FCC Proposes $4.5 Million Fine Against Gateway Provider For Carrying Foreign Scam Traffic From Unregistered Foreign Provider

On April 2, 2026, the Federal Communications Commission ("FCC," "Commission") released a Notice of Apparent Liability for Forfeiture ("NAL") proposing a $4.5 million forfeiture against Voxbeam Telecommunications Inc. for allegedly accepting foreign-originated traffic from Axfone, a foreign provider that was not listed in the FCC's Robocall Mitigation Database ("RMD"). The Commission alleges that the traffic bore U.S. North American Numbering Plan ("NANP") caller ID information and included suspected bank-impersonation robocalls spoofing numbers associated with major U.S. financial institutions. Moreover, the FCC identified that, despite apparently serving as a gateway provider, Voxbeam did not certify as such in its RMD filing.

The NAL underscores that providers accepting foreign traffic with NANP caller ID information must verify that the foreign providers are registered in the Robocall Mitigation Database before carrying that traffic onto U.S. networks.

The FCC's Allegations

According to the Commission, Voxbeam accepted and transmitted 60,873 calls from Axfone between March 31, 2025, and April 2, 2025, using more than 2,812 distinct caller IDs. The FCC states that much of this traffic appeared to spoof fraud-prevention or customer-service numbers associated with large U.S. banks, including Bank of America and Chase Bank.

The FCC further alleges that:

• Axfone was not listed in the RMD and had never been listed there.
• Voxbeam nevertheless accepted Axfone's traffic directly and transmitted it to U.S. subscribers.
• Although Voxbeam certified in the RMD that it was not a gateway provider, traceback data and call detail records allegedly showed that it served as a gateway provider for the Axfone traffic at issue.
• Voxbeam acknowledged that it had not taken steps to determine whether Axfone was listed in the RMD before accepting the traffic.
• Axfone had been a customer since 2012, but the relevant account had not placed calls between November 17, 2018 and March 31, 2025, which the FCC and Voxbeam both described as a historically dormant account.

The Commission concluded that Voxbeam apparently violated 47 C.F.R. § 64.6305(g)(2), which bars intermediate providers and voice service providers from accepting traffic directly from a foreign provider not listed in the RMD when the calls use U.S. NANP resources in the caller ID field. The FCC notes that enforcement of that rule began on April 11, 2023.

Why This NAL Matters

This NAL is important because it shows how aggressively the FCC is prepared to enforce the existing robocall mitigation rules.

The case also highlights two recurring enforcement themes.

• First, the FCC continues to focus on gateway providers as the "on ramps" to U.S. networks. Chairman Carr's statement accompanying the NAL expressly emphasized the responsibility of gateway providers to ensure they are not accepting traffic from "sketchy operators."
• Second, the FCC is signaling heightened concern with "reanimated" or dormant accounts that suddenly begin pushing large volumes of suspicious traffic. Both the press release and the NAL frame the long-inactive Axfone account as a red flag that providers should be monitoring more carefully.

Forfeiture Analysis

The forfeiture discussion is especially useful because it shows how the FCC is quantifying exposure in robocall-related enforcement matters.

• The Commission did not calculate the proposed penalty using the full universe of 60,873 calls. Instead, consistent with prior robocall enforcement practice, it applied the forfeiture to a verified subset of calls.
• The Bureau reviewed and verified 2,250 calls, confirming that each call used U.S. NANP resources in the caller ID field and was transmitted to a residential or business subscriber in the United States.
• The FCC applied a $2,500 base forfeiture per call, producing a preliminary forfeiture figure of $5,625,000.
• The Commission then applied a 20% downward adjustment because Voxbeam took prompt action and successfully blocked Axfone's traffic within 24 hours of receiving the first of the four ITG traceback requests, yielding the final proposed forfeiture of $4.5 million.
• Even so, the FCC emphasized that post-incident mitigation did not excuse the underlying violation and that "a substantial penalty" remained necessary to ensure compliance with the RMD rules.

In other words, prompt traceback response may mitigate exposure, but it is not a substitute for front-end traffic screening and RMD verification.

Key Compliance Takeaways for Providers

Providers that accept foreign-originated traffic should view this NAL as a practical compliance warning.

• Verify RMD status before traffic is accepted. If a foreign upstream provider's filing does not appear in the RMD, traffic using U.S. NANP caller ID information must not be accepted.
• Do not rely on legacy commercial relationships. The NAL specifically faults Voxbeam for not checking whether a preexisting customer had filed in the RMD, even though the relationship predated the current rule.
• Reevaluate the service provider classification in the RMD filing. The FCC looks into providers' operational role in the call path, notwithstanding any RMD certification to the contrary.
• Monitor dormant-account reactivation and traffic bursts. The press release and NAL both underscore the compliance significance of long-inactive accounts suddenly generating large volumes of traffic.
• Comply with the 24-hour traceback response obligation. Voxbeam's quick response reduced the proposed forfeiture by 20%, even though it did not eliminate liability.

The NAL's practical implication is that robocall mitigation controls should be integrated into providers' operational workflows, and a robocall mitigation plan that is simply compliant on its face is not sufficient.

Practical Steps to Consider Now

In light of the Voxbeam NAL, providers that receive or transit foreign traffic may wish to review whether their controls are sufficient in at least four areas.

1. Providers should confirm that their systems require verification that any foreign upstream provider using U.S. NANP caller ID information is listed in the RMD before traffic is accepted.
2. Providers should review whether their RMD certifications and robocall mitigation plans accurately describe their actual role in the call path.
3. Providers should consider account reactivation reviews, automated alerts for sudden call spikes, and heightened scrutiny for caller IDs associated with banks, government agencies, healthcare providers, or other trusted institutions that are common spoofing targets.
4. Providers should ensure they can respond quickly and consistently to traceback requests, with internal escalation procedures that operate within a 24-hour timeframe.

Conclusion

The Voxbeam NAL sends a clear message: the FCC expects providers to screen foreign upstream traffic for RMD compliance before that traffic reaches U.S. networks. A longstanding customer relationship, a dormant account, or prompt post hoc mitigation will not insulate a provider from exposure where the Commission concludes the provider should have blocked the traffic at the outset.

The CommLaw Group is actively assisting voice service providers, intermediate providers, and gateway providers in evaluating their robocall mitigation compliance posture, reviewing upstream traffic-screening practices, and developing practical strategies to reduce enforcement exposure arising from RMD-related obligations.

Our Robocall Mitigation Response Team is available to help companies assess potential risk areas, respond to traceback and enforcement inquiries, and strengthen internal controls going forward.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.