FCC issues enforcement order for deficient RMD filings

The FCC Enforcement Bureau issued an order on December 10, 2024, to notify over 2,400 companies of deficiencies in their Robocall Mitigation Database certifications. Let’s have a look.

The Commission amended the requirements for Robocall Mitigation Database (RMD) certification on March 16, 2023, and again on May 18, 2023. These amendments took effect on February 26, 2024, requiring all existing filers to update their RMD certifications and robocall mitigation plans by that date.

Terminology

• Robocall Mitigation Database certification. Information provided by the filer in the RMD web submission form.
• Robocall mitigation plan. A PDF document prepared by the filer describing their robocall mitigation program. The PDF document is uploaded by the filer with their RMD certification in the submission form.

Requirements

The full requirements are described in the following documents:

• Sixth Report and Order, adopted March 16, 2023.
• Public Notice released January 25, 2024, summarizing the requirements in the Sixth Order and specifying the compliance date of February 26, 2024.
• Robocall Mitigation Database External Filing Instructions, updated in January 2024.

Here’s a summary of the additional requirements:

• Universal RMD filing obligation. All providers must submit or resubmit a certification filing.
• Additional information in the Submission Form.
  1. The role(s) the filer the filer plays in the call chain.
  2. Detailed information to support any claimed STIR/SHAKEN implementation extension.
  3. Information regarding their principals, affiliates, subsidiaries, and parent companies.
  4. A statement whether they are subject to enforcement, regulatory action, or investigation.
  5. The filer’s Operating Company Number (OCN), if they have one.
• Additional information in the robocall mitigation plan.
  1. All providers must upload a robocall mitigation plan.
  2. Gateway providers must describe their know-your-upstream-provider program.
  3. Voice service providers must describe their affirmative, effective measures to prevent new and existing customers from originating illegal robocalls.
  4. Non-gateway intermediate providers and voice service providers must describe their know-your-upstream-provider procedures.
  5. All providers must describe any call analytics systems they use to identify and block illegal traffic, including whether they use a third-party vendor(s) and the name of the vendor(s).

Please note that this summary doesn’t tell you everything you need to know for compliance. The details are in the documents listed at the top of this section.

Observations

We don’t have statistics on the types of deficiencies, but based on anecdotal information, we suspect that many of these companies simply failed to update their existing RMD certification in the web submission form and upload a revised plan.

We also suspect that many filers may have overlooked the “Principals, Affiliates, Subsidiaries, and Parent Companies” part of the web submission form, perhaps not realizing that a “principal” is a person with controlling authority.

Paragraph 201 from the Fifth Further Notice of Proposed Rulemaking explains why the Commission amended this requirement:

[W]e propose to require filers to add information regarding principals, known affiliates, subsidiaries, and parent companies. We seek comment on this proposal. Will such information help identify bad actors and further our enforcement efforts, such as by identifying bad actors previously removed from the Robocall Mitigation Database that continue to be affiliated with other entities filing in the Robocall Mitigation Database? Will such information ease and enhance compliance by facilitating searches within the Robocall Mitigation Database and cross-checking information within the Robocall Mitigation Database against other sources?

Based on our reading, we believe that the Commission expects to see the names of people with controlling authority within the filing organization. This would make it possible to follow a bad actor banned from filing in one organization from appearing in the filing of another.

Legal disclaimer

TransNexus does not provide legal advice. Our description and discussion of the FCC orders is based upon our reading of the documents. Please consult your attorney for legal advice.

Deadline

The order states that “Each Company must provide its response to this Order to the Bureau no later than 14 days after publication of a summary of this Order in the Federal Register.”

We don’t know when a summary of the order will be published in the Federal Register, but the deadline will come soon after. The companies named in the order should begin curing their RMD certification filing and plan as soon as possible.

More information

• News Release
• Enforcement Order

TransNexus solutions

TransNexus is a leader in developing innovative software to manage and protect telecommunications networks. The company has over 25 years of experience in providing telecom software solutions including branded calling, toll fraud prevention, robocall mitigation and prevention, TDoS prevention, analytics, routing, billing support, STIR/SHAKEN and SHAKEN certificate services.

Contact us today to learn more.