1. Transparency and Accountability in ICANN Structure Specifically in ICANN Compliance Reporting

1.1. Summary: This is a space the continuing examination of the ICANN compliance function to ensure that ICANN is completely transparent and accountable in its public commitment. At-Large has been at the forefront for several years in documenting the effectiveness and responsiveness of ICANN compliance. 

1.2. Basic Issue: There is a major discrepancy in who directs compliance, more specifically, who compliance reports to. As many of us know, Fadi moved compliance out from under ICANN legal upon his arrival and made the department report directly to the CEO. This was a move welcomed by the community. However, this does not in fact appear to be the case. In terms of portfolio management and budget control, compliance is under the direction of ICANN domain business. This is a serious problem. The attached memo explains the situation and provides some suggestions for remeidying the issue in order to ensure true accountability of ICANN especially as the IANA transition moves forward. 

As we consider IANA Transition work in the context of accountability and transparency to the stakeholder community I would encourage all to review the current structure of ICANN’s compliance functions. What ICANN has at the moment is an inherent conflict of interest in the management of compliance. Early in his arrival, CEO Fadi Chehade moved the compliance department out from under ICANN legal and had it report directly to the CEO. This was done following various concerns from the community about the independence of the compliance department. However, now there is a curious situation of the compliance department actually reporting to the business division. See the screen captures below from ICANN’s portfolio management page (prior to August 2015 - see 2.5.) :

Akram Atallah is ICANN’s Global Domain Division President. His core function is in overseeing the commercial aspects of ICANN and specifically in “Relationship Management” for the contracted parties. This is in complete contradiction to his additional portfolio role which includes Contractual Compliance Functions and Initiatives. Even on an optical level, this presents a poor image. In fact, there is no firewall inside of ICANN that ensures compliance truly serves the public interest. Additionally, the domain business president functions appear far-reaching in comparison to other top-level ICANN officers. 

This structure is also in contradiction to the ICANN staff organizational chart which shows the head of compliance reporting directly to the CEO. However, ICANN’s FY2016 budget proposals specify that the compliance budget is part of the Global Domains budget and even a portion of the compliance budget is still controlled by ICANN legal. This is not what the CEO promised the community. 

To be direct, this structure where the head of commercial business is also head of the compliance function represents an inherent conflict of interest for the organization. Multi-stakeholder accountability cannot be realized in this scheme. The business of ICANN is to close to, in essence on top of, compliance. In a structure where compliance reported to legal, the spirit of compliance is guided purely by protection of the organization and not in the public interest. Now, the spirit of compliance is overshadowed by domain business decisions. This is also not in the public interest and may be less preferable to the pervious model. 

The best model, one which serves the multi-stakeholder community and the public interest, would be one in which compliance is completely divorced form ICANN’s business. ICANN’s core function is in managing contracts with registries and registrars. The compliance function is the ultimate protective force for the organization and the greater Internet community. Without an effective compliance function, ICANN is merely a pass-through for domain industry money. My recommendation is to place compliance outside the ICANN structure, possibly reporting directly to the board. Obviously, the functions should remain in ICANN’s offices to ensure continuity, but true structural independence is required for ICANN to deliver its mandate of public interest accountability and transparency.

 

1.3. Segregation of Duties as a Best Practice

The ICANN Bylaws include a provision for (#8) "Making decisions by applying documented policies neutrally and objectively, with integrity and fairness." ICANN's compliance function is its most critical department for applying documented policies as the enforcement impacts registries, registrars, registrants and users at-large. The need for objectivity, fairness and neutrality of this function cannot be underscored enough. The goal of ICANN's business division is to expand business. A compliance department run by business cannot effectively be neutral, objective, or fair. The second Accountability and Transparency Review Team (pB-6) specifically recommended that: "ICANN should act to ensure that its compliance function is managed in accordance with best practice principles." What are best practice principles? 

 

2. Actual ICANN Structure vs. Public Claims

As explained above, the President of the Global Domains Division is the "owner" of compliance. This is a fact that distinguishes the compliance director from other CEO direct reports who run their own portfolios (i.e., Theresa Swinehart, John Jeffrey, Tarek Kamel, Sally Costerton, Susanna Bennett, David Olive, Ashwin Rangan, etc.). As a direct report to the CEO, the compliance director has no independence in terms of portfolio management, it's clearly a priority of the President of the Global Domains Division. This differs clearly from the the organizational chart but the GDD control of compliance is supported by other documentation including budgets over the last few years. 


2.1. FY13 Budget Discrepancies

In looking at the budget we find a number of discrepancies between structural fact and the current organizational chart. The FY13 budget showed compliance funding completely under the control of Akram Atallah.

Another smaller portion of the compliance budget still came from Legal.

This places the $6.8M compliance budget under the control of Akram Atallah with $157K for reporting coming from Legal.

 

2.2. FY16 Budget Discrepancies

The FY16 Budget no longer uses names but rather goals, portfolios, etc. However, in the budget spreadsheet compliance functions fall under section 2.3-Support the evolution of domain name marketplace to be robust, stable and trusted. The other budget items in this section are (2.3.11) Next gTLD Round, (2.3.12) Outreach and Relationship Management with Existing and new Registry, Registrar Community, (2.3.13) Registrar Services, (2.3.14) Registry Services, (2.3.2) Domain Name Services, (2.3.8) GDD Online Services Product Management, and (2.3.9) IDNs. Again, all functions of the President of the Global Domains Division. 

The ICANN Draft FY16 Operating Plan & Budget document adds even more specificity to the GDD control of compliance, on page 17 it is stated: "Priority areas: Global Domains Division (GDD) service platform ramp-up and expansion of Contractual Compliance" 

This places compliance expansion under GDD. On Page 41 Contractual Compliance Functions (daily operations) are under the umbrella of "marketplace" priorities. 

Within the budget spreadsheet we find under 2.1.7 GDD Operations Total: “includes the implementation of Tier one customer service for Registrars and Compliance functions as they implement their proceses on salesforce CRM.” Here compliance funding is tied to customer service (for contracted parties) and sales; this is a $0.2M budget item.

In this case a portion of compliance funding is directly tied to customer service and sales. CRM is "customer relationship management" and implies this is a business-driven process and the greater Internet community is not served. Also not that a portion of this portfolio is "In Trouble" but there is no additional information here. 

Atallah previously served as the COO and Interim-CEO ("Whereas, Akram Atallah served as both ICANN's Chief Operating Officer ("COO") andICANN's President and CEO from 1 July 2012 through 13 September 2012. Whereas, when the Board appointed Akram Atallah to serve as ICANN's President and CEO, the Board agreed that rather than increase Mr. Atallah's base salaray, they would pay him a compensation supplement for his service.") 

According to the ICANN WIKI: "Atallah's role was then expanded to include oversight of Registry and Registrar Services, Security, and the new gTLD program" Well, that's kind of everything important that the organization does. "Oversight" says compliance, which is explicitly stated as a "goal" of Atallah.

 

2.3. Legal Influence Continues in Compliance Actions

We see several examples above of compliance taking management direction and as well as their budget from the Domains Division. However, ICANN Legal still has much influence in the department. First there is the specific budget item of "Reports to the Community" being controlled by Legal. It is not clear why the compliance reports of a supposedly transparent public-interest entity need legal authorization. To be very, specific Legal funds the "Contractual Compliance ICANN Meeting Updates" which implies some need for editorial control. Legal is also still part of the cycle of registrar breaches and terminations. While terminating a contract is a legal issue. Then there is a breach sent to the registry for .JOBS which was exclusively signed by the head of legal. In that case Legal is the driving force behind the breach and it does not even appear to come from Compliance. Current Compliance has noted this information is old (see "Comments" below), but we need to be conscious of this and ask for specifics as to when absolute control ended and how deep is the influence now. 

 

2.4. GDD President is Outside the ICANN Structure?

A different ICANN organizational chart demonstrates the seriousness of the issue. This one shows the GDD President completely outside the ICANN structure. Here the domain business president does not report to the CEO, or anyone else for that matter. He is also on the same organizational level as the ICANN CEO. 

Secondly, It is important to note location of compliance in this structure, under the COO and not under the CEO. If this chart is to be taken on its face, compliance reports to the COO and the domain business is unaccountable to the CEO, or anyone else. ICANN staff has questioned the origin of this document. It has been suggested that "that document was prepared and posted by a member of the community" (see comments). The full original document can be found here: https://community.icann.org/download/attachments/41899319/ICANN%20Management%20Org%20Chart.pdf?version=1&modificationDate=1379370144000&api=v2. Regardless of the origin, it remains a curious artifact which should be discussed and fully fleshed out. 

 

2.5. UPDATE August 7, 2015

Allen Grogan has posted an additional response to this page (see below) in which he has indicated ICANN made changes to the ICANN Portfolio Management System Plan Overview. The first major change was to make a "Portfolio Goal" for Allen Grogan who was absent from the top-level management previously. This "Goal" is part of the "Promote role clarity and establish mechanisms to increase trust within ecosystem rooted in the public interest" efforts. The second change to the overall context was to change "Owner" to "Shepherd" for each portfolio goal. The third change was to apparently divide the former management priorities of Akram Atallah. "Contractual Compliance Functions" and "Contractual Compliance Initiatives" are now under Grogan. "WHOIS Core Function/Service & Improvement" and "Security, Stability and Resiliency of Internet Identifiers" are now under David Conrad. (Also see Grogan's summary in the "Comments" section at the bottom of this page). However, for reasons explained below in 2.6, there are more serious budget issues as they relate to management. In summary, if we are to believe the updated plan which indicates Grogan as the manager ("Shepherd") of compliance, the budget and portfolio management place Akram Atallah between him and the CEO. This is not the draft, but the approved budget. 

 

2.6. A More Detailed Look at Akram Atallah's Role in terms of Portfolio and Budget (Following August update above)

Following ICANN's August changes to the PMS we still basically see the GDD President as the "Shepherd" of most of the organization including compliance, as shown below in 2.6.1. and 2.6.2.


2.6.1. "Support the evolution of domain name marketplace to be robust, stable and trusted"

The budget has become more obfuscated, removing names and titles, as opposed to the version seen above in 2.1 from FY13. Without more specifics being provided by ICANN we have to compare the Portfolio Goals with the Budget Line Items, particularly Akram Atallah's FY16 portfolio goals as "Shepherd". In terms of the ICANN Portfolio Management System Atallah has two major Goals as Shepherd which match major budget sections: Foster and coordinate a healthy, secure, stable, and resilient identifier ecosystem and Support the evolution of domain name marketplace to be robust, stable and trusted. (The following is a composite image from the ICANN Portfolio system and the FY16 Budget):

The budget section entitled: 2.3-Support the evolution of domain name marketplace to be robust, stable and trusted includes the following budget line items: 2.3.10 New gTLD Program, 2.3.11 Next gTLD Round, 2.3.12 Outreach and Relationship Management with Existing and new Registry, Registrar Community, 2.3.13 Registrar Services, 2.3.14 Registry Services, 2.3.2. Domain Name Services, 2.3.5 Contractual Compliance Functions2.3.6 Contractual Compliance Initiatives & Improvements, 2.3.7 Contractual Compliance & Consumer Safeguard, 2.3.8 GDD Online Services Product Management, and 2.3.9 Internationalized Domain Names. The Compliance budget falls under a portfolio that Atallah is the "Shepherd" of and is bundled with the Global Domains Division budget and other items that Atallah manages. It is important to note that the budget document is titled "FY16 Budget By Portfolio and Project" which makes a direct reference to the Portfolio Goals of the "Shepherds".

 

2.6.2. "Foster and coordinate a healthy, secure, stable, and resilient identifier ecosystem"

According to the FY16 Operating Plan and Budget Adopted by ICANN Board at ICANN 53 in Buenos Aires, all the Contractual Compliance functions fall under "Foster and coordinate a healthy, secure, stable, and resilient identifier ecosystem" which has Akram Atallah as the "Shepherd". 

From the "Fadi Chehade, Shepherd" page click on "Foster and coordinate a healthy, secure, stable, and resilient identifier ecosystem", this will open the "Akram Atallah, Shepherd" page. View the FY16 Budget by Project and Portfolio to see that Contractual Compliance Functions are part of the "Foster..." portfolio. The budget control of compliance is still under Akram Atallah. 

 

2.6.3. As the CEO Steps Down, Akram Steps Up (again)

It was announced August 17 2015 that NTIA would be extending the IANA contract for another year. This happened at the same time as Fadi's announcement that he would distancing himself from ICANN's operation. The IANA contract had to be modified in order to accommodate the change in schedule. Who signed the new contract? Akram Atallah:

The document makes it clear what entity Atallah is signing on behalf of:

 

2.6.4. President of Global Domains Division issues Public Statements of Compliance Policy

Beyond what we see above in the historical organizational structure and budget documents, we also see Akram Atallah making public policy statements on compliance. The following are excerpts from last October's Wall Street Journal article on ICANN

"I don't know how contractually we could do something different than [what] we are doing says Akram Atallah, president of Icann's global domains division"

So, here we have the GDD President definitively stating what the limits of contractual compliance are. As a side note, it is clear from the record that the issue in question was a contractual issue, but Atallah has declared publicly it was not. Why is the GDD President making the declaration and not the CEO, especially if the head of compliance supposedly reports to the CEO?

The following is portion of a June 18 2015 letter by the GDD President on a compliance matter:

"ICANN's enforcement authority is limited to enforcing compliance with the terms and conditions of its agreements

...

ICANN is considering these responses and will continue to monitor Vox Populi's compliance with ICANN's Registry Agreement for the .SUCKS TLD."

Again, GDD is making public policy definitions of the compliance role and responding to compliance issues from the community. 

 

3. True Impact of Compliance Activity

While we have seen an increase in general compliance activity in recent years, the effects are marginal. The 24 registrars breached so far in 2015 represent about 0.46% of the domain market. The 5 registrars terminated so far in 2015 represent about 0.0043% of the domain market. One of the registrars only had 4 .COM domains and another only 38. The motivation for enforcement appears to be financial. Registrars with breaches have something in common, they owe fees to ICANN. Combine the two factors (tiny portfolios and debt) and compliance appears to be a bill collector for registrars who are not contributing enough to the pot. While ICANN must watch its bottom line and remove inefficient contracted parties, this seems to be the only trigger for enforcement. 

 

4. Recommendations for ALAC

ALAC should issue a clear statement supporting the reorganization of the compliance department outside of ICANN's domain business. Having the GDD President oversee compliance and controlling the compliance budget does not engender trust within the community. A compliance department which is truly independent of ICANN's business better serves the entire community. 

 

4.1. ICANN AoC

The issue of ICANN business must be examined through the AoC. The Affirmation of Commitments (AoC) is an agreement between ICANN and the U.S. Department of Commerce. There are many statements within the agreement which are applicable here. In reference to the budget it is stated: "ICANN commits to adhere to transparent and accountable budgeting processes" If we are to believe the various budget documents detailed above, there there is a problem with ICANN's presentation of the staff hierarchy. If the hierarchy is correct then the budget as presented to the community is not accurate. The agreement further states that "[ICANN] ensure that decisions made related to the global technical coordination of the DNS are made in the public interest and are accountable and transparent". It is difficult to see how decisions can be made in the public interest if compliance is run by the business division, this issue made even more explicit in the AoC by requiring that ICANN's decisions are "not just the interests of a particular set of stakeholders." The stakeholders represented by the Global Domains Division are the contracted parties, for the Present of GDD to also run compliance makes ICANN's commitment highly questionable. 

 

4.2. At-Large Accountability and Transparency Review

At-Large has been at the forefront of ATRT, which is an outgrowth of the AoC. The ATRT2 Recommendations plainly states: "there is still a lack of faith in the community that Contractual Compliance is being sufficiently well addressed..." The ATRT2 also boasts as an acheivement: "Compliance restructured and reports to CEO", but we see from the above this is not the case. The ATRT goes into much more specific detail about the compliance function and its recommended structure. 

"There should be clear and appropriate lines of reporting and accountability, to allow compliance activities to be pursued pro-actively and independently of other interests."

A lack of independence is underscored by the Global Domains Division directing compliance. The only interest, it would appear, is commercial.

"To help achieve this, ICANN should appoint a senior executive whose sole responsibility would be to oversee and manage ICANN’s compliance function. This senior executive should report directly and solely to a sub-committee of the ICANN Board. This sub-committee should include Board members with a range of relevant skills, and should include the CEO."

Has such a sub-committee been created? 

"The sub- committee should not include any representatives from the regulated industry, or any other Board members who could have conflicts of interest in this area."

Having compliance report to the Global Domain Division seems a primary conflict, beyond the lack of an independent governance of compliance as required by the ATRT2. By ICANN Board resolution, these recommendations are supposed to be implemented. Control of compliance by the Global Domains Division appears to violate these recommendations. 

 

4.3. CWG Accountability Work

ALAC has affirmed its stance that "ICANN has a responsibility to develop policies that will foster user trust in the DNS" in specific relation to the IANA transfer.  Compliance oversight should be moved outside of the commercial portion of ICANN to further foster that trust. This should be a part of any further work in terms of the transfer. This would fall under CWG Work Stream 1: "focused on mechanisms enhancing ICANN accountability that must be in place or committed to within the time frame of the IANA Stewardship Transition";


4.4. ICANN Bylaws

As noted above, the ICANN Bylaws include a provision for (#8) "Making decisions by applying documented policies neutrally and objectively, with integrity and fairness." Compliance cannot be neutral, objective or fair when controlled by the business section of an organization.

 

5. Historical Information on this work

ICANN’s relationship with the community in terms of its Compliance function (memo to ALAC)

NARALO Reports on ICANN Compliance - January 2015

NARALO Chair Reports on ICANN Compliance - November 2012

Compliance Issues Timeline 2011 - 2014

 


 

 

 

  • No labels

10 Comments

  1. Dear All,

    Please see below the reply to Garth's note from Allen Grogan, Chief Contract Compliance Officer:

    **

    Dear All,

    It appears that in its attempt to map out its strategic plan, which envisions a hierarchy of objectives (Affirmation of Purpose, Globalization, Multi-Stakeholder Model Evolution and Operations Excellence), with various goals and portfolios under those objectives, ICANN has generated some confusion regarding its actual operational lines of control.  ICANN’s strategic plan involves all of its global leaders who are nominally assigned each of the goals.  The strategic plan is not reflective of ICANN’s organizational chart or ICANN’s lines of reporting, oversight or control. Garth has identified a serious perceptual problem and we will consider presentation revisions as we move forward.

    To be clear, the entire contractual compliance team reports to me as Chief Contract Compliance Officer, and I in turn report directly to the President and CEO, Fadi Chehadé.  Akram Atallah, President of the Global Domains Division, has no oversight or control over contractual compliance or its budget, and no one in contractual compliance reports to him.  The only line of oversight and control for contractual compliance is through me and Fadi Chehadé, as President and CEO. ICANN's org chart, which sets forth the reporting structure at ICANN, is shown here:  https://www.icann.org/en/system/files/files/management-org-01jul15-en.pdf

    Sincerely,

    Allen Grogan

    **

    Kind regards,

    Heidi

     

  2. I'm honored that a nascent At-Large discussion has received such immediate attention. However, your explanation is problematic for a number of reasons. The the "perception" is dangerous in and of itself, but more serious is that the structure shown in the organization chart (which is dated after the initial discussion started here: " Last Modified 07/01/2015" ) is not demonstrated in the budget or other documents.

    First, the portfolio management presented by ICANN shows Akram Atallah as the "owner" of compliance, it does not get much clearer than that (https://features.icann.org/plan). Allen Grogan does not "own" a process here. This is a fact that distinguishes you from other CEO direct reports who run their own portfolios (i.e., Theresa Swinehart, John Jeffrey, Tarek Kamel, Sally Costerton, Susanna Bennett, David Olive, Ashwin Rangan, etc.). As a direct report to the CEO, the compliance director has no independence in terms of portfolio management, it's clearly a priority of the President of the Global Domains Division.

    Then there is the budget. The last budget document shows the $6.8M compliance budget under the control of Akram Atallah with $157K for reporting coming from Legal (https://www.icann.org/en/system/files/files/proposed-opplan-budget-projects-fy14-16may13-en.pdf). The most recent budget document has no names but uses goals and projects to assign budget line items. The compliance budget is included with all the other GDD budget items. This is in sharp, sharp contrast to the statement that: "President of the Global Domains Division, has no oversight or control over contractual compliance or its budget." GDD appears in fact to not only control the lion's share of the budget but some of it remains in Legal which counters the reorganization announced in 2010.

    So, not only is compliance not independent, it simply does not exist as a distinct entity outside of the Global Domains Division.       

  3. Dear All,

    Please see a note to Garth from Allen Grogan, ICANN Chief Contract Compliance Officer, dated 5 August 2015:

    **

    Mr. Bruen –

    Entirely independent from the concerns you have expressed, we have been having internal conversations over the last several months at ICANN about how we are going to present key performance indicators (KPIs), which are tied to the hierarchical objectives, goals and portfolios described in our Portfolio Management System.  As a result of those discussions we have revamped the goals and portfolios, which includes deleting any references to “owner” and instead using the term “shepherd,” and updating the identification of executives who are the shepherds for the various goals and portfolios.  That revised presentation of ICANN's Portfolio Management System can be found here https://features.icann.org/plan and a blog regarding the transition of the Portfolio Management System to FY16 is here https://www.icann.org/news/blog/transitioning-icann-s-project-portfolio-management-system-to-fy16.

     I can and do assure you that contractual compliance is independent, and that it reports directly to Fadi Chehadé, not to GDD.

    As explained in the blog referenced above, the portfolio management structure is not an organization chart and was never intended to outline or reflect reporting structures or budget oversight responsibilities. It is a document about broad cross-functional goals and objectives, not reporting structures or budgets.  Virtually every objective and goal in the strategic plan is cross-functional and involves multiple departments within the organization.  The identification of an executive within that framework does not signify and was never intended to signify that everyone involved in implementing that goal or objective reports to that executive or that the executive oversees the budget for all activities relating to that goal or objective.  In fact, most goals and objectives involve multiple people from multiple departments, many of whom do not report to the identified executive.

    I think the FY16 changes to the Portfolio Management System will help eliminate confusion or misperception regarding oversight of my department that may have arisen from the original presentation.   The ICANN organization evolves over time, and we are continually trying to improve both management at ICANN and the way we present information to the community.   

     Turning briefly to some other specific issues you identified in your email to me and in your posting here: https://community.icann.org/display/atlarge/Transparency+and+Accountability+in+the+ICANN+Structure

    Regarding the organization chart that you point out is dated after the initial discussion that you initiated (“Last Modified 7/01/2015”), the organization chart on our website is routinely updated by our human resources department, often on the first of the month, whenever there are personnel changes.  The organization charts posted on the ICANN website have consistently showed me as reporting directly to Fadi Chehadé since shortly after I was appointed to head Contractual Compliance and Consumer Safeguards in late 2014, and before that they showed Maguy Serad reporting directly to Fadi.  The organization chart has never shown Contractual Compliance as reporting to Akram Atallah or GDD, because that has never been the case. 

    Regarding the management org chart you cite that shows the GDD President as being outside the ICANN structure and compliance as reporting to the COO, as best I can determine, that is not an ICANN-generated document, was not created by ICANN staff, and does not accurately reflect the ICANN org structure now or then.  The only places where I could find that document (there could be others, given the nature of the Internet) are on the ICANN Community Wiki.  It took some digging to reconstruct, but I believe that document was prepared and posted by a member of the community who was part of the ATRT2 Review Team as part of the ATRT2 discussion.  Note that the footer on that document is in Spanish.  Note also that the URL presented at the top of that document (https://www.icann.org/en/about/staff/management-org-09sep13-en.pdf) links to a completely different ICANN org chart, one that was prepared by ICANN and that correctly showed ICANN compliance in 2013 (then headed by Maguy Serad) as reporting directly to the CEO (Fadi Chehadé).

    One of the challenges at ICANN is that, in the interest of openness and transparency, many documents posted by ICANN or its community members continue to be available years later, even though many of those documents are outdated, and their origin and source are often unclear, especially if one simply finds them through an Internet search engine search.  The long-term retention of documents has the benefit of providing an historical record, but it also leads to confusion when people find documents out-of-context that may be years out of date and/or that may not have originated with or been endorsed by ICANN, but instead were prepared and posted by others in the community for purposes of discussion.   

    Regarding what you refer to as the “last budget document,” that document in fact is a draft document for the FY14 budget that is more than two years old.  The budgets and operating plans for FY15 and FY16 clearly show contractual compliance as a separate line item, and contractual compliance is not shown as being under Akram or GDD, for the simple reason that it isn’t and never has been. I control the budget for this department and have all associated responsibilities, e.g., managing costs by project, managing job requisitions, keeping finance apprised of any changes in priorities and plans that may have a financial impact on my departmental budget, etc.

     The reference in the ICANN Draft FY16 Operating Plan and Budget to “Priority areas” simply identifies two priority areas for FY16:  Global Domains Division (GDD) service platform ramp-up is one, and expansion of Contractual Compliance is another.  The use of the conjunctive “and” between those two priority areas does not signify that compliance expansion is “under” GDD.  These are simply two priority areas for FY16.

    Regarding your comments regarding legal influence in compliance, I have a few observations. 

     The budget item to which you refer is from a draft of the FY14 budget, not the current FY16 budget, and the breach notice sent to the registry operator for .JOBS is a letter sent more than four years ago.

    I also note that you correctly observe that terminating a contract is a legal issue.  In my view, it is entirely appropriate for ICANN’s legal department to be involved in matters such as termination of key agreements, because there are legal issues to be evaluated in connection with a decision to take such action, legal risks to be evaluated, and legal considerations to be given to the impact on the organization, including matters such as whether a termination may lead to arbitration or litigation, what potential costs may be incurred, what liability may result, whether counterclaims may be asserted against the organization, what defenses may be available, etc.  Because of this, it is standard practice in virtually any organization for lawyers to be involved in decisions surrounding termination of a significant contract; in my view, it would be irresponsible for the legal department not to be involved in a matter like this.

    I thank you for your attention.  Once again I assure you that the contractual compliance department is independent, that it has a direct reporting line to the CEO, and that it does not report either to GDD or to the legal department.  

    Regards,

    Allen R. Grogan

    Chief Contact Compliance Officer

    **

    Kind regards,

    Heidi Ullrich

     

    1. Mr. Grogan,

      Thanks for the response, but it raises more questions than it addresses. To be honest, many of the questions are NOT for you to answer, they are for the CEO and the Board to answer. At any rate, there are a number of questions you can answer and to that end I am inviting you to appear on our Monday monthly NARALO call. I have already added a slot for you on the agenda, but will make time at any point on the call for your convenience. I will ask the region to have their own questions as well, I will send this announcement to the region shortly.  The call is at 12pm pacific time, I'm sure staff can give you the details.

      https://community.icann.org/display/NARALO/NARALO+2015.08.10+Teleconference

      With that said, let's address your explanations.

      On 7/2/15 you wrote: "Garth has identified a serious perceptual problem and we will consider presentation revisions as we move forward."  On 8/5/15 you wrote: "Entirely independent from the concerns you have expressed" Either way, I guess we should be pleased that attention is being paid.

      <<As a result of those discussions we have revamped the goals and portfolios, which includes deleting any references to “owner” and instead using the term “shepherd,” and updating the identification of executives who are the shepherds for the various goals and portfolios.>>

      Regardless of the term used, until recently the President of the Global Domains Division was the "shepherd" of Compliance.

      <<the portfolio management structure is not an organization chart and was never intended to outline or reflect reporting structures or budget oversight responsibilities.>>

      So, when the President of GDD was the "shepherd" of Compliance in the last version, it did not mean he was the manager of Compliance. But now that you are the "shepherd" it does mean that you are the manager of Compliance?

      <<The organization charts posted on the ICANN website have consistently showed me as reporting directly to Fadi Chehadé since shortly after I was appointed to head Contractual Compliance and Consumer Safeguards in late 2014, and before that they showed Maguy Serad reporting directly to Fadi. >>

      The problem is that the budget documents showed Maguy Serad (and the compliance line items) under Akram Atallah. Which is why they are posted here: https://community.icann.org/download/attachments/53782525/Screen%20Shot%202015-07-03%20at%2012.32.13%20PM.png?version=1&modificationDate=1435941235000&api=v2
      Assuming you slid into the structure replacing Serad, how exactly (and when) did the budget change?

      The problems of the budget are a topic unto themselves. The current versions are devoid of names and titles making them less transparent.  We can't really tell who runs anything. The GDD president was the "shepherd" of compliance, but had no influence over the budget? In general, all of the other budget line items which included compliance were under the portfolio of Akram Atallah (IANA operations, Security and Stability, Root System, IDNs, etc).

      <<The reference in the ICANN Draft FY16 Operating Plan and Budget to “Priority areas” simply identifies two priority areas for FY16:  Global Domains Division (GDD) service platform ramp-up is one, and expansion of Contractual Compliance is another.>>

      Yes, with no attribution. Why lump them together then?

      <<Virtually every objective and goal in the strategic plan is cross-functional and involves multiple departments within the organization.>>

      This does not inspire that there is a firewall between compliance and ICANN's commercial division.

      Talk to you Monday.

      -Garth

  4. Garth, what is the relevance of 2.6.3 that you posted today? It is well documented that Elise Gerich and IANA report to Akram Atallah (page 5 of the ICANN org chart), so he seems to be the appropriate signing officer for this contract.

    1. Alan,

      It is becoming more and more apparent that there is very little the CEO does except make public appearances (and now there will be none!). First, I don't think it is appropriate at all that the President of the Global Domains Division also runs the IANA portion. The fact that Gerich reports to him is another issue. Second, I have also pointed out that Atallah has signed for "ICANN" in this document as if he his the CEO of ICANN. Maybe you don't see an issue with the all the documentation listed here showing the GDD President controls the management and the budget, regardless of the constant organizational chart updating. 

      -Garth

      1. Maybe you don't see an issue with the all the documentation listed here showing the GDD President controls the management and the budget

        Garth, please don't put words in my mouth. I have said several times that I consider the links between Atallah and Compliance in ICANN budget and planning documents extremely serious and I appreciated your detective work at finding them.

        It is standard practice to allow corporation officers to sign contracts on behalf of the corporation. When I worked for McGill University as a relatively low-level executive, I had signing authority on a wide range of IT-based agreements, exercised those rights on behalf of the University, and they were legally binding on the University.

        In ICANN's cases, the signing authority per officer is well below the signing authority I had, and is formally documented - https://www.icann.org/resources/pages/signing-authority-2012-02-25-en.

        Whether IANA should report to Atallah, is an entirely different issue and one that could well be the subject of community discussion and recommendations.

        1. Alan,

          My point is that as we pull at the fabric of ICANN we see more GDD President than CEO. Is this not obvious? The question is WHY is Atallah signing for ICANN? I guess that is rhetorical since the CEO has made a statement that he has other more pressing interests. So, WHO is the acting CEO now? 

          -Garth

          1. Garth, We can agree to differ on this.

            Atallah is signing on behalf of ICANN because he has formally been given that authority by the Board.

            Perhaps you have seen an announcement I have missed. I have heard Fadi say that his focus is on ICANN as long as he is here. I would appreciate a pointer to some other statement.

            Alan

            1. Alan,

              I'm not sure if we really differ on anything. Clearly the IANA transfer is the biggest stakeholder policy issue on the table (which is of course what we've been told over and over) and the GDD President is the one signing off on it and making the contract changes "on behalf of ICANN." So he has the Board's authority. Who is the CEO in a de facto sense? Who is the GDD President negotiating with NTIA on behalf of? The commercial parties? ICANN? or the "community" as Fadi is so fond of calling it? Seems conflicted. 

              But here is the overall point. All this time while the CEO was constantly traveling and meeting with various groups he was supposedly carefully monitoring compliance. Then, when the IANA transfer heated up and the CEO was testifying and traveling in support of the transfer he was supposedly carefully monitoring compliance. Since he has resigned, but is committed to the see the transfer through, he was supposedly carefully monitoring compliance. The CEO's most recent announcement of "Hi, I'm still here, but let me tell you about my new job..." does not inspire confidence that he is in fact seeing the transfer through or anything else for that matter. Which means, who does compliance report to now? 

              -Garth