On December 10, 2024, the Federal Communications Commission’s (FCC) Enforcement Bureau issued an Order directing 2,411 providers to address deficiencies in their Robocall Mitigation Database (RMD or Database) certifications or risk removal from the Database. This action stems from recent amendments to the FCC’s rules aimed at enhancing robocall mitigation efforts. Identified providers must comply with the Order within 14 days of the publication of the Order’s summary in the Federal Register. We will publish an additional advisory announcing the exact deadline once that takes place.
Order’s Summary
The Order states that the 2,411 identified providers have not timely complied with the requirements of the amendments to section 64.6305 of the FCC’s rules introduced by the following orders:
- Sixth Caller ID Authentication Order that enhanced the information requirements for RMD certifications and expanded the obligation to submit a robocall mitigation plan for new and existing filers; and
- Seventh Call Blocking Order that required all providers to include a commitment to respond fully to traceback requests within 24 hours in their RMD certifications.
As previously advised by our firm, both rule amendments took effect on February 26, 2024, and required all existing filers to update their RMD certifications to provide the newly required information and newly required or updated robocall mitigation plans by that date.
According to the Order, the FCC contacted the providers that had not complied with the new requirements by the February 26 deadline and allowed them to cure the deficiencies by April 29. However, according to the EB, the providers failed to comply in a timely manner.
Consequences of Non-Compliance
Under the FCC’s rules, the EB may remove deficient certifications from the RMD after providing sufficient notice and opportunity to cure. Under the Order, identified providers must cure their deficient RMD certification and notify the EB of compliance or explain why the Bureau should not remove the provider’s certification from the RMD within 14 calendar days of the publication of the Order’s summary in the Federal Register.
Failure to do so will result in the EB removing the provider’s certification from the RMD.
We previously communicated that if a provider is removed from the Robocall Mitigation Database, intermediate providers and other voice service providers are required to block its traffic, resulting in a significant loss of business for the removed provider. Reinstatement is possible but both costly and time-consuming, potentially taking up to a year, during which the provider would be unable to operate. The timeline may even be longer in the current situation, given the potential significant influx of reinstatement applications from providers that will be removed from the Database following this development.
Providers’ Requirements Under FCC’s Robocall Mitigation Rules
Under the FCC’s effective rules, providers are required to implement the following:
- Certification of Robocall Mitigation and STIR/SHAKEN Implementation
Providers must certify that:
- All calls originating on their network are subject to a robocall mitigation program
- The Commission has not removed their prior certification
- They are not prohibited from filing in the RMD
- The extent of STIR/SHAKEN implementation on their IP portions of the network infrastructure (full, partial, or none)
- Robocall Mitigation Plan
All providers must upload a detailed plan describing specific reasonable steps taken to prevent originating, carrying, or processing illegal robocall traffic, including:
- Measures to prevent new and renewing customers from originating illegal robocalls (for voice service providers)
- Call analytic systems utilized, including third-party vendor systems
- Procedures for knowing upstream providers
- Disclosures
Providers must provide certain identifying information in their RMD certifications, such as:
- Business name and address
- Contact details for the person responsible for addressing robocall mitigation issues
- Information about principals, affiliates, subsidiaries, and parent companies
- The provider’s role in the call chain
- Detailed support for any claimed STIR/SHAKEN implementation extension or exemption
- Disclosure of any Commission or law enforcement actions or investigations related to illegal robocalling or spoofing or RMD certification deficiencies in the past two years
- Commitment to respond to traceback requests within 24 hours
Next Steps
Providers are urged to check if they have been listed in the Order, as the FCC communications may occasionally be directed to outdated contact emails listed in the RMD. It is crucial for all providers to:
- Regularly update their contact information in the RMD
- Ensure designated contact personnel consistently monitor their email inboxes
- Check spam or junk folders for potential FCC communications.
Listed providers must take immediate action to review and update their deficient RMD certifications, inform the FCC of achieved compliance, and prepare a comprehensive response to the FCC explaining why they should not be removed from the RMD if unable to cure the deficiencies within 14 calendar days of the publication of the Order’s summary in the Federal Register.
Even if not listed in the Order, providers are encouraged to review their RMD certifications for compliance with the effective rules and consider the potential impacts of doing business with companies at risk of removal from the RMD.
Providers are urged to seek legal counsel to ensure compliance and appropriate response.
FCC Considers Increasing Penalties for Deficient RMD Filings
On December 10, the FCC also announced that it circulated a Report and Order that would require timely updates to company information in the RMD, and introduces base fines of $10,000 for submitting false or inaccurate information, and $1,000 for failure to keep information current. The Report and Order would also require providers to recertify annually to the accuracy of their submissions and adopt a $100 RMD filing fee.
The Report and Order would also direct the FCC’s Wireline Competition Bureau to establish a dedicated reporting mechanism for shared oversight among all stakeholders, issue additional guidance and “best practices” for filers, and establish two-factor authentication protocols for access to the Database.
The circulated rules have not been released yet. We will keep you updated on any developments in this area.
Conclusion
Given the short response timeframe and potential significant business impacts of removal from the RMD, we recommend prompt attention to this matter. Our firm is available to assist with compliance reviews, certification updates, and FCC communications as needed.
NEED HELP WITH ROBOCALL MITIGATION, COMPLIANCE AND LITIGATION SUPPORT/DEFENSE AGAINST BUSINESS & LEGAL CHALLENGES?
The CommLaw Group Can Help!
Given the complexity and evolving nature of the FCC’s rules, regulations and industry policies & procedures around Robocall Mitigation and Compliance issues (e.g., Stir/Shaken, TRACED Act, FCC Rules & Regulations, US Telecom Industry group, ATIS, NECA, VoIP Numbering Waivers, Know Your Customer and the private sector ecosystem), as well as the increased risk of business disputes, consumer protection enforcement by state attorneys general, and even civil litigation, and anticipating the potential torrent of client questions and concerns, The CommLaw Group formed a “Robocall Mitigation Response Team” to help clients (old and new) tackle their unique responsibilities.
CONTACT US NOW, WE ARE STANDING BY TO GUIDE YOUR COMPANY’S COMPLIANCE EFFORTS
Michael Donahue — Tel: 703-714-1319 / E-mail: mpd@CommLawGroup.com
Susan Duarte – Tel: 703-714-1318 / E-mail: sfd@commlawgroup.com
Rob Jackson – Tel: 703-714-1316 / E-mail: rhj@CommLawGroup.com
Ron Quirk – Tel: 703-714-1305 / E-mail: req@CommLawGroup.com
Diana James – Tel: 703 663-6757 / E-mail: daj@CommLawGroup.com
