We can all see the FCC increasing its enforcement efforts through more and more requirements for service providers. An annual Robocall Mitigation Database (RMD) recertification that has to happen before March 1st of each year. Stricter requirements for those RMD filings. Swift removal of non-compliant providers. Beefed up KYC and KYUP requirements. The list goes on.
That means it’s more important than ever to stay compliant, whether you are a voice service provider, a wholesale carrier, a CPaasS platform, or even an MNVO. A robust, documented, implemented robocall mitigation program is no longer optional, and the right robocall mitigation strategy will help with many key goals:
- Reducing regulatory risk and potential fines
- Maintaining a good standing in the RMD so other carriers accept your traffic
- Protecting legitimate call completion rates.
- Improving network efficiency by blocking bad calls early
- Strengthening Know Your Customer (KYC) and Know Your Upstream Provider (KYUP) processes
To help with compliance, here is a practical, actionable Robocall Mitigation Checklist, tailored for service providers. Use it to audit your current program and identify gaps that can get you into trouble.
The Ultimate Mitigation Checklist for Service Providers.
Here is the set of things you need to pay attention to and address. (Note: We’re not lawyers, but this is the checklist we follow for YouMail’s consumer phone services.)
#1: The Robocall Mitigation Database (RMD)
Ensure your Robocall Mitigation Database filing is current, accurate, and complete. This includes detailed descriptions of your mitigation practices, which includes specific, reasonable steps you’re taking. Don’t forget you have to re-certify annually by March 1st, and that you have to update your information within 10 business days of any changes. Make sure to support your filing with internal records of policies, monitoring results, actions taken, and effectiveness.
#2: STIR/SHAKEN
It’s a little late but you should have fully implemented STIR/SHAKEN Caller ID Authentication in the IP portions of your network. On top of that, you need to ensure you have obtained your own SPC token and certificate, as third-party signing is no longer allowed. Finally, you need to be carefully applying appropriate attestation levels (A, B, or C) based on your knowledge of the caller.
#3: KYC and KYUP
You need to make sure you’ve implemented strong Know Your Customer (KYC) and Know Your Upstream Provider (KYUP) processes. This means performing thorough due diligence on all customers and upstream providers before on-boarding. Make sure your contracts prohibit illegal robocall traffic and allow you to terminate early if there is problematic behavior.
#4: Tracebacks
You have to be set up to participate actively in tracebacks. Ideally, you wouldn’t get any, but if you do get traceback requests, you need to respond to them within the FCC’s allowed 24-hour window. Make sure you maintain processes to quickly identify the source of problematic traffic and provide accurate information to the Industry Traceback Group (ITG).
#5: Real-Time Monitoring and Risk Scoring
You need to Know Your Traffic (KYT). That means monitoring your traffic for evidence of problems, and it means actively shutting down customers or partners that appear to be participating in calling fraud or unlawful calling. If you are a gateway or intermediate provider, you should apply heightened scrutiny to international origination, as it’s a common vector for illegal traffic.
#6: Call Blocking
You must block traffic your tools say is problematic or that comes from numbers on own internal block lists. And you also need to block certain other categories of calls, such as calls from numbers on Do Not Originate (DNO) lists or that are to or from providers removed from the RMD.
#7: Measurement
You need to measure the effectiveness of your program. Some common metrics include traceback volume, blocked call volume, and complaint rates. Use this data to refine your program and support RMD recertifications.
How Advanced Solutions Like YouMail Protective Services Help
Meeting these requirements manually is resource-intensive, especially when it comes to monitoring and making decisions about what to block or which customers do cut off. YouMail Protective Services provides services that can significantly strengthen your program and lessen the cycles you have to devote to it:
- Watch delivers rich, evidence-based, actionable intelligence to quickly find and shut down problematic sources of traffic.
- Score provides reliable real-time risk scoring for fraud, unlawful activity, and spam, enabling proactive network-level blocking while protecting legitimate traffic.
Together, they help providers reduce risk, reclaim network capacity, and demonstrate effective mitigation to regulators and partners.
The World Has Changed
Robocall mitigation is now an ongoing operational requirement, not a one-time filing. Providers who treat it with the respect it deserves will face less enforcement risk and gain a competitive advantage through cleaner, more trusted networks.
Get started by using this checklist to audit your current setup against the latest FCC expectations, and identify quick wins. And to learn more and arrange a personalized consultation, check out what YouMail Protective Services can offer service providers to help with robocall mitigation.
