On April 30, the Federal Communications Commission (FCC or Commission) released a Further Notice of Proposed Rulemaking (FNPRM) that would significantly tighten “Know-Your-Customer” (KYC) obligations for originating voice service providers. The Advanced Methods to Target and Eliminate Unlawful Robocalls (CG Docket No. 17‑59) is the latest step in the Commission’s effort to attack illegal calls “at every point in their lifecycle.”

Existing KYC Obligations and the FCC’s Concern

The FCC’s rules already require originating voice service providers to take “affirmative, effective” measures to know their customers and to ensure that their services are not used to originate illegal call traffic. Those obligations are part of a broader robocall enforcement framework that includes STIR/SHAKEN caller ID authentication, traceback participation, and mandated blocking of certain categories of unlawful calls.

In Chairman Brendan Carr’s statement, the Commission notes that, despite these requirements, “some originating providers are not doing enough to vet their customers,” and in some cases have become “complicit” in illegal robocalling schemes by doing the bare minimum (or worse) on customer due diligence. The result is that scammers and other bad actors can still gain access to U.S. networks and place large volumes of fraudulent calls, undermining consumer protection and law enforcement efforts.

Against that backdrop, the FNPRM seeks to “close the gaps” in the existing KYC framework by clarifying expectations, tightening onboarding and renewal practices, and strengthening the enforcement tools available to the Commission.

Proposed Enhancements to KYC Requirements

The FNPRM focuses on the front end of the call path: the point at which originating providers onboard and renew customers. The Commission proposes clearer and more rigorous standards for verifying customer identities before enabling service, and it seeks comment on several potential measures. The proposals would apply to a broad range of originating providers, including traditional wireline voice carriers, commercial mobile radio service (CMRS) providers, and interconnected Voice over Internet Protocol (VoIP) providers.

The FCC is considering requirements that originating providers verify core identity attributes, including customer name, physical address, government‑issued identification, and alternative phone numbers, before provisioning service for new and renewing customers. The Commission contemplates that these checks would be applied consistently at onboarding and at renewal or modification of service, rather than as one‑time exercises. For “high‑volume” customers, the Commission is also considering requiring providers to obtain the customer’s intended use of the service (for example, marketing, education, or political campaigns) and, where applicable, the IP address from which each call will be placed.

Another area of focus is documentation and auditability. The FNPRM suggests that originating providers should maintain records of their KYC processes and decisions in a manner that supports Commission oversight and law enforcement investigations. The Commission specifically asks whether providers should be required to retain KYC information and supporting documentation for at least four years after the end of the customer relationship, to ensure that enforcement actions relating to illegal calls can be pursued before the statute of limitations expires. Commissioner Olivia Trusty’s statement emphasizes that robust KYC practices both prevent bad actors from accessing communications networks and equip law enforcement with the information needed to identify and pursue those who do manage to get through.

Although the Commission acknowledges that provider flexibility remains important, it signals that greater clarity and specificity around KYC expectations could “better serve both consumers and providers,” particularly when combined with other tools such as enhanced caller ID authentication. The FNPRM also asks whether KYC information requirements should vary for prepaid versus postpaid services, whether more information should be collected from certain customers based on specified risk factors, and whether KYC information should be re‑verified when unusual activity, changes in traffic patterns, or other red flags arise during the customer relationship.

Enforcement and Per‑Call Penalties

A significant feature of the FNPRM is its proposed recalibration of enforcement. The FCC proposes to tie KYC violations to per‑call penalties, aligning fines more directly with the volume of illegal calls associated with a provider’s failure to vet its customers appropriately.

The Commission seeks comment on how to assess and enforce violations based on the number of illegal calls placed. The stated goal is to ensure that penalties reflect the harm caused and to create stronger incentives for originating providers to invest in robust KYC and monitoring. The FNPRM also asks how enhanced KYC requirements can help prevent or deter other criminal uses of communications networks, beyond traditional robocall schemes.

Key Issues for Comment

The FNPRM raises a range of detailed questions, including what specific identity attributes should be verified before service is enabled, how “affirmative, effective” KYC measures should be defined and calibrated, and how per‑call penalties should be structured to align with the harm caused by illegal calls. The Commission also asks how enhanced KYC requirements should coexist with existing caller ID authentication and blocking obligations. The Commission further seeks comment on whether re‑verification of customer information should be triggered by changes in traffic patterns or other red flags, whether different KYC standards are appropriate for prepaid and postpaid offerings, and whether collecting additional information from certain higher‑risk customers would materially improve deterrence and enforcement.

Once the FNPRM is published in the Federal Register, parties will have an opportunity to file comments and reply comments.