? That's the question."
Adding to the problem is the fact that software is a difficult concept for some people to grasp, according to Finnegan Henderson's Lim. The courts and the PTO, she asserts, lack the understanding and technical knowledge necessary for many of today's patent applications -- including those from the financial services industry.
"It's very difficult to get a quality patent in financial services because there's not enough understanding and experience in the PTO in the financial services space," adds the FSR's Barbour. "They're good people at the PTO, but many of them are engineering or chemical specialists; they're not former traders or bankers."
There clearly needs to be more specialized understanding of financial services technology and processes at the PTO, according to Daniel Marovitz, Deutsche Bank's (Frankfurt; US$1.3 trillion in assets) head of product management, global transaction banking, in London. "Software patents are easier to understand," he says. "But if you have an algorithmic pricing structure for something like credit default swaps, that's difficult to grasp -- you need a more specific understanding. Furthermore, since this is a mathematical process, it's hard to find patentability. After all, it is challenging to prove someone was using your particular algorithm."
Making matters worse with regard to issuing patents, Marovitz says, is the increasing complexity of the mathematics used in financial services products and processes. "There has been a steady progression in the complexity of financial products and the level of basic mathematical background needed to understand them," he relates.
"Banks today are hiring a lot more people with Ph.D.s in mathematics," Marovitz explains. "If you have a product designed by someone with this magnitude of expertise, sometimes there's no easy way to break it down in a manner that the courts can understand."
As a result of this knowledge gap at the PTO, the courts are left holding the bag when it comes to enforcement, according to Patrick Walsh, director of marketing and product management with e-Soft, a Broomfield, Colo.-based provider of network security applications. The PTO, he says, "awards the patents but then leaves it up to the courts to decide if they're enforceable."
Despite the uncertainty surrounding patents, however, banks should not shrink away from pursuing them. Deutsche Bank's Marovitz contends that banks traditionally have not focused on pursuing patents on their intellectual property (IP). He believes this is partly a cultural issue.
"Banks are spending billions on new technology, but they don't have a culture of going after patents," Marovitz explains. "The internal development teams at banks are like the research and development organizations at software companies -- the largest banks are among the largest software developers in the world. But they lose touch with the value of their products in the overall market."
Which raises another question with which banks struggle: Do they keep their technology a trade secret, or do they bring it public and apply for a patent? "Patents, copyrights and trademarks are very public," notes e-Soft's Walsh. "You no longer have your 'secret sauce.'"
Forcing Intellectual Property Into the Open
Increasingly, however, market forces impel banks to consider applying for patents. One factor in this push is outsourcing. Despite conflicting reports on the growth of outsourcing, the practice remains a popular mode of operation in the financial services industry. As a result, experts believe, there will continue to be an increase in the number of financial services patent applications.
According to Jeremy Sokolic, vice president of marketing with New York-based CashEdge, which just underwent the arduous patent application process itself for a payments solution, banks are fairly conservative around patents. "They realize the patent situation is important," he says. "As they increasingly outsource, they don't want to get in a relationship with a vendor only to find another vendor has a similar patent. As the trends of outsourcing and software-as-a-service continue, IP will become more important to the industry."
Victor DeMarines, vice president of products with V.i. Laboratories (Waltham, Mass.), a software security solutions provider, says that with outsourcing comes an increased awareness among financial institutions of IP issues. "I spoke to a bank that's outsourcing development of an application that it wants to bring to market quickly," he recalls. "They outsourced the development to China and Russia -- two countries that don't do well with protecting IP. So this bank wanted to take advantage of the expertise in emerging markets but security became a big cloud over the deal."
DeMarines notes that developing solutions in-house also can be fraught with its own IP-related problems. "What if you develop the software in-house but it's used outside your perimeter, such as at a client site?" he asks.
"One financial services company I spoke with developed an application on Microsoft's [Redmond, Wash.] .NET platform. The problem with .NET is that the algorithms are very exposed," DeMarines contends. "A novice can use a freeware tool to look inside your application. This is a big problem when applications such as this are used outside the firm. Of course, you must do your due diligence around security, but that must also take IP security into account."
In general, DeMarines says, the world is moving toward computer languages and open-source development that make it easier for users to deduce what makes a piece of software tick. "People are becoming worried about their source code," he says.
Locking Down Intellectual Property
However, there are ways to protect this proprietary information, just as there are methods to secure any sensitive data within an enterprise. In fact, many of the best practices for protecting IP are similar to security solutions used to safeguard customer data.
David Drab, principal in charge of security and compliance at Xerox and a former FBI agent who dealt with industrial espionage cases, says his team at Xerox helps clients, including financial institutions, look for the security weaknesses in their systems and processes. The key to protecting intellectual assets, he says, is to capture the critical information and IP at the point of origin.
"With IP today, most of it goes out the door before it's even captured," Drab asserts. "You need to determine what information you have that is of value and capture it quickly." Stamford, Conn.-based Xerox's DocuShare solution, he claims, provides this functionality.
Scanning tools also provide a method for searching out the vulnerabilities in a system, according to V.i. Labs' DeMarines, who notes that banks' IP is at even greater risk today because of the widespread use of Web-based applications. "Banks use scanning software to look for these vulnerabilities, such as the use of open-source software and back doors, in their applications so they can shut this down," he explains.
"I know of one bank that did this and they were surprised to see how much of their IP was exposed," DeMarines continues. "Banks worry a lot about customer data -- now they are starting to worry about the IP and the application itself. What if someone knows the application well enough to poke holes in it to get to the customer data?"
E-Soft's Walsh says the vendor provides security at the network level. Its solution sits just at the edge of a bank's network where it meets the Internet. It not only scans for viruses and prevents intrusion, it also looks for patterns and keywords, such as documents leaving the network labeled "confidential."
"The scanning engine can detect this word on a document if it's about to leave the network. It puts the file in quarantine and sends an auto alert to an administrator," Walsh explains. Beyond IP, the solution also can zero in on documents in transit containing customer PINs, Social Security numbers and other sensitive data.
Xerox's Drab stresses that banks must protect IP in both the digital and paper worlds. As such, it's vital to control the flow of data from output devices, such as printers and copiers, he says, noting that these are highly vulnerable end points that have long flown under the radar of many companies' IT departments.
"The NSA [National Security Agency] once called the copier 'the spy's best friend,'" Drab relates. "What happens when a document is printed or copied? This is a critical area because you can have all the network security in the world in place, but it means nothing once something is printed."
Drab adds that there is technology available that can track printed documents and help prevent them from being copied. For instance, he says, firms can use holograms, microtext (text that is embedded into a document at 1/100th of an inch) and invisible infrared coding embedded into a document to ensure the authentication of the original document.
"Of course, no matter how much security you have, nothing protects 100 percent," Drab warns. That is why banks and other financial institutions must be able to rely on legal measures to keep their IP safe.
Monitoring the Insider Threat
As with other data security, an important component of protecting IP is monitoring employees, says Finnegan Henderson's Lim, who points to non-compete clauses and confidentiality agreements as important tools. "These must dovetail with your IP strategy," she asserts. "It's important for financial institutions to have clear documentation that they own the process. When you file for a patent, you assign the right to the invention to the company [not the employee]. These are just good business practices."
That's if a bank can determine who does and doesn't qualify as an "employee." "Many banks use outsourcers, employ temporary workers, have partners -- and all need to access the bank's network in some manner," comments Deutsche Bank's Marovitz. "Banks are going to need a semi-permeable/selectively permeable membrane for access control. As organizations become global, the boundary between who is an employee and who isn't becomes more complex."
It's important to address these issues up front when hiring new employees or entering a partnership with a third party and to remain proactive, adds Fish & Richardson's Hudnell. "This is a legal issue and you have to make sure you have the protocols in place to ensure there are no problems down the line," he says. "These legal agreements must also be updated periodically."
But safeguarding what's inside an employee's brain isn't the same as securing a database, points out CashEdge's Sokolic. Despite protocols to protect IP, "They still have all that knowledge in their heads," he says. "This is a risk you take when you hire someone."