Business PBX folks really like being able to forward calls off to a cell phone while preserving the original caller's caller ID. And making that work requires allowing arbitrary spoofing. There is some work being done to append the stir/shaken signature from the original caller in a different sip header so the call can still be traced, but ultimately caller id is just too limited of a data framework to relay all the info.

If they are calling via a business caller ID then what's the problem - just treat the associated business as responsible.