The fundamental problem is that domain name trademark enforcement is handled by the legal department when it should be handled by marketing, business development, and/or DevRel.
While companies can enforce their trademarks, it's generally better to allow people who are using domains in a reasonable way to continue. Taking the domain away and then doing nothing with it doesn't benefit anyone.
Even in parasitical scenarios, allowing squatters to get affiliate revenue by redirecting traffic to the company is better than fooling around with the legal process.
Companies have to be seen to be enforcing their trademarks, or they risk losing them. (AIUI, IANAL)
Although again if it were handled by marketing, might they just agree to licence the trademark to this person for this specific purpose for a nominal sum?
Not quite. They simply must be seen as actively using the trademark. Simply sending the domain owner a notice with strict rules describing how to avoid trademark confusion would be enough to show ARM has not relinquished it's mark. There is no requirement that they must aggressively go after people like this.
While companies can enforce their trademarks, it's generally better to allow people who are using domains in a reasonable way to continue. Taking the domain away and then doing nothing with it doesn't benefit anyone.
Even in parasitical scenarios, allowing squatters to get affiliate revenue by redirecting traffic to the company is better than fooling around with the legal process.