Purpose: fTLD Registry Services (fTLD) is seeking comments on the Proposed Registrant Domain Name Compliance Escalation and Suspension Policy for .BANK and .INSURANCE. The purpose of these Policies is to provide compliance escalation notifications and ensure the transparency and predictability of the timeline for curing compliance findings. A majority of fTLD’s Advisory Council (the “Council”) and its Board of Directors (the “Board”) have voted in favor of implementing these Policies.
Current Status: Following approval at the Board meeting held 27 April 2022, fTLD is seeking public comments on the Proposed Registrant Domain Name Compliance Escalation and Suspension Policy for .BANK and .INSURANCE in accordance with its Policy Development Process Policy accessible here.
Next Steps: fTLD will consider and/or address comments received in the summary and analysis of comments document (the “Report”). Following the close of the comment period, fTLD will post the Report. fTLD will determine the appropriate resolution of the comments received and consult with the Council and/or Board, as appropriate, and if no further changes are needed, fTLD will implement the Policies in accordance with its Policy Development Process Policy.
fTLD has five Security Requirements Registrants must implement for their domain names (see .BANK at https://www.register.bank/securityrequirements/ and the same for .INSURANCE at: https://www.register.insurance/securityrequirements/); all domain names in the respective zones are monitored for compliance on a daily basis. fTLD’s historical approach regarding notifications for failures and warnings has been to email the respective Registrar as many of them provide security services to their customers (i.e., Registrants) and this continues to happen weekly. Additionally, in February 2021, fTLD began notifying Registrants monthly about their compliance issues. The result of the Registrant notices has resulted in a significant increase in compliance with the Security Requirements. Notwithstanding the increased compliance rate in 2021, there are Registrants that continue to have unresolved issues despite engagement with them, or their Registrar, on proposed remediation actions. Given security is the bedrock of the value proposition for .BANK/.INSURANCE, continued non-compliance poses significant business and reputation risks for Registrants and fTLD. As such, we find ourselves in the position of needing to implement this policy to ensure a consistent approach to compliance actions for Registrants who fail to remediate their security vulnerabilities (i.e., compliance findings).
[to be posted within five (5) business days after the close of the Public Comment period]