HWG LLP Client Advisory
By: Kristine L. Devine, Jennifer P. Bagg, and Owen Smith
On Tuesday, February 4th, the FCC issued a Notice of Apparent Liability (“NAL”), imposing a $4.5 million dollar fine on Telnyx LLC, a Voice Over Internet Protocol provider, for allowing bad actors to originate fraudulent calls on its network. The decision is notable because it outlines, for the first time, enhanced “know your customer” (“KYC”) processes that the FCC expects carriers to follow.
The NAL calls out Telnyx for failing to adhere to the FCC’s KYC rules, which allowed bad actors to place numerous fraudulent calls purporting to be from the FCC’s Fraud Prevention Team. But the FCC has no such team, and some of the recipients of these calls were, in fact, FCC staffers. Despite self-disclosing the fraudulent calls, the FCC imposed the $4.5 million penalty on Telnyx because the FCC said that Telnyx’s KYC efforts were inadequate, even though there was no violation of a clear rule. The Commission announced that this enforcement action is part of its “ongoing effort to hold voice service providers accountable for failing to protect their networks from illegal robocallers.”1
Overview of KYC Rules: The FCC’s KYC rules require a voice service provider to “[t]ake affirmative, effective measures to prevent new and renewing customers from using its network to originate illegal calls, including knowing its customers.”2 It also requires voice service providers to file robocall mitigation plans documenting the steps they take to prevent their networks from being used for fraudulent calls. But the FCC does not require robocall mitigation plans to describe any particular KYC procedures, and until now has provided little guidance to voice service providers on what it will consider effective with respect to such KYC programs. Indeed, the Commission’s orders have stated only that originating service providers “exercise due diligence in ensuring that their services are not used to originate illegal traffic.”3 Beyond that, the Commission has explained that it does “not require that voice service providers take specific, defined steps, but instead permit them flexibility to determine what works best on their networks.”4
Facts of the Case: The facts in the Telnyx NAL indicate that, upon receiving two new customer applications, Telnyx used a third-party vendor to assist in verifying the information in those applications. The third-party vendor report on these customers indicated that the information provided had not been flagged for previous wrongdoing.5 Telnyx also took a number of additional steps, apparently to verify these customers; however that information is redacted from the NAL.6
Almost immediately after Telnyx approved these applications, the new accounts made 1,797 illegal calls.7 Many of these calls targeted FCC staff and their family members. The calls transmitted the following artificial and prerecorded voice message:
“Hello [first name of recipient] you are receiving an automated call from the Federal Communications Commission notifying you the Fraud Prevention Team would like to speak with you. If you are available to speak now please press one. If you prefer to schedule a call back please press two.8”
The FCC has no such “Fraud Prevention Team” and the FCC was not responsible for these calls. Some recipients were connected with live individuals who demanded they pay the FCC $1,000 in Google gift cards.9
In the course of Telnyx’s routine examination of new users, Telnyx flagged one of these new accounts for further internal investigation, and then terminated the account, determining that the nature of its calls violated Telnyx’s terms and conditions and acceptable use policy.10 Telnyx then self-reported the account to the Commission.11 The FCC Enforcement Bureau then worked with the Industry Traceback Group to verify the source of the fraudulent calls, which also confirmed that Telnyx was the originating voice service provider.12 Telnyx responded to several subpoenas from the FCC related to determining the identity of the account owners, which the Commission was unable to do.
Telnyx’s KYC Procedures: The Commission found that Telnyx’s KYC procedures were inadequate because it did not: associate individual names with provided addresses, associate email domains with known businesses, satisfactorily verify business websites created close in time to the new customers’ applications for services, associate IP addresses with the business addresses seeking service, and did not consider as suspicious, in conjunction with the other factors, payments in Bitcoin with anonymized transaction IDs and wallet addresses.13
The Commission examples of KYC requirements came from an August 2024 Consent Decree with Lingo Telecom LLC resolving alleged robocall and STIR/SHAKEN violations14 related to AI deepfake messages in former President Joseph Biden’s voice that encouraged potential voters to abstain from voting in the primary election.15 The Lingo Consent Decree required Lingo to implement new Operating Procedures, which included an “Enhanced” KYC section.16
Despite these procedures being labeled as “enhanced,” and explicitly stating that these steps were required of Lingo “in addition” to compliance with the Commission’s know your customer regulation, the Commission listed them in the Telnyx NAL as “[m]easures that may contribute to satisfying the KYC obligation.”17 These measures include obtaining supporting records to verify the customer’s identity such as copies of government issued identification, corporate formation records, proof of good standing, a federal employer identification number or business registration number, an active telephone number, third-party records of a customer’s physical address, type of goods or services offered, and verification of commercial presence.18
$4.5 Million Penalty: The FCC found that Telnyx’s conduct supported an upward adjustment of the $4.5 million penalty for “egregiousness and substantial harm.”19 But the Commission declined to increase the forfeiture, instead stating that “in light of Telnyx’s prompt disclosure to the Commission that it had originated these calls, we decline to apply an upward adjustment.”20 The FCC then encouraged “parties to continue to work with the Commission early on and to disclose potential violations.”21 Commissioner Gomez’s Statement accompanying the NAL makes clear that the Commission might have levied an even higher penalty without the inclusion of her “edits to . . . encourage self-reporting.”22
Conclusion: The Telnyx NAL, approved with a 3-1 vote, was the first commission-level vote under its new Republican chair, Brendan Carr. Fellow Republican Commissioner, Nathan Simington, dissented as he has done for months on all enforcement actions due to questions about the agency’s enforcement authority after recent Supreme Court decisions.
This NAL indicates the FCC’s position is that sufficient KYC procedures must involve at least some corroboration of information provided by customers, and that voice service providers have an affirmative obligation to investigate discrepancies in the information provided by customers. The NAL makes clear that the FCC believes the KYC obligation does not allow providers to take customer information at face value; nor will providers avoid liability by relying on robust procedures that monitor for, and swiftly block, unlawful calls made using their networks. Fixing deficiencies similar to those cited in the Telnyx NAL, and implementing the enhanced procedures listed in the Lingo Consent Decree, where possible, may help to shield voice service providers from liability.
1 Telnyx LLC, Notice of Apparent Liability for Forfeiture, FCC 25-10, ¶ 1 (rel. Feb. 4, 2025) (“Telnyx NAL”).
2 47 CFR § 64.1200(n)(4).
3 Advanced Methods to Target and Eliminate Unlawful Robocalls, Fourth Report and Order, 35 FCC Rcd. 15221, 15233 ¶ 32 (2020).
4 Id.
5 Telnyx NAL ¶¶ 5–10.
6 Id.
7 Id. ¶ 7.
8 Id. ¶ 5.
9 Id.
10 Id.
11 Id.
12 Id. ¶ 6.
13 Id. ¶ 15.
14 Id. ¶ 11; In re Lingo Telecom, LLC, Order, DA 24-790 (rel. Aug. 21, 2024) (“Lingo Consent Decree”).
15 Lingo Consent Decree ¶ 3.
16 Id. at Attachment 1.
17 Telnyx NAL ¶ 11.
18 Id.
19 Telnyx NAL ¶ 27.
20 Id.
21 Id.
22 Id. at Statement of Commissioner Anna M. Gomez.