The alarming increase of fraudulent calls and scam text messages have propelled regulatory authorities worldwide to tighten Know Your Customer (KYC) requirements for telecommunications providers to curb fraudulent activities and enhance consumer protection.
Global Regulatory Responses to Combat Fraud
For instance, in the United States, the Federal Communications Commission (FCC) took significant enforcement action against a company that transmitted a deep fake robocall mimicking former President Joe Biden’s voice, resulting in a USD 1 million settlement. This incident underscored the need for robust KYC and caller ID authentication processes, prompting the FCC to reinforce its requirements for telecommunications operators to implement stricter verification mechanisms.
In the European Union (EU), despite the absence of harmonised KYC requirements at Union level, Member States have taken measures through national legislation to reinforce KYC obligations for telecommunications providers, aligning with broader digital security and anti-fraud initiatives. Additionally, the EU’s General Data Protection Regulation (GDPR) influences KYC procedures by requiring service providers to safeguard personal data, while ensuring customer verification practices comply with privacy regulations. The European Telecommunications Standards Institute (ETSI) has also contributed by developing frameworks for identity verification and fraud prevention.
While all these measures are motivated by the need to protect citizens from fraudulent actions, they do not come without a cost and, most importantly, do not replace other actions that are equally needed to fight against fraud, such as customer literacy and education regarding fake calls, awards, and benefits. A recurrent challenge in policy making and regulatory design is balancing regulatory costs with the need to impose requirements aimed at customer protection. The rules around end-user authentication and KYC are a classic example of this disjunctive.
Balancing Security, Compliance, and Customer Experience
Implementing stringent authentication mechanisms for both individual and enterprise customers could prevent unauthorised access and fraudulent activities. Additionally, deploying AI-driven monitoring tools could support the detection of suspicious activity and prevent fraudulent communications.
However, deploying robust KYC mechanisms will require significant investment in technology, personnel, and training – an increase in operational costs that could strain smaller telecom operators. Likewise, compiling and storing more personal data for identity verification means facing more data protection regulations, especially when handling biometric or sensitive personal data, which are subject to stricter requirements. Furthermore, stringent verification processes can slow down customer acquisition, potentially impacting business growth and customer experience.
The Evolving Nature of Fraud and the Importance of Adaptability
Notably, fraudsters continuously adapt to new security measures, requiring telecommunications companies and regulatory authorities to update their fraud detection strategies and KYC protocols constantly. This underscores the need to identify other public policy actions, such as customer literacy around measures to be taken against fraud and security steps that can be taken in daily activities to protect people from scams.
Overall, addressing implementation challenges will require a strategic approach that balances security, compliance, and customer experience.
Access Partnership helps companies navigate the complexities of telecommunications regulations through expert analysis and strategic guidance. We work with policymakers and businesses to shape policy and regulatory frameworks, helping clients understand how to adapt to evolving requirements. To find out more about how our Regulatory Strategy & Market Access experts can help you, please contact Chrystel Erotokritou [email protected] and Juliana Ramirez juliana.ramirez@accesspartnership.
