Here is the longer, more detailed FCC proposal document, pt1:
Federal Communications Commission
FCC 26-27
Before the
Federal Communications Commission
Washington, D.C. 20554
In the Matter of
)
)
Advanced Methods to Target and Eliminate
)
)
Unlawful Robocalls
)
Rules and Regulations Implementing the Telephone )
)
Consumer Protection Act of 1991
CG Docket No. 17-59
CG Docket No. 02-278
FURTHER NOTICE OF PROPOSED RULEMAKING
Adopted: April 30, 2026
Released: May 1, 2026
Comment Date: (30 days after date of publication in the Federal Register)
Reply Comment Date: (60 days after date of publication in the Federal Register)
By the Commission: Chairman Carr and Commissioner Trusty issuing separate statements.
I.
INTRODUCTION
1.
Combatting illegal calls is our top consumer protection priority, and we are taking a
holistic approach by attacking them at every point in their lifecycle. This includes stopping illegal calls
before they enter the phone network, requiring intermediate providers to block them, and giving
consumers more information to decide whether they want to answer the calls that reach their phones.
2.
The most effective way to prevent illegal calls from reaching American consumers is by
ensuring they never enter the network. Originating voice service providers are best positioned to do that
by screening new or renewing customers before they make calls.1 Although Commission rules already
require originating providers to take “affirmative, effective” measures to “know[ their] customers,”2 some
originating providers do not do enough. The result is more illegal calls that defraud American
consumers3 and open our communications network to vulnerabilities.4 Beyond allowing illegal calling,
this lack of diligence on the part of some originating providers can make it difficult for law enforcement
to identify criminals that use the telephone network to perpetrate drug deals, violent crimes, and human
trafficking.
1 For purposes of this Further Notice, we use the definition of “voice service provider” that we used in the Fourth
Call Blocking Order. Specifically, “voice service provider” means any entity originating, carrying, or terminating
voice calls through time-division multiplexing (i.e., “traditional” voice service), Voice over Internet Protocol
(VoIP), or commercial mobile radio service (CMRS), unless otherwise noted. See Advanced Methods to Target and
Eliminate Unlawful Robocalls, CG Docket No. 17-59, Fourth Report and Order, 35 FCC Rcd 15221, 15222, para. 2,
n.2 (2020) (Fourth Call Blocking Order). The KYC measures we discuss apply only to originating voice service
providers (“originating providers”).
2 See 47 CFR § 64.1200(n)(4).
In addition, this rule requires originating providers to “exercis[e] due diligence in
ensuring that its services are not used to originate illegal traffic.”
3 See Call Authentication Trust Anchor, WC Docket No. 17-97, Notice of Proposed Rulemaking, 40 FCC Rcd 3467,
3467-68, para. 1 (2025) (noting that victims of calling scams are defrauded of an estimated $850 million annually
with added costs for wasted time and nuisance increasing costs into the billions).
4 For example, denial of service attacks can involve overwhelming emergency call centers with illegal calls to block
the provision of emergency services.Federal Communications Commission
FCC 26-27
3.Here we seek to enhance the existing “Know-Your-Customer” (KYC) requirement
providing additional clarity to fill the gap between our current general KYC requirement and the types of
rigorous KYC steps necessary to protect consumers. Specifically, we: (1) seek comment on customer
identification requirements for new and renewing customers; (2) seek comment on requirements for
originating providers to verify, retain, and re-verify customer information; (3) seek comment on requiring
more information from certain customers including high-volume customers; (4) seek comment on how any new KYC requirements can complement call branding and caller name requirements the Commission
may adopt; and (5) propose that the Commission assess penalties for violations of the KYC rule on a per
call basis.
II.
BACKGROUND
A.
Financial Sector
4.
KYC is a fundamental concept guiding customer onboarding procedures in the financial
sector. For example, the Bank Secrecy Act (BSA) of 1970, as amended, and its implementing rules,
impose record retention and reporting requirements on financial institutions to help detect and prevent
money laundering.5 In 2001, Congress amended the BSA to require the U.S. Treasury Department
(Treasury) to prescribe regulations “setting forth the minimum standards for financial institutions and
their customers regarding the identity of the customer that shall apply in connection with the opening of
an account at a financial institution.”6 Specifically, financial institutions must “verif[y] the identity of any
person seeking to open an account to the extent reasonable and practicable” and “maintain[] records of the
information used to verify a person’s identity including name, address, and other identifying
information.”7
5.
The Treasury requires banks to implement a written Customer Identification Program
(CIP) that includes certain minimum requirements to meet KYC requirements.8 For example, in order to
open an account, banks must collect a name, date of birth (for individuals), physical address, and
identification number.9 Bank CIPs must contain procedures for verifying the information collected within
5 See generally 12 U.S.C. §§ 1829b, 1951-1960; 31 U.S.C. §§ 5311-5336; 31 CFR Chapter X.
Congress enacted the
BSA to address money laundering in the United States. The BSA, as amended, requires businesses to keep records
and file reports that are determined to have a high degree of usefulness in criminal, tax, or regulatory investigations,
risk assessments or proceedings, or in intelligence or counterintelligence activities, including analysis, to protect
against terrorism. Financial institutions must also have an Anti-Money Laundering Program (AML Program) to
ensure compliance with BSA requirements, which must include designation of a compliance officer, an employee
training program, and independent audits to monitor compliance. 31 U.S.C. § 5318(h)(1); 31 CFR § 1020.210. The
AML program requirements modernized the U.S. anti-money laundering framework, requiring financial institutions
to create risk-based programs, enhancing whistleblower incentives, and expanding subpoena powers for foreign
bank records, all of which were aimed at fighting financial crime, fraud, and terrorism financing.
6 USA PATRIOT Act, Pub. L.
No. 107-56, 115 Stat. 272, 317, § 326 (2001); 31 U.S.C. § 5318(l)(1). Section 326
was enacted after the 9/11 attacks to combat terrorism-related financing and money laundering by requiring financial
institutions to verify customer identities, helping stop illicit funds from moving through the U.S. financial system,
thus preventing future terrorist acts by tracking funding and identifying individuals involved.
7 31 U.S.C. § 5318(l)(2)(A), (B).
Another requirement is for financial institutions to “consult[] lists of known or
suspected terrorists or terrorist organizations provided to the financial institution by any government agency to
determine whether a person seeking to open an account appears on any such list.” 31 U.S.C. § 5318(l)(2)(C).
8 31 CFR § 1020.220(a)(1).
9 Id. § 1020.220(a)(2)(i)(A).
For U.S. persons, an identification number is a taxpayer identification number. Non-
U.S. persons must present one or more of the following: a taxpayer identification number; passport number and
country of issuance; alien identification card number; or, number and country of issuance of any other government-
issued document evidencing nationality or residence and bearing a photograph or similar safeguard. Id. §
1020.220(a)(2)(i)(A)(4)(i), (ii). Treasury has exempted the direct collection of taxpayer identification numbers for the opening of credit card accounts where the bank obtains identifying information about the customer from a third-
party source prior to extending credit to the customer. See id. § 1020.220(a)(2)(i)(C).
2Federal Communications Commission
FCC 26-27
a reasonable time after the account is opened.10 Banks can use documents, non-documentary methods, or a combination of both to accomplish this.
11 Bank CIPs must also include procedures for determining
whether the customer appears on any list of known or suspected terrorists or terrorist organizations
maintained by the federal government.12 Banks must retain customer information for five years after the
date the account is closed.13
B.
Know-Your-Customer Rule for Originating Voice Service Providers
6.
The Commission’s rules require an originating provider to “[t]ake affirmative, effective
measures to prevent new and renewing customers from using its network to originate illegal calls,
including knowing its customers and exercising due diligence in ensuring that its services are not used to
originate illegal traffic.”14 The Commission has not mandated specific measures to comply with this rule,
but rather stated that “[v]oice service providers can comply in a number of ways, so long as they know
their customers and take measures that have the effect of actually restricting the ability of new and
renewing customers to originate illegal traffic.”15 The Commission has “recommend[ed] that voice
service providers exercise caution in granting access to high-volume origination services, to ensure that
bad actors do not abuse such services”16 and noted that originating providers may need to “extensively
investigate new customers seeking access to high-volume origination services.”17
LukefromDC
LisPi
Carol Peters
Cassandrich
Just a trash panda 🦝
Morgan ⚧️
Skylar Caulfield 