State the popular assumption, then complicate it. The assumption in crypto circles is that "Know Your Customer" is a financial-sector idea — something exchanges and banks do, governed by financial regulators. The document that complicates that tidy picture comes from an unexpected agency: on May 26, 2026, the Federal Communications Commission proposed a rule to enhance Know-Your-Customer requirements on phone carriers. KYC, it turns out, is not a financial concept at all. It is a general regulatory tool for tying a service to a verified identity, and watching the FCC build its own version is one of the clearest available windows into how these regimes are actually designed — including the ones crypto firms must follow.

The FCC's purpose is anti-fraud. The Commission proposes actions to fill the gap between its current KYC requirement and the more rigorous steps it believes are necessary to protect consumers from scam calls. It seeks comment on customer identification requirements for new and renewing customers; on requirements for verifying, retaining, and re-verifying customer information; on demanding more information from certain customers, such as high-volume customers; and on how these efforts complement call-branding and caller-name rules. The stated goal is to make it harder for scammers to originate illegal calls and easier to enforce against them when they do.

"The Commission also proposes to assess penalties for violations of the KYC requirement on a per call basis."— FCC Proposed Rule, Enhancing Know-Your-Customer Requirements, 91 FR 30596, source

That single sentence — penalties "on a per call basis" — is the part a crypto compliance officer should tape to the wall, and here is the contrarian read on why. The headline version of any KYC rule is "verify your customers." The version that actually changes behavior is how non-compliance is priced. A flat fine for a KYC failure is a cost of doing business; a per-unit penalty multiplies with volume and turns a sloppy verification process into an existential liability. The FCC is proposing to count each illegal call as its own violation. The structural analogy in crypto is exact: a per-transaction or per-account penalty regime would hit a high-volume exchange far harder than a flat fine ever could. How regulators price a KYC failure is more predictive of compliance investment than how loudly they describe the requirement.

Steelman, then the gap

Steelman the design first, because it is genuinely smart. The FCC's framework has three features worth borrowing as a mental model: a verification regime (identify customers at onboarding and renewal), a maintenance regime (retain and re-verify information over time, not just once), and a risk-tiering regime (demand more from high-volume customers, who present elevated abuse risk). That is a mature KYC architecture. The re-verification piece in particular is something many systems skimp on — verifying once at signup and never again, even as accounts change hands or behavior shifts. The FCC explicitly contemplating periodic re-verification is a quiet acknowledgment that identity is not a one-time checkbox but a state that decays.

Now the gap, in keeping with checking claims against the document. A proposed rule that seeks comment on identification, verification, re-verification, high-volume scrutiny, and per-call penalties has not actually set any of those standards. It has asked questions. The hardest parts — what counts as adequate verification, how often re-verification must occur, what threshold defines a "high-volume" customer, and how the per-call penalty is calculated and capped — are precisely the parts left open. The same trap exists across every KYC regime, crypto included: "we require KYC" is a slogan; "here is the specific evidence of identity we require, how we re-check it, and what each failure costs" is a rule. The distance between those two is where compliance theater and real compliance diverge.

Why a phone rule earns a place on a crypto beat

Because the architecture transfers. Crypto exchanges, custodians, and now GENIUS Act stablecoin issuers all live under KYC obligations enforced through their financial regulators, and those obligations are converging on the same three pillars the FCC is proposing: verify, re-verify, and scrutinize the high-volume edge cases. Reading a non-financial agency design KYC from a blank sheet strips away the crypto-specific noise and exposes the underlying logic — the logic that the FDIC's stablecoin AML proposal and exchange anti-fraud rules are also instances of. The lesson is portable.

There is a deeper point about why KYC keeps showing up in places that look unrelated, and it is worth making explicitly. KYC is, at bottom, a response to a single recurring problem: a service that can be used anonymously, at scale, will be abused at scale. Phone networks face it through robocall fraud; financial systems face it through money laundering and sanctions evasion; crypto faces it through both. The regulatory answer is structurally identical across all three — tie the service to a verified identity, re-verify over time, and scrutinize the high-volume users who do the most damage when they turn out to be bad actors. What differs is only the substrate. That is why a phone-network KYC proposal is a legitimate teaching text for crypto: it shows the pattern in a setting stripped of crypto's ideological baggage about pseudonymity and self-custody. The uncomfortable implication for crypto maximalists is that the same anonymity that the technology was partly built to enable is precisely what triggers the KYC reflex in every regulator who touches it. The FCC proposal is one more data point that the reflex is general, not crypto-specific.

The honest bottom line is two-sided. The FCC's proposal is a sophisticated, fraud-focused KYC design whose per-call penalty structure is a genuinely sharp enforcement lever — and it is also, at this stage, a set of questions rather than answers, with the load-bearing specifics still open for comment. I'd love to say any KYC headline means identity fraud is solved; the document says the regulator is still deciding the parts that matter. For crypto readers, treat this as a teaching text: when your own regulator's KYC rule lands, read past the requirement to the verification specifics and the penalty math. That is where you find out whether a KYC rule has teeth or just a tagline.