VeriSign "non-compliant" with Chinese wall rules

VeriSign “non-compliant” with Chinese wall rules

VeriSign Inc demonstrated "material noncompliance" with the rules that separate its domain name registry business from its registrar business, an audit by Ernst & Young LLC found, it emerged this week.

The 2002 audit followed 2001’s report, which declared VeriSign had not established adequate controls… to determine compliance. But VeriSign said this week that the two issues E&Y uncovered in 2002 were minor, a statement that appears to be accurate.

The rules cover the company’s relationship with the Internet Corp for Assigned Names and Numbers. ICANN granted the firm certain lucrative contracts two years ago, and one of the conditions was that it establish a competition-protecting Chinese Wall between the retail registrar business and the wholesale registry business.

The theory goes that as VeriSign runs the registry of several major top-level domains, including .com, it could feasibly give preferential treatment to its market-leading registrar business, to the detriment of its hundred or so competitors. The rules were put in place to prevent this from happening.

The E&Y report published on ICANN’s web site this week said that at some times last year it provided some registrars with more registry IP addresses than permitted, in deviation from the rules. These addresses were used in the business systems for selling domain names in .com, .org and .net.

However, both E&Y and VeriSign pointed out that the registrars in question were not affiliated with VeriSign. The company added that there were temporary operational need[s] for these extra addresses, and that the deviation was within the spirit and the intent of the separation rules.

The audit also found that some staff did not complete their annual conflict of interest refresher training within the 12-month time period allotted. VeriSign responded that some situations could make it appear that staff had not completed the training, but that it was not in violation of the requirements.

VeriSign believes that there has been no material noncompliance with the audited requirements, the firm said in a letter to ICANN. We will, however, take the appropriate steps to correct the areas of concern raised by the report.

ICANN, which has the theoretical ability to levy fines in cases of continuous non-compliance, was not available for comment.

Source: Computerwire

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing