CP legislation KYC

Overview: Guidance for our CP (Communication Provider) partners relating to OfCom legislation on KYC (Known Your Customer). Some of this legislation may also apply to business managers who provide mobile phone services to their employees and temporary agents. Please see attached OfCom guide also available here: https://www.ofcom.org.uk/siteassets/resources/documents/consultations/category-2-6-weeks/232890-good-practice-guide-on-sub-allocated-and-assigned-numbers/associated-documents/annex2-good-practice-guide.pdf?v=328768

For each mobile number provided to a customer you are required to keep the following data, and proof of your dates & methods of collection, in accordance with the ICO data policies - https://ico.org.uk

Type of customer: Business || Residential (consumer)

Residential (consumer) customers:

• Country and full address of main residence: 
• Proof of address:
  • Utility bill
  • Tax notice
  • Rental contact or invoice
  • Property title deed
• Photographic proof of ID:
  • Driving license
  • Passport
• Verified email address:
  • A reply to a code (or message) sent to the email address is sufficient to validate
• Intended use of service:
  • Main UK mobile service
    • If unable to commit to a 12-month contract please provide a brief reason why
  • Temporary travel
  • Emergency phone service whilst main service is being repaired/restored
    • In this case please provide the full number of main mobile service in E.164 format ("+", country code, number)

Business customers:

• Proof of address:
  • Utility bill
  • Tax notice
  • Rental contact or invoice
  • Property title deed
• Proof of business name:
  • UK company number
  • HMRC letter confirming self-employment
  • Charity Commission number
  • Foreign excerpt from official commercial register
    • Link to official Registration Authority
• Named authorised manager
  • Verified mobile number:
    • An SMS code sent to the number is sufficient to validate; this could be a new mobile number you provided. A Microsoft account with MFA is also proof of validation.
  • Verified email address:
    • A reply to a code (or message) sent to the email address is sufficient to validate
• Email from authorised manager accepting responsibility for staff/agents communications:
  • "I accept the responsibility to manage individual staff/agents use of mobile phone communications (calls, SMS, internet & social media) in line with the UK Communications Act (https://www.legislation.gov.uk/ukpga/2003/21/contents) to avoid misuse including but not limited to: hate, harassment, criminal and illegal activity, doxing and privacy violations, inappropriate communications with minors, unsolicited calls/messages, impersonation, racism/discrimination, threats and political activism. I will document how staff/agents are informed of the above legitimate business use policy, and monitor compliance. I understand that my contact details may be shared with law enforcement officers as the primary contact in the unlikely event of any investigations."

If any legitimate business or consumer has objections to the above data being responsibly collected, regrettably it would not be possible to provide services.