Week ending June 19, 2026
The week’s most useful filing came from a vendor that took no position on the question everyone else is fighting about. While the Enhancing Know-Your-Customer docket filled with consumers arguing about whether originating providers should have to collect more information, Provenant filed to point out that the Commission is asking two questions it has been treating as one — what you collect at onboarding, and what shows up on the called party’s handset — and that the answer to the second is supposed to be built out of the first. And on Monday the FTC handed the whole enterprise its headline number: $3.5 billion lost to imposter scams in 2025, with bank impersonation the single most lucrative line.
Provenant draws the line from KYC onboarding to the name on the handset
The Enhancing Know-Your-Customer Requirements FNPRM (FCC 26-27, CG 17-59/02-278) drew its first call-authentication-vendor comment this week, and it is the one worth reading in full. Provenant, through Randy Warshaw, describes itself as “a telecom trust infrastructure company providing verifiable organizational identity and call authentication infrastructure” — explicitly “not a caller-reputation analytics provider,” but “the substrate through which verifiable organizational identity can be expressed, transported, and independently verified across the call path.” It takes no position on how prescriptive the KYC rules should be. It comments narrowly, and structurally.
The pivot is the Commission’s own question at FNPRM ¶17 — whether there is “a direct connection between the customer identity information originating providers would gather if we adopt enhanced KYC requirements and the caller identity information terminating providers would deliver to handsets.” Provenant’s answer: “There is. The connection is structural.” The attributes contemplated for enhanced KYC — “verified legal entity name, verified place of formation, verified physical address, verified active telephone number, and, for high-volume customers, verified commercial presence — are substantially the same attributes that constitute verified caller identity at termination. The work product of robust KYC at onboarding is, in effect, the input dataset for verified caller name and branded calling at delivery.”
The problem, as Provenant frames it, is that the work gets thrown away: “In current practice, that connection is generally lost. Verified attributes collected at onboarding are recorded in carrier-internal systems in carrier-specific formats,” and the verification “does not propagate to the terminating provider in any cryptographically verifiable form.” Its prescription is the architecture this section has been tracking docket by docket — anchor verified organizational identity to “globally recognized, durable identifiers for legal entities, operated under federated governance frameworks and already in widespread use across financial regulatory regimes” (the LEI, unmistakably), express the attributes “as cryptographically signed credentials issued under published governance frameworks, with established mechanisms for chaining, delegation, and revocation,” and “define standard ways for such credentials to be transported through telecommunications signaling.” The payoff line is the one to keep: “when an originating provider verifies a customer’s identity, that verification can be expressed in a portable cryptographic artifact that downstream providers can independently verify. Verification responsibility is not transferred.”
That is the same convergence Numeracle and iProov were circling last week — verified-once, portable, credential-borne identity as the actual answer to the robocall-KYC problem — but Provenant states the originating-to-terminating data path more cleanly than anything else in the record, and ties it directly to the parallel Call Branding FNPRM. The contrast with the rest of the comment cycle is stark. The KYC docket continued to take on individual consumer comments — a roughly 150-filing wave across the week (117 early, tapering to a dozen by Wednesday), almost entirely members of the public weighing in on “know your customer” in the lay sense. One representative 02-278 comment, from Linda Yates, captures the civilian read of the same problem Provenant is solving in infrastructure: “The majority of VoIP carriers barely require any information to sign up and start blasting people with robocalls.”
The onshoring NPRM takes a jurisdictional counterpunch
One docket over, the Improving Customer Service and Protecting Consumers Through Onshoring NPRM (FCC 26-16, CG 26-52) drew a sharp authority challenge from outside the carrier world. R1 RCM, a healthcare revenue-cycle company that says it partners with “95 of the top 100 US health systems,” filed through Diana Snow to argue the Commission is reaching past its statute. “The TCPA is a conduct-regulating statute,” R1 wrote; “it is not a grant of FCC jurisdiction over every industry in America that happens to use a telephone to conduct business.” On the merits it called the proposed thirty-percent offshore cap “arbitrary and unsupported by any record evidence demonstrating a relationship between call center geography and consumer harm,” and said the proposed “American Standard English” testing requirement “provides no objective definition of the standard, no validated testing methodology, and no evidence that accent or geography correlates with regulatory compliance.” Its through-line is preemption-by-adequacy: HIPAA, the FDCPA and CFPB Regulation F “already” cover the privacy and conduct the NPRM targets, so “a duplicative FCC ruling does not enhance consumer protection; it simply adds redundant regulations,” a point it bolsters by invoking the administration’s own EO 14219 deregulatory directive.
R1 is a single-industry objector, but it is a useful marker of where the onshoring proceeding’s opposition will come from — regulated entities that touch the TCPA without being carriers, and that read the NPRM as jurisdiction creep. Worth noting alongside it: VoApps DirectDrop Voicemail, the ringless/direct-to-voicemail provider, filed a single comment cross-listed across eight dockets (26-49, 26-52, 17-59, 02-278, 22-2, 20-67, 13-97, 07-243) — a reminder that the onshoring, KYC and numbering cycles are being read as one connected rulemaking package by the providers who have to live under all of them.
Rural carriers close ranks on Rip-and-Replace close-out costs
The supply-chain docket (WC 18-89) spent the week answering DA 26-547 (rel. June 3), the Wireline Competition Bureau’s public notice seeking comment on a set of clarification requests from Summit Ridge Group, Widelity, Pine Belt and Viaero. The narrow question — and it is narrow, but it is real money for small carriers — is whether reasonable costs incurred during the mandatory 120-day post-RRD close-out window (audit preparation, final certifications, Form 5640 support, project management) remain reimbursable under the Secure and Trusted Communications Networks Reimbursement Program, given Program FAQs that read as cutting off reimbursement once the removal-and-replacement term expires.
The trade associations arrived together. Competitive Carriers Association, the Rural Wireless Association, and WTA, through counsel including Angela Simpson, Carri Bennet, Stephen Sharbaugh and Stephen Goodman, backed the requesters and leaned on Summit Ridge’s framing that the 120-day window is “a ‘program-required phase, not a voluntary cool down.’” The close-out period, they argued, “is not a separate undertaking from the Rip-and-Replace process but rather a final phase of Program participation,” with statutory obligations — Final Certification, final spending reports, RFI responses, audit cooperation, ten-year document retention — that by definition land after the physical work is done, and that the Commission has long treated as reimbursable when reasonably incurred.
The individual carriers put numbers behind it. NfinityLink Communications, a Priority 1 participant approved for roughly $37.45 million (initially pro-rated to $14.81 million against the program’s original $1.9 billion shortfall), with an RRD deadline now of September 8, 2026, warned that a strict reading of the FAQs would bar “all post-RRD term compliance work, despite having several FCC-imposed obligations during that period,” and pointed to Pine Belt’s example that unreimbursed audit costs “could cost the company $250,000, which it explains is a significant amount for a small rural carrier.” Northern Michigan University, another Priority 1 participant working through 75 tower sites in the Upper Peninsula, described delays “due to inclement weather, limited availability of equipment and steel, extended zoning/permitting timelines,” plus an average 55-day approval time for application modifications, that make it “highly likely” its certifications and final claims will fall into the post-RRD window. Mark Twain Communications filed in support as well. The shape of the record is a soft consensus: the people who actually built the replacement networks all want the Bureau to say, in writing, that the paperwork phase Congress required them to complete is itself reimbursable.
The FTC supplies the week’s number
On Monday the FTC reported that people lost $3.5 billion to imposter scams in 2025, “with reported losses increasing nearly three times since 2020” — the most-reported fraud category, nearly one in three reports, against a record ~$16 billion in total reported fraud losses (up about 25% year over year). The composition is the part that matters for this beat: nearly $1 billion to business impersonators, “with the highest reported losses to bank impersonators,” and about $920 million to government impersonators. Christopher Mufarrige, the Bureau of Consumer Protection director, framed enforcement in terms the call-authentication world will recognize: “The FTC will use every tool available to combat one of the most pernicious forms of fraud — government and business impersonation — and to protect the integrity of the digital economy.”
The detail to file away is the coalition. The FTC’s “Never Ever” awareness campaign (June 15–26, timed to World Elder Abuse Awareness Day) names its private-sector partners as the American Bankers Association, USTelecom, Google and Microsoft — the bank-impersonation problem being attacked from the consumer-education side by exactly the institutions that, in the FCC dockets, are building the branded-calling and KYC machinery to attack it from the signaling side. Bank impersonation as the costliest scam vector is precisely the case Provenant, Numeracle and the CTIA Branded Calling ID effort keep making for verified caller identity; the FTC just priced it.
Honorable mentions
The Public Safety and Homeland Security Bureau removed “Toy Drones” from the Covered List (DA 26-588, June 15), acting on a June 12 Department of War determination and carving out a tightly drawn low-risk category — sub-150-gram, line-of-sight, no camera or connectivity, no GPS — that even a DJI Neo reportedly fails to qualify for. It is the first subtraction from the UAS additions made last December, and worth noting only because the Covered List rarely shrinks. The Wireline Competition Bureau also placed a report in the supply-chain docket (DOC-422364, WC 18-89) and issued a numbering order (DA 26-587) across the RDOF/high-cost dockets (10-90, 20-34, 19-126) — both routine, both flagged here only for the record.
Looking ahead
The June 25 Open Commission Meeting is the thing to watch: the tentative agenda was announced this week, and it is worth checking for any robocall, numbering or supply-chain item before assuming the action stays at the Bureau level. On 18-89, the close-out-cost clarification cycle is now substantially complete, so a Bureau ruling on whether post-RRD soft costs are reimbursable could come on a DA-level order at any point — the rural carriers have made the record about as clean as it gets. The KYC FNPRM and the onshoring NPRM both move toward replies, where the question is whether Provenant’s originating-to-terminating credential framing draws engagement from the carriers or whether the onshoring jurisdiction fight (R1’s “the TCPA is not a grant of jurisdiction”) becomes the organizing theme. And CSRIC X holds its first meeting on June 23, which will set the working-group agenda for the council’s term.