RRAPTOR is a robocall surveillance platform that captures thousands of robocalls daily. It analyzes and…
KYC & RMD Go Hand-in-Glove: How the Robocall Mitigation Database is an Integral Part of Proper Know-Your-Customer Diligence
The Robocall Mitigation Database (RMD) is a cornerstone of the FCC’s Call Authentication (STIR/SHAKEN) Framework and must be incorporated into every provider’s Know-Your-Customer processes. Exactly how you do this will depend on the roles played by you and your call source along the call path. The table below shows the possibilities:
YOUR SOURCE’S ROLE: | YOUR ROLE: | WHAT TO EVALUATE: |
---|---|---|
Caller (Not a Provider) | Originating Provider (OP) | You, as OP, must follow the OP checklist. |
Originating Provider (OP) | Intermediate Provider (IP) | Your Source must follow the OP checklist. You must follow the IP checklist |
Intermediate Provider (IP) | Intermediate Provider (IP) | Both you and your Source must follow the IP checklist. |
Caller (Not a Provider) | Intermediate Provider (IP) | Not Permitted – As an IP, you can only accept calls from another provider. |
Checklist for Originating Provider (OP):
- Must be registered in the RMD as a Voice Service Provider (VSP).
- RMD contact email address and telephone number must be functional and responses provided promptly.
- Must certify to a COMPLETE STIR/SHAKEN implementation, as most extensions have expired. If OP certifies to something different, obtain justification details and consult qualified attorney. Review the RMP if one is required.
- Must be authorized by the STI-PA to authenticate calls (consult the STI-PA’s on-line listing).
- Must send all calls onward with valid authentication information included.
If YOU are the OP, you need to be doing all of the things listed above. If your call source is the OP, you must verify and document all of the above items as part of your KYC process.
Checklist for Intermediate Provider (IP):
- Must be registered in the RMD as an Intermediate Provider.
- Must send onward all IDENTITY headers that are received.
- Must ensure that the OP checklist is being followed for each OP sending to this IP.
- Must ensure that the IP checklist is being followed for each IP sending to this IP.
If you are an IP taking calls from another IP, you must dialog with them to know that THEIR KYC processes incorporate all that is shown above. Ask explicitly if they will be sending you any unsigned calls, and if so, under exactly what circumstances. Document the details. Vague explanations (such as “maybe the call went via TDM”) must be rejected in favor of specifics (“We have one customer in Belgium that sends us calls over a single E1, limited to 30 simultaneous calls. That source is in the RMD as an Originating Provider with Partial S/S implementation and has filed a comprehensive Robocall Mitigation Plan which we have reviewed.”)
Note that even for a single call source, your roles might vary from one call to the next. As part of your KYC process, execute the evaluation above for each applicable calling scenario. This may mean that you and/or your source must have TWO listings in the RMD (one as VSP and another as IP).
Somewhat different rules apply if you are a TERMINATING PROVIDER. Consult your own qualified counsel to learn those details.
Bear in mind that the FCC does not (currently) review RMD filings. It is up to each downstream provider to ensure that their sources’ filings are accurate, complete and compliant.
This Post Has 0 Comments