Verisign has delivered a significant blow to ICANN’s authority by refusing to take part in its contractual compliance audit program.
The snub runs a risk of scuppering ICANN’s plans to make compliance a cornerstone of its new management’s strategy.
In a letter to ICANN’s compliance department this week, Verisign senior vice president Pat Kane said that the company has no obligation to submit to an audit of .net under its ICANN contract.
Verisign has no contractual obligations under its .net Registry Agreement with ICANN to comply with the proposed audit. Absent such express contractual obligations, Verisign will not submit itself to an audit by or at the direction of ICANN of its books and records.
The company is basically refusing to take part in ICANN’s Contractual Compliance Audit Program, a proactive three-year plan to make sure all gTLD registries and accredited registrars are sticking to their contracts.
For registries, the plan calls for ICANN to look at things like compliance with Whois, zone file access, data escrow, monthly reporting, and other policies outlined in the registry agreements.
Verisign isn’t necessarily admitting that it thinks it would not pass the .net audit, but it is sending a strong signal that it believes ICANN’s authority over it has limits.
In the program’s FAQ, ICANN admits that it does not have explicit audit rights over all contracted parties, stating:
What’s the basis for including all contracted parties, when the ‘Right to Audit’ clause isn’t present in 2001 RAA and Registry Agreements?
One of ICANN’s responsibilities is to conduct audits of its agreements in order to ensure that all contracted parties are in compliance with those agreements.
If Verisign is refusing to participate, other registries may decide they don’t want to cooperate either. That wouldn’t look good for ICANN, which has made compliance a key strategic priority.
When Fadi Chehade started as CEO last September, one of his first moves was to promote compliance boss Maguy Serad to vice president, reporting directly to him.
He told DI that he would be “bringing a lot more weight and a lot more independent management from my office to the compliance function”.
At his inaugural address to the community in Prague last June, he spoke of how he planned to bring IBM-style contract management prowess to ICANN.
Compliance is also a frequently raised concern of the Governmental Advisory Committee (though generally geared toward rogue registrars rather than registries).