# Know Your Customer (KYC) Procedures Guide

## Implementation Handbook for Voice Service Providers

**Prepared by Performance West Inc.**
**Effective Date: 2026**

---

## 1. What Are KYC Procedures Under the RMD?

The FCC's 2025 RMD Report & Order requires all voice service providers to implement **Know Your Customer (KYC) procedures** as part of their robocall mitigation program. KYC is the process of verifying the identity and legitimacy of customers before providing them with voice service — and monitoring them on an ongoing basis.

**Regulatory basis:** 47 CFR § 64.1200(n)(4), reinforced by the 2025 RMD Report & Order (FCC 25-6)

---

## 2. Required KYC Elements

Your KYC program must include:

### A. Information Collection at Signup

Collect the following from every new customer before activating service:

| Required Information | Purpose |
|---|---|
| Full legal name (individual or entity) | Identity verification |
| Physical business address (no P.O. boxes for high-volume/toll-free) | Location verification |
| Business identification (EIN/tax ID, or last 4 SSN for individuals) | Tax identity confirmation |
| Government-issued photo ID | Identity authentication |
| Business website or description of legitimate business purpose | Legitimacy assessment |
| Contact phone and email | Communication channel |

### B. Verification Steps

For each new customer, perform these checks:

1. **Cross-reference business name + EIN** against your state's business registry or IRS database
2. **Verify address** via USPS Address Verification or a third-party source (LexisNexis, Dun & Bradstreet)
3. **Authenticate photo ID** — confirm it is genuine, not expired, and the name matches (see recommended tool below)
4. **Open-source search** — search the customer name and principals for:
   - Prior association with illegal robocalling
   - Inclusion on the ITG's known bad-actor traceback list
   - FCC enforcement actions or complaints
   - Spoofing or fraud complaints

#### Recommended: Stripe Identity for ID Verification

For automated, reliable identity verification, we recommend **Stripe Identity** (https://stripe.com/identity). It provides:

- **Government-issued ID document verification** — authenticates the ID is real, not expired, and not tampered with
- **Selfie matching with liveness detection** — confirms the person holding the ID is the person on it
- **SSN-based ID number lookup** (US only) — cross-references against authoritative databases

**Pricing:**
- **First 50 verifications: FREE** (included with any Stripe account)
- **$1.50 per verification** after the free tier
- **Volume discounts** available for 2,000+ verifications/month (contact Stripe)

This is significantly cheaper than traditional KYC vendors and integrates directly into your customer onboarding flow via API or hosted verification page. Most small-to-mid carriers will stay within the free tier (50 new customers per billing cycle). At $1.50 each after that, verifying 100 customers costs just $75.

**Integration:** Stripe Identity can be embedded as a link in your customer signup form — the customer clicks a link, takes a photo of their ID and a selfie, and Stripe returns a pass/fail result to your system within seconds. No manual review needed for passing verifications.

### C. Red-Flag Review

Trigger enhanced due diligence when any of the following occur:

- Customer is unwilling or unable to provide complete KYC information
- Discrepancies between provided information and public records
- Use of privacy-protected or anonymous registration services
- Usage patterns inconsistent with stated business purpose
- Prior complaints, tracebacks, or enforcement actions linked to the customer
- Request for unusually high call volumes relative to stated business size

### D. Ongoing Monitoring

- **Annual re-vetting** for all customers (minimum)
- **Immediate re-review** upon complaints, traceback requests, or anomalous traffic patterns
- **High-volume/toll-free customers:** quarterly review

---

## 3. Implementation Steps

### Step 1: Create Your KYC Intake Form

Build a customer onboarding form (paper or digital) that collects all required fields. Store responses in your CRM or customer database.

**Recommended fields:**
```
- Legal entity name
- DBA / trade name
- Entity type (LLC, Corp, Sole Prop, etc.)
- EIN or Tax ID
- State of formation
- Physical address (street, city, state, zip)
- Mailing address (if different)
- Primary contact name, title, phone, email
- Government-issued ID (upload or in-person)
- Business website URL
- Description of intended use of voice services
- Expected monthly call volume
- Authorized signatory for service agreement
```

### Step 2: Build Your Verification Checklist

For each new customer, a team member should complete:

- [ ] Business name verified against state registry
- [ ] EIN verified (IRS EIN verification letter or cross-reference)
- [ ] Address validated via USPS or third-party
- [ ] Photo ID reviewed and authenticated
- [ ] Web search completed for bad-actor associations
- [ ] ITG traceback list checked (if available)
- [ ] FCC ECFS searched for complaints against this entity
- [ ] No red flags identified (or enhanced due diligence completed)
- [ ] Acceptable Use Policy signed by customer
- [ ] Service activated

### Step 3: Acceptable Use Policy

Every customer must sign an Acceptable Use Policy (AUP) that includes:

- Prohibition of illegal robocalling, spoofing, and fraud
- Prohibition of originating calls to/from DNO-listed numbers
- Agreement to cooperate with traceback requests
- Right to immediately suspend service for violations
- Requirement to notify you of changes to business information

### Step 4: Set Up Ongoing Monitoring

Configure your systems to flag:
- Customers exceeding their stated call volume by 2x or more
- Sudden spikes in short-duration calls (potential robocall signature)
- High Answer-Seizure Ratio (ASR) anomalies
- Complaints received from downstream carriers or end users
- Traceback requests from ITG or law enforcement

### Step 5: Document Your Process

Write an internal SOP document covering:
- Who performs KYC reviews (role/title)
- How records are stored and for how long
- What triggers enhanced due diligence
- How to handle customer refusals
- Escalation procedures for red-flag findings

---

## 4. Documenting KYC in Your RMD Filing

Your RMD certification (Exhibit A) should include:

> "[Company Name] conducts internal Know Your Customer (KYC) procedures for all customers. At account signup or upon any material change in service usage, we require and collect: full legal name, physical business address, business identification (EIN or tax ID), government-issued photo ID, and a description of legitimate business purpose. We cross-reference business information against state registries, validate addresses via USPS, verify photo ID authenticity, and conduct open-source searches for prior robocalling associations. Enhanced due diligence is triggered when red flags are identified."

---

## 5. Common Mistakes to Avoid

| Mistake | Consequence |
|---|---|
| No KYC section in RMD filing | Filing flagged as deficient under 2026 requirements |
| Collecting info but not verifying it | Non-compliance — verification is the key requirement |
| No ongoing monitoring after signup | Fails the "continuous compliance" standard |
| No AUP or terms of service | Cannot enforce against abusive customers |
| Storing KYC data without security measures | Potential data breach liability |

---

## 6. Resources

- **FCC 47 CFR § 64.1200(n)(4):** KYC requirements for voice service providers
- **ITG (Industry Traceback Group):** https://tracebacks.org
- **FCC ECFS (complaints search):** https://www.fcc.gov/ecfs/
- **USPS Address Verification:** https://tools.usps.com/zip-code-lookup.htm
- **IRS EIN Verification:** https://www.irs.gov/businesses/small-businesses-self-employed/employer-id-numbers

---

*This guide is provided for informational purposes as part of your RMD filing service. It is not legal advice.*

*Performance West Inc. — performancewest.net — 1-888-411-0383*