When the Federal Communications Commission (FCC) set new rules regarding STIR/SHAKEN call authentication, it meant big changes for voice service providers both in and outside the United States. These new rules focused on reducing unwanted and illegal robocalls, and companies either needed to be compliant or have a robocall mitigation plan in place.
Unfortunately, implementing STIR/SHAKEN call authentication created a major burden for certain companies. This is why submission of a mitigation plan would grant certain businesses an extension past the June 2021 deadline for STIR/SHAKEN implementation.
With the first set of extensions set to expire in June 2022, some firms will have to become compliant fast.
Deadline Extensions for Robocall Mitigation Plans
The initial deadline for STIR/SHAKEN compliance was June 30, 2021. If you received an extension after completing a robocall mitigation plan, your new deadline is based on the justification for your extension.
Submission of a plan to significantly reduce the origination of robocalls provided extra time, but updated deadlines are quickly approaching.
Here are those deadlines for those who received an extension after alerting the FCC of their robocall mitigation program:
Extension for Firms That Can’t Get STIR/SHAKEN Certificate
To participate in the STIR/SHAKEN call authentication, a company must meet several requirements. That’s because the necessary certificate comes directly from the program’s Governance Authority. Companies can only get such a certificate if they:
- Have a current Form 499-A on file with the FCC.
- Have been assigned an Operating Company Number (OCN) or a Resp Org ID.
- Have certified with the FCC that they have implemented STIR/SHAKEN or comply with the Robocall Mitigation Program requirements, and are listed in the FCC database; or is a non-service provider Resp Org that has direct access to TNs from the Toll-Free Number Administrator (TFNA).
Unfortunately, not all voice service providers meet these requirements.
This is particularly true for many VoIP providers. That’s because they obtain numbers from carrier partners. Such requirements are prejudicial for these firms, so extensions were available until they could obtain certificates. Even so, they still had to submit robocall mitigation plans.
Continuing Extensions of Non-IP Network Portions
The non-IP portions of a provider’s network could also receive extensions. To qualify, the provider had to either begin upgrading their networks fully to IP so STIR/SHAKEN could be implemented or develop another authentication solution for non-IP authentication.
Section 214 Discontinuation Extensions
Any voice provider that planned on filing a Section 214 discontinuance application could receive a one-year extension. The application must have been filed on or before the initial deadline of June 30, 2021. This extension expires on June 30, 2022.
Small Provider Extensions
Any company without 100,000 or more subscriber lines could receive a two-year extension following submission of a robocall mitigation plan. All voice providers that met these requirements had an initial deadline of June 30, 2023. The FCC recently shortened this deadline, however, for certain non-facilities-based providers.
The FCC set the shortened deadline to expire on June 30, 2022. It only applies to the non-facilities-based providers that solely use connections they do not sell themselves or through affiliates. This means many providers have a full year less than they anticipated to achieve STIR/SHAKEN compliance.
Even if you met the requirements of a robocall mitigation plan (avoidance of originating illegal robocalls, responding to Industry Traceback Group requests, and cooperating in investigations while stopping illegal robocallers), you’ll still need to abide by the new deadline if you fall into this category.
How to Become STIR/SHAKEN Compliant
If you are a voice service provider, it’s come down to the line to become STIR/SHAKEN compliant. The extensions no doubt were helpful, but if you filed for one in the hopes you may become exempt, it’s unlikely this will happen. The FCC reported that only seven voice service providers qualified for such an exemption.
Hopefully, your robocall mitigation plan has helped your company reduce unwanted and illegal phone calls.
What can you do now, however, to become compliant? Here are the three steps required to meet these new FCC rules:
- Any calls originating exclusively on a provider’s own network must have caller ID information authenticated and verified.
- Any call originating from a provider that is exchanged with another provider must have its caller ID authenticated. If technically feasible, the provider must also transmit caller ID information along with the authentication to the subsequent provider.
- Any calls terminating with a provider must verify the caller ID information sent by the provider originating the call.
There are several obligations necessary to meet these requirements.
For instance, a provider that terminates a call from another provider has to use a verification service that utilizes a public key to verify caller ID information and ensure it’s compliant with STIR/SHAKEN protocol.
Such actions are expected to significantly reduce illegal robocalls — and thus instances of fraud that come from such calls. Combined with the robocall mitigation plan providers had to submit, becoming STIR/SHAKEN compliant means a voice service provider is safeguarding their subscribers while also staying within the confines of the law.
Make Your Business STIR/SHAKEN Compliant Today
The TRACED Act meant major changes for voice service providers around the world. By allowing certain entities to receive extensions via robocall mitigation plans, the FCC ensured even those who had difficulty attaining STIR/SHAKEN compliance could work within new legal realities. If you received such an extension, though, it’s time to become compliant.
Even if you received a two-year extension, it’s important not to wait until the last minute to submit for certification.
For over three decades, Inteserra has helped voice service providers become compliant and maintain compliance with regulatory bodies. Robocall mitigation plans were invaluable for countless companies, but now it’s time to become STIR/SHAKEN compliant.
Schedule a consultation with Inteserra today to learn more about STIR/SHAKEN compliance and how we can help.