Robocall mitigation program mandate

The FCC’s Second Report and Order on SHAKEN deployment extended deadlines to deploy STIR/SHAKEN in some situations. However, any provider that accepts one of these extensions must deploy a robocall mitigation program by June 30, 2021. Enforcement is strict. Here’s what that means.

Enforcement

Deployment of either STIR/SHAKEN or a robocall mitigation program is mandatory and enforced with a strict penalty:

85. …we prohibit intermediate providers and terminating voice service providers from accepting voice traffic directly from any voice service provider that does not appear in the database, including a foreign voice service provider that uses NANP resources that pertain to the United States to send voice traffic to residential or business subscribers in the United States. Effective 30 days after the deadline for robocall mitigation program certifications set forth in the Bureau Public Notice establishing the robocall mitigation database and portal, intermediate providers and terminating voice service providers are subject to this prohibition.

SHAKEN mandate, or robocall mitigation mandate?

If a service provider accepts an extension for STIR/SHAKEN deployment, then they must deploy a robocall mitigation program. Here’s the text from the FCC order:

73. Section 4(b)(5)(C)(i) of the TRACED Act directs us to require any voice service provider that has been granted an extension to implement, during the time of the extension, “an appropriate robocall mitigation program to prevent unlawful robocalls from originating on the network of the provider.”

What does an “appropriate robocall mitigation program” look like?

The Commission does not provide a prescriptive feature checklist for an appropriate robocall mitigation program. Instead, they describe the general contours of an appropriate program.

77. While we adopt a non-prescriptive approach to voice service providers’ robocall mitigation programs, we find it necessary to articulate general standards, both to guide voice service providers in preparing their programs and to ensure that the statutory obligation to implement a robocall mitigation program is enforceable. We clarify that a robocall mitigation program is sufficient if it includes detailed practices that can reasonably be expected to significantly reduce the origination of illegal robocalls. In addition, for its mitigation program to be sufficient, the voice service provider must comply with the practices it describes. We will also consider a mitigation program insufficient if a provider knowingly or through negligence serves as the originator for unlawful robocall campaigns.

78. …we require voice service providers, as part of their robocall mitigation programs, to commit to cooperating with the Commission, law enforcement, and the industry traceback consortium in investigating and stopping any illegal robocallers that it learns are using its service to originate calls.

A service provider cannot claim that their customers never originate robocalls, so they don’t need robocall mitigation. In Section 74 of this order, the Commission specifically stated that the TRACED Act requires them to require a robocall mitigation program in exchange for an extension.

Certification requirements

The order states that all voice service providers must file a certification with the Commission on a new web portal. With this filing, each provider will certify either that:

1. Their call traffic is signed with STIR/SHAKEN, or
2. Their call traffic is subject to a robocall mitigation program.

The certification will also include service provider identifying information and contact details. The filing deadline is June 30, 2021.

Extensions

The order granted extensions for the following situations:

1. A two-year extension for small, including small rural, voice service providers with fewer than 100,000 voice subscriber lines;
2. Voice service providers that cannot obtain a certificate due to the Governance Authority’s token access policy until such provider is able to obtain a certificate;
3. A one-year extension to services scheduled for section 214 discontinuance;
4. Parts of a voice service provider’s network that rely on technology that cannot initiate, maintain, and terminate SIP calls until a solution for such calls is reasonably available.

Notice that the second and fourth extensions are conditional. If the Governance Authority changes their service provider eligibility policies, then that extension would go away for some service providers.

Likewise, if a solution for non-IP calls becomes reasonably available, then that extension would also go away.

Should a service provider accept an extension?

Some service providers may decide to pass on an available extension. For example, a service provider might serve many business customers that place high-value outbound calls. These customers might want their calls authenticated with STIR/SHAKEN to improve call completion.

If an extension-eligible service provider doesn’t offer STIR/SHAKEN to such enterprises, these customers might take their business elsewhere. With that in mind, a provider might go ahead and deploy STIR/SHAKEN as a market requirement.

TransNexus solutions

We provide STIR/SHAKEN and robocall prevention solutions in our ClearIP and NexOSS software products. These solutions will enable you to fully comply with either mandate.

Contact us today to learn how we can help you with these solutions.