On January 24th, the FCC issued a Robocall Enforcement Notice to all US-based voice service providers stating:
“We hereby provide written notice to all U.S.-based voice service providers to take steps to effectively mitigate apparently illegal traffic from PhoneBurner and MV Realty. We consider blocking the traffic to be an example of effective mitigation.”
All US-based voice service providers must “promptly investigate the traffic identified” in Attachment A to the notice. If a provider finds that PhoneBurner or MV Realty is its customer, then within 14 days of the notice, it must file a report with the FCC’s Enforcement Bureau with its findings and steps taken to mitigate traffic.
Separately, the FCC issued a letter to Twilio which, according to its press release, “demanded that voice service provider Twilio cease and desist from carrying the suspected illegal robocall traffic which it was apparently receiving from PhoneBurner.”
This is not the first time the FCC has issued a blocking notice or a cease and desist letter, but this action is a big deal for two reasons:
No One Is Exempt from Enforcement
The cease and desist letter to Twilio marks a statement from the FCC that it will not shy away from issuing enforcement notices to large, well-established service providers. The FCC noted in its press release that “Twilio is the largest voice service provider yet to receive a cease-and-desist letter from the FCC.”
Previous cease and desist letters named smaller providers that were generally not big names in the industry. Twilio is a publicly traded company founded in 2008 with well over 5,000 employees1. Twilio is a member of industry associations that are prominently involved in efforts against illegal calls, such as the Alliance for Telecommunications Industry Solutions (ATIS) and the Industry Traceback Group (ITG).
While it’s not clear exactly what took place between Twilio and the FCC leading up to the issuance of the cease and desist letter, the issuance of the cease and desist letter to Twilio appears to have been an intentional choice by the FCC and a signal to the industry that all service providers can and will be subject to enforcement regardless of size.
All Providers Carry Responsibility for KYC (Know Your Customer) Review
The FCC’s letter to Twilio’s CEO states that Twilio is “apparently originating illegal robocall traffic” and that the “letter is based on FCC rules that apply to originating providers like Twilio.” The question of who originates or initiates a call has implications for who has responsibility under the TRACED Act for things like signing calls, registering in the Robocall Mitigation Database, and validating the identity of the calling entity.
Definitions and terms continue to be debated, with comments filed with the FCC as recently as November 2022 by the Cloud Communications Alliance discussing the definition of the word “customer.”2 In the world of wholesale telecom, in the matter of “who in the call delivery chain is responsible for illegal calls,” the current barometer seems to point to: potentially everyone.
According to the FCC, the calls at issue were made by MV Realty using dialing software provided by Phoneburner. Phoneburner, in turn, used Twilio’s service to facilitate the delivery of calls to one or more of Twilio’s downstream interconnection vendors who were not named by the FCC. Twilio had no direct commercial relationship with the initiator of the calls, MV Realty, but with its cease and desist letter, the FCC alleges that Twilio failed to adequately perform KYC when vetting Phoneburner and therefore carries responsibility for allowing MV Realty’s calls.
Enforcement Bureau Chief Loyaan A. Egal is quoted in the FCC press release stating, “‘Know Your Customer’ (KYC) principles should be at the forefront of all communications service providers’ business practices. It is concerning to see such a large provider allowing this kind of traffic on its networks. I hope and expect Twilio to immediately cease and desist. I also thank our partners in state Attorneys General offices around the country for their strong enforcement efforts against MV Realty.”
Service providers that have placed full responsibility on their customers for performing KYC and for traffic sent over their networks – take note. The Twilio cease and desist letter appears to reject this argument and its potential protections. Service providers should carefully consider these implications, their KYC practices, and the risks to their business.
We Can Help
Numeracle is a leader in KYC solutions and has advised regulators and carriers on best practices and standards for customer vetting in communications. Numeracle’s Entity Identity Management (EIM) platform can help service providers verify and manage the identity of customers, including complex business entity relationships.
Or contact us today at www.numeracle.com/contact-us to learn more