justin/new-site
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
new-site/scripts/document_gen/templates/guides/kyc_procedures.md
justin f8cd37ac8c Initial commit — Performance West telecom compliance platform 
Includes: API (Express/TypeScript), Astro site, Python workers,
document generators, FCC compliance tools, Canada CRTC formation,
Ansible infrastructure, and deployment scripts.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-27 06:54:22 -05:00

184 lines
8 KiB
Markdown
Raw Blame History

# Know Your Customer (KYC) Procedures Guide
## Implementation Handbook for Voice Service Providers
**Prepared by Performance West Inc.**
**Effective Date: 2026**
---
## 1. What Are KYC Procedures Under the RMD?
The FCC's 2025 RMD Report & Order requires all voice service providers to implement **Know Your Customer (KYC) procedures** as part of their robocall mitigation program. KYC is the process of verifying the identity and legitimacy of customers before providing them with voice service — and monitoring them on an ongoing basis.
**Regulatory basis:** 47 CFR § 64.1200(n)(4), reinforced by the 2025 RMD Report & Order (FCC 25-6)
---
## 2. Required KYC Elements
Your KYC program must include:
### A. Information Collection at Signup
Collect the following from every new customer before activating service:
| Required Information | Purpose |
|---|---|
| Full legal name (individual or entity) | Identity verification |
| Physical business address (no P.O. boxes for high-volume/toll-free) | Location verification |
| Business identification (EIN/tax ID, or last 4 SSN for individuals) | Tax identity confirmation |
| Government-issued photo ID | Identity authentication |
| Business website or description of legitimate business purpose | Legitimacy assessment |
| Contact phone and email | Communication channel |
### B. Verification Steps
For each new customer, perform these checks:
1. **Cross-reference business name + EIN** against your state's business registry or IRS database
2. **Verify address** via USPS Address Verification or a third-party source (LexisNexis, Dun & Bradstreet)
3. **Authenticate photo ID** — confirm it is genuine, not expired, and the name matches (see recommended tool below)
4. **Open-source search** — search the customer name and principals for:
- Prior association with illegal robocalling
- Inclusion on the ITG's known bad-actor traceback list
- FCC enforcement actions or complaints
- Spoofing or fraud complaints
#### Recommended: Stripe Identity for ID Verification
For automated, reliable identity verification, we recommend **Stripe Identity** (https://stripe.com/identity). It provides:
- **Government-issued ID document verification** — authenticates the ID is real, not expired, and not tampered with
- **Selfie matching with liveness detection** — confirms the person holding the ID is the person on it
- **SSN-based ID number lookup** (US only) — cross-references against authoritative databases
**Pricing:**
- **First 50 verifications: FREE** (included with any Stripe account)
- **$1.50 per verification** after the free tier
- **Volume discounts** available for 2,000+ verifications/month (contact Stripe)
This is significantly cheaper than traditional KYC vendors and integrates directly into your customer onboarding flow via API or hosted verification page. Most small-to-mid carriers will stay within the free tier (50 new customers per billing cycle). At $1.50 each after that, verifying 100 customers costs just $75.
**Integration:** Stripe Identity can be embedded as a link in your customer signup form — the customer clicks a link, takes a photo of their ID and a selfie, and Stripe returns a pass/fail result to your system within seconds. No manual review needed for passing verifications.
### C. Red-Flag Review
Trigger enhanced due diligence when any of the following occur:
- Customer is unwilling or unable to provide complete KYC information
- Discrepancies between provided information and public records
- Use of privacy-protected or anonymous registration services
- Usage patterns inconsistent with stated business purpose
- Prior complaints, tracebacks, or enforcement actions linked to the customer
- Request for unusually high call volumes relative to stated business size
### D. Ongoing Monitoring
- **Annual re-vetting** for all customers (minimum)
- **Immediate re-review** upon complaints, traceback requests, or anomalous traffic patterns
- **High-volume/toll-free customers:** quarterly review
---
## 3. Implementation Steps
### Step 1: Create Your KYC Intake Form
Build a customer onboarding form (paper or digital) that collects all required fields. Store responses in your CRM or customer database.
**Recommended fields:**
```
- Legal entity name
- DBA / trade name
- Entity type (LLC, Corp, Sole Prop, etc.)
- EIN or Tax ID
- State of formation
- Physical address (street, city, state, zip)
- Mailing address (if different)
- Primary contact name, title, phone, email
- Government-issued ID (upload or in-person)
- Business website URL
- Description of intended use of voice services
- Expected monthly call volume
- Authorized signatory for service agreement
```
### Step 2: Build Your Verification Checklist
For each new customer, a team member should complete:
- [ ] Business name verified against state registry
- [ ] EIN verified (IRS EIN verification letter or cross-reference)
- [ ] Address validated via USPS or third-party
- [ ] Photo ID reviewed and authenticated
- [ ] Web search completed for bad-actor associations
- [ ] ITG traceback list checked (if available)
- [ ] FCC ECFS searched for complaints against this entity
- [ ] No red flags identified (or enhanced due diligence completed)
- [ ] Acceptable Use Policy signed by customer
- [ ] Service activated
### Step 3: Acceptable Use Policy
Every customer must sign an Acceptable Use Policy (AUP) that includes:
- Prohibition of illegal robocalling, spoofing, and fraud
- Prohibition of originating calls to/from DNO-listed numbers
- Agreement to cooperate with traceback requests
- Right to immediately suspend service for violations
- Requirement to notify you of changes to business information
### Step 4: Set Up Ongoing Monitoring
Configure your systems to flag:
- Customers exceeding their stated call volume by 2x or more
- Sudden spikes in short-duration calls (potential robocall signature)
- High Answer-Seizure Ratio (ASR) anomalies
- Complaints received from downstream carriers or end users
- Traceback requests from ITG or law enforcement
### Step 5: Document Your Process
Write an internal SOP document covering:
- Who performs KYC reviews (role/title)
- How records are stored and for how long
- What triggers enhanced due diligence
- How to handle customer refusals
- Escalation procedures for red-flag findings
---
## 4. Documenting KYC in Your RMD Filing
Your RMD certification (Exhibit A) should include:
> "[Company Name] conducts internal Know Your Customer (KYC) procedures for all customers. At account signup or upon any material change in service usage, we require and collect: full legal name, physical business address, business identification (EIN or tax ID), government-issued photo ID, and a description of legitimate business purpose. We cross-reference business information against state registries, validate addresses via USPS, verify photo ID authenticity, and conduct open-source searches for prior robocalling associations. Enhanced due diligence is triggered when red flags are identified."
---
## 5. Common Mistakes to Avoid
| Mistake | Consequence |
|---|---|
| No KYC section in RMD filing | Filing flagged as deficient under 2026 requirements |
| Collecting info but not verifying it | Non-compliance — verification is the key requirement |
| No ongoing monitoring after signup | Fails the "continuous compliance" standard |
| No AUP or terms of service | Cannot enforce against abusive customers |
| Storing KYC data without security measures | Potential data breach liability |
---
## 6. Resources
- **FCC 47 CFR § 64.1200(n)(4):** KYC requirements for voice service providers
- **ITG (Industry Traceback Group):** https://tracebacks.org
- **FCC ECFS (complaints search):** https://www.fcc.gov/ecfs/
- **USPS Address Verification:** https://tools.usps.com/zip-code-lookup.htm
- **IRS EIN Verification:** https://www.irs.gov/businesses/small-businesses-self-employed/employer-id-numbers
---
*This guide is provided for informational purposes as part of your RMD filing service. It is not legal advice.*
*Performance West Inc. — performancewest.net — 1-888-411-0383*
Reference in a new issue View git blame Copy permalink