Dear Farzi,
Regarding your example of the registrant who had 73 domains disabled and their account locked, the BC agrees that registrars should have the autonomy to conduct ADC based on the information available to them. Whether a registrar chooses to take action on a single domain, apply a clientHold to all domains in an account, or suspend the account entirely, these specific enforcement methods fall outside the scope of this PDP. Our focus should remain on the registrar's contractual responsibility to conduct the ADC itself.
This also raises a concern (i.e. Rr's flexiblity / autonomy) regarding ICANN Compliance enforcement. If ICANN issues a breach notice to a registrar for failing to conduct a required ADC after a confirmed abuse report, there is no way for the registrar to retroactively perform that check. Since ADC is based on the information available at the time of the review, a registrar cannot effectively remediate the breach months later (i.e. the result of an ADC check performed prior to / after the breach notice could be different). My dark / evil side also suggested that if I run a bulletproof-like registrar, I can alert / advise the customer to transfer non-reported domains to separate user account(s), and leave the reported domain in the origianl account to avoid ADC grouping.
I apologize for raising these concerns, and I do not have answers for them at the moment.
Best,
Ching