FCC KYC Proposal Raises New Compliance Risks for Voice Providers

A proposed FCC framework around Know Your Customer (KYC) requirements could significantly increase compliance exposure for voice service providers — particularly if enforcement penalties are ultimately assessed on a per-call basis.

In recent commentary, Convoso Head of Compliance Paul St. Clair highlighted a key issue within the FCC’s latest FNPRM KYC proposal: the possibility that onboarding and customer verification failures could carry scaled enforcement exposure tied directly to call volume.

“The risk of noncompliance could be huge,” St. Clair noted.

At a glance

• The FCC is proposing enhanced KYC requirements for voice service providers.

• Providers could potentially face per-call liability for KYC failures.

• The proposal may push providers toward more formalized onboarding and verification processes.

• Potential requirements include re-verification triggers, multi-year record retention, and identity verification procedures.

• More prescriptive standards could create operational friction but improve regulatory clarity.

Why per-call liability matters

One of the most significant aspects of the FCC’s recent proposal is how potential enforcement penalties could be calculated.

“The FCC proposes assessing penalties on a per-call basis for failures to comply with its Know-Your-Customer requirements,” St. Clair explained.

This proposed structure could materially change how providers evaluate compliance risk because exposure may scale alongside traffic volume.

“That approach ties enforcement directly to call volume and consumer harm,” St. Clair said. “It also meaningfully increases risk exposure for originating service providers, not just the entities placing illegal or unwanted calls.”

For high-volume providers, even relatively small gaps in onboarding or customer due diligence processes could potentially create substantial financial exposure if violations are ultimately enforced at the call level.

The FCC may be moving toward more defined KYC expectations

“The FCC has long required providers to ‘know their customers’ but has not defined KYC with much precision,” St. Clair explained.

According to St. Clair, that ambiguity has historically made KYC difficult to operationalize consistently across the industry, particularly when providers attempt to build standardized onboarding and risk management workflows.

For voice service providers, that uncertainty can create challenges around:

• onboarding standards

• escalation procedures

• customer documentation requirements

• ongoing monitoring expectations

• internal risk thresholds

The proposed framework may also signal a shift away from broad principles-based expectations toward more prescriptive compliance guidance.

“Subjective standards are difficult to operationalize,” St. Clair noted. “It would be easier to design processes that are consistent and aligned with regulatory expectations once final rules are adopted.”

Proposed requirements could affect multiple operational workflows

Beyond the question of liability, the FCC is also seeking comment on several additional KYC-related obligations that could affect provider operations.

Potential requirements under discussion include:

• Re-verification tied to changes in traffic patterns or emerging risk signals

• Multi-year retention requirements for KYC documentation

• Government identity document verification procedures

• Expanded onboarding and due diligence obligations

Under the proposed rules, providers may need to retain certain KYC records for at least four years after a customer relationship ends.

While additional requirements could introduce onboarding friction and increase compliance costs, some providers may ultimately welcome clearer standards that reduce ambiguity around FCC expectations.

Recent FCC enforcement activity may offer insight into the direction ahead

According to St. Clair, the proposal also aligns with recent FCC enforcement activity involving provider oversight and unlawful traffic transmission.

In a recent Notice of Apparent Liability, the FCC proposed a $4.5 million fine against a gateway provider for allegedly carrying unlawful traffic tied to an upstream customer.

“The FCC calculated the forfeiture on a per-call basis, applying a $2,500 penalty to a subset of calls,” St. Clair observed.

While that enforcement action focused on robocall mitigation obligations rather than KYC specifically, the proposal suggests the Commission may increasingly view onboarding, customer verification, and ongoing monitoring as critical compliance functions — not merely administrative processes.

“This KYC proposal extends per-call liability directly into the onboarding and customer due diligence context,” St. Clair said.

What this means for providers

For providers, the larger challenge may ultimately be execution.

If final rules become more prescriptive, providers may need to reevaluate onboarding workflows, customer monitoring procedures, documentation practices, escalation protocols, and long-term record retention strategies.

The proposed standards also raise questions around how providers identify elevated risk, when customers should be re-verified, and what level of due diligence may ultimately satisfy FCC expectations.

Most importantly, the proposal introduces the possibility that KYC compliance failures may no longer represent isolated procedural issues, but scalable enforcement exposure tied directly to traffic volume.

“Ultimately, if liability is assessed per call, then gaps in KYC controls can translate directly into scaled exposure,” St. Clair warned.

While the FCC has not yet adopted final rules, telecom providers should expect increased scrutiny around onboarding documentation, customer verification procedures, and ongoing monitoring controls.

Stay ahead of FCC compliance changes

FCC rulemaking and robocall enforcement continue to evolve rapidly. Subscribe to Convoso’s monthly compliance newsletter for updates and analysis on emerging regulations, KYC expectations, robocall mitigation policies, and developments impacting outbound contact centers and telecom providers.

Subscribe to Compliance Updates

About Compliance Watch

Compliance Watch is a recurring Convoso blog series covering regulatory developments impacting outbound calling, telecom compliance, and contact center operations. Insights in this article include commentary from Convoso Head of Compliance Paul St. Clair.