ICANN's Compliance Department continues to monitor registrar compliance with the Registrar Accreditation Agreement (RAA) through the accreditation renewal process and through handling of complaints filed by internet users. As compliance resources are augmented, ICANN plans to implement a registrar audit program, similar to the registry audit program already in place.
Since the beginning of 2006, twenty registrars' accreditation agreements expired. Of these registrars, eighteen applied for renewal. As a part of the process, renewal applicants were required to undergo a compliance review related to specific provisions of the RAA (including applicable consensus policies). Sixteen registrar-applicants successfully completed the compliance review and one registrar was denied a renewal accreditation agreement. One registrar received an extension of its RAA to complete the compliance review.
Through the renewal process, ICANN required renewal applicants to provide extensive information about their operations and compliance with contractual requirements. From the applications submitted, staff identified ten general areas requiring further review: Uniform Domain Name Dispute Resolution Policy, Expired Domain Deletion Policy, Whois data accuracy, venue provisions, Inter-Registrar Transfer Policy, Restored Names Accuracy Policy, Whois Data Reminder Policy, Whois accessibility, record retention, and reseller registration agreements. Most issues identified were addressed through a clarification by the registrar of its policies or practices. In eighteen instances, registrars were required to alter their policies, procedures, or business practices.
The following is an overview showing the various types of issues ICANN encountered during the compliance review associated with accreditation renewals between January and September 2006:
- Seven registrars updated their contact information; five registrars notified ICANN of changes to their business name or corporate structure.
- Six registrars modified their terms and conditions for query-based public access to registration data through Whois to include the required provision from RAA Section 3.3.5. ("Registrar shall permit use of data it provides in response to queries for any lawful purposes except to: (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass, unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of any Registry Operator or ICANN-Accredited registrar, except as reasonably necessary to register domain names or modify existing registrations.")
- Five registrars modified or clarified their practices related to investigation and correction of Whois data inaccuracies pursuant to RAA Section 3.7.8. ("Registrar shall, upon notification by any person of an inaccuracy in the contact information associated with a Registered Name sponsored by Registrar, take reasonable steps to investigate that claimed inaccuracy. In the event Registrar learns of inaccurate contact information associated with a Registered Name it sponsors, it shall take reasonable steps to correct that inaccuracy.")
- Five registrars clarified or modified their data retention policies to comply with RAA Section 3.4.2, which requires data to be kept for at least three years beyond the term of the RAA.
- Three registrars modified their registration agreement or communication practices to come into compliance with the Expired Domain Deletion Policy by providing additional notice to registrants of the registrars' domain deletion and auto-renewal policies.
- Three registrars modified their registration agreements to include the required jurisdiction language of RAA Section 220.127.116.11. ("For the adjudication of disputes concerning or arising from use of the Registered Name, the Registered Name Holder shall submit, without prejudice to other potentially applicable jurisdictions, to the jurisdiction of the courts (1) of the Registered Name Holder's domicile and (2) where Registrar is located.")
- Two registrars added the provision to their registration agreements requiring the registrant to agree that "its registration of the Registered Name shall be subject to suspension, cancellation, or transfer pursuant to any ICANN adopted specification or policy . . ." pursuant to RAA Section 18.104.22.168.
- Eleven registrars modified or clarified their procedures for implementing Uniform Domain Name Dispute Resolution Policy (UDRP) decisions and ensuring that registrants agree to the terms of the UDRP.
- One registrar modified its Form of Authorization used to obtain authorization for transfer requests, to comply with the Inter-Registrar Transfer Policy's requirements.
- Two registrars modified or clarified their practices for compliance with the Restored Names Accuracy Policy. ("When a registrar restores a name (from the redemption grace period) that had been deleted on the basis of submission of false contact data or non-response to registrar inquiries, the name must be placed on Registrar Hold status until the registrant has provided updated and accurate Whois information.")
- One registrar came into compliance with the Whois Data Reminder Policy by modifying its procedures to distribute Whois data accuracy reminders to all gTLD registrants at least annually.
- All of the renewing registrars provided proof of commercial general liability insurance with policy limits of at least $500,000 USD, as required by RAA Section 3.10.
- A total of $56,860 was collected from four registrars who had overdue invoices for ICANN fees due under RAA Section 3.9. ("Registrar shall pay accreditation fees to ICANN . . . consist[ing] of yearly and variable fees.")
As noted, ICANN also reviews registrar compliance through the handling of complaints brought to ICANN by internet users. In mid-August, ICANN staff began tracking registrar handling of complaints alleging non-compliance with ICANN policies or agreements. Between 7 August and 30 September 2006, thirty-three complaints were determined to involve potential issues of registrar compliance. Of these, thirty-one are considered closed and two are still pending. Of the closed complaints, seven resulted in a change to the registrar's practices or policies, eighteen were resolved without formal compliance action, three complaints (which had been made by other registrars in relation to the Inter-Registrar Transfer Policy) were referred to the Transfer Policy's dispute mechanisms, and three were resolved, pending continued oversight by ICANN for future compliance. On average, compliance tickets were closed within four days of receipt of the complaint.