It’s less than two weeks until the FCC’s STIR/SHAKEN deadline on June 30. If you have any lingering doubts about the requirements, then we’ve prepared this checklist to help make sure you didn’t miss anything.
(Be warned: We are not lawyers, this is not legal advice, it’s possible we missed something.)
#1: Do you qualify for a two year extension?
If you have fewer than 100K subscribers, then you automatically qualify for a 2 year extension to the deadline for implementing STIR/SHAKEN on the IP portions of your network.
However, you’re not totally off the hook – there are some conditions, which we’ll review below.
#2: Did you implement STIR/SHAKEN for all SIP calls leaving and entering your network?
If you did NOT qualify for the extension, then you are required to do this by June 30.
If you did qualify for the two-year extension, then you’re under no obligation to implement STIR/SHAKEN yet, but it’s still a good thing, which will help reduce robocalls and improve call completion for calls from your subscribers. We’ve seen a lot of people who qualify for the extension and are in the process of implementing STIR/SHAKEN, but may not have it complete by the deadline. As long as your filing is accurate and as long as robocall mitigation is in place for unauthenticated calls, in my opinion this is absolutely fine.
(If you have implemented STIR/SHAKEN make sure you’ve thought about attestation levels for any subscribers who are able to control their own caller ID (e.g. PBXs). If you know where the call came from, but can’t vouch for the caller ID you should be setting attestation level B on those calls.)
#3: Have you developed a robocall mitigation plan?
You are required to develop a robocall mitigation plan for all calls in your network that are not covered by STIR/SHAKEN. This means that even if you implemented STIR/SHAKEN for all SIP calls, you would still need to create a robocall mitigation plan for any calls leaving your network over TDM trunks.
What does a good robocall mitigation plan look like? It must include detailed practices that can reasonably be expected to significantly reduce the origination of illegal robocalls.
If you want to see some examples of the plans filed by other carriers you can actually download their filings from the Robocall Mitigation Database.
#4: Have you submitted a filing to the FCC Robocall Mitigation Database?
It is absolutely critical that you do this before the June 30 deadline. If you do not appear in the database then after September 28, 2021 intermediate and terminating carriers will be prohibited from accepting your traffic. The FCC has provided instructions for filing here and it can all be done online.
#5: Are you working to develop a non-IP authentication solution?
I bet I caught you off guard with that one, eh?
Luckily, you are considered to be “working to develop a non-IP authentication solution” if you are part of a trade association that has a working group that is actively working on this.
So in terms of compliance with the FCC rules, as long as you’re a member of NTCA (or US Telecom, or your local state association) and as long as that organization is investigating a non-IP authentication solution, you are complying with the rules.
#6: Are you following the detailed practices you documented in your robocall mitigation plan?
It’s not enough just to file the plan, you actually have to follow it.
#7: Will you participate in industry traceback efforts if requested?
This basically means that you have to be responsive to queries and investigations led by the US Telecom Traceback Group which tries to track down robocallers. Better yet, make sure no robocalls originate from your network, and hopefully you’ll never be involved in any traceback efforts.
As long as you are able to answer YES to questions 3-7 by June 30, you’re in good shape in terms of the upcoming deadline. If you don’t have everything figured out yet, then now would be a good time to contact your regulatory consultant and agree on a robocall mitigation plan that you can file and follow before the deadline