I've heard from several clients that their upstream carrier told them they don't need to worry about being STIR/SHAKEN compliant because they are taking care of everything for them. THAT IS NOT CORRECT! Every phone company is required to have its own certificate/token! It doesn't matter if you're a reseller or a facilities-based carrier. Whoever bills the customer is the carrier of record and is responsible for signing the customer's calls with THEIR OWN certificate/token. While an upstream carrier can sign calls for your company, they must sign with YOUR certificate/token - not their own because they don't have a direct connection with your customer. Please understand that you're putting your network at risk when you share a token with another company because there's no way to differentiate between traffic when it's all under the same certificate/token. If your upstream carrier signs all their customer's traffic with their token, it only takes one bad customer to shut their whole network down. The only way to protect your company from other companies' mistakes is to make sure your upstream carrier is signing your calls with your certificate/token. One may not think they can get away with using someone else's certificate/token because it would be difficult to monitor the call stream for offenders. Let me just tell you the ITG can easily compare the Robocall Mitigation Database with the Approved Carriers list to locate the companies that don't have their own certificate/token. They don't need to look at traffic to determine that. Please don't play Russian roulette with your company because it's not worth losing your whole business over the cost of a certificate/token. Getting your own certificate/token can take anywhere from 2 weeks to 2 months depending on where you are in the process. From what I've heard, the FCC will start blocking traffic in August so if you haven't started the process....do so now! MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111