FNC-RF: How to connect to the Banque de France's fraudulent bank account sharing system

The Banque de France is launching the National File of Accounts Reported for Fraud Risk (FNC-RF), a centralized database listing bank accounts (IBANs) suspected of being used for fraudulent purposes. This anti-fraud data sharing initiative, operated by the Banque de France, aims to better protect the banking system against wire transfer scams and other financial frauds.

Established by the law of November 6, 2025, the FNC-RF will go live in early May 2026. It will offer Payment Service Providers (PSPs) a new tool to fight banking fraud by detecting and sharing fraudulent IBANs, complementing other existing security mechanisms.

MISP: The Selected Platform for Fraudulent IBAN Sharing

The Banque de France relies on MISP (Malware Information Sharing Platform), an open-source platform originally designed to share cyber threat indicators. Widely adopted in the cybersecurity community, MISP is now also used in the financial sector to mutualize fraud intelligence. It allows actors to share alerts such as malicious IPs or compromised banking identifiers.

The Banque de France has adapted MISP specifically for the FNC-RF. It has deployed its own instance of MISP to centralize and redistribute alerts on fraudulent accounts. As the operator of the system, the Banque de France acts as a trusted third party, aggregating PSPs’ reports and disseminating them to all participants.

Who Can Register and How?

Participation in the FNC-RF is open to all PSPs operating in France. This includes credit institutions (banks), electronic money institutions (EMIs), and payment institutions (PIs), excluding AISP and PISP entities. These entities can register to access the system and contribute to fraud data sharing.

To register, a PSP must apply to the Banque de France using a dedicated FNC-RF onboarding form. This form is available upon request by contacting Qombo at contact@qombo.tech for guidance. Once approved, the PSP receives the credentials, certificates, documentation, and service URLs needed to connect to the platform and begin exchanging alerts.

Connection Options for the FNC-RF

Each PSP can choose from several technical connection methods depending on its profile and internal capabilities:

Option 1: Connect Your Own MISP Instance

A PSP may deploy and operate its own internal MISP instance and synchronize it with the Banque de France’s. MISP supports synchronization between distinct instances to automatically import new events (reported fraudulent IBANs) from the central server.

This setup offers full control over data within the institution’s infrastructure and allows tight integration with internal systems (anti-fraud tools, SIEM, SOC, etc.). However, it requires significant technical resources to deploy and maintain the platform, making it best suited to large banks or PSPs with existing cybersecurity expertise.

Option 2: Integrate the Banque de France’s MISP API

Instead of running a full platform, a PSP may opt to consume FNC-RF data directly via the Banque de France’s MISP API. This interface provides access to updated lists of fraudulent IBANs, allows for submitting new reports, and verifying IBANs on demand.

This approach is lighter in infrastructure terms, as it only requires building queries from the PSP's internal systems to the API. It suits organizations with development teams that can manage integration, process data, and possibly use it in real-time anti-fraud engines. However, PSPs must implement regular polling for updates (since the API does not push new data automatically) and handle storage, deduplication, and visualization internally.

Option 3: Use a Turnkey Solution Like Qombo

A third option is using a plug-and-play SaaS solution offered by a qualified vendor. For example, the Qombo platform provides a native connector to the Banque de France and acts as a centralized anti-fraud supervision platform. This type of solution offers numerous benefits: fast deployment (within days), no technical maintenance, and advanced features to leverage FNC-RF data.

Qombo delivers a full interface to verify each beneficiary IBAN in real time before execution, with enriched data feedback (account age, usage frequency, whitelist/blacklist presence, risk score, etc.). The platform also provides instant alerts via email, Slack, webhook, and more. It consolidates all inbound and outbound alerts into dashboards, offering a holistic view per IBAN and actionable insights for fraud teams and regulators.

This approach ensures regulatory compliance "by design" without requiring the PSP to develop and maintain its own infrastructure. It is particularly suitable for PSPs seeking fast, plug-and-play integration with added intelligence and auditability.

Technical Environment

The Banque de France offers two technical environments for the FNC-RF: a homologation environment (sandbox) and a production environment. The sandbox allows PSPs to test integration with fictitious data before going live. The production environment will be fully operational as of May 2026, at which point all PSPs must be connected as required by law.

Technical Limitations of MISP in a Banking Context

While MISP represents a significant advancement, PSPs should be aware of its limitations:

• No native supervision console – MISP lacks a user-friendly platform to monitor and manage fraud alerts visually.
• No push notifications or real-time updates – PSPs must implement polling mechanisms to check for updates from the central file.
• No consolidated view per IBAN – An IBAN may appear in multiple unrelated events, making historical tracking and deduplication difficult.

Final Thoughts

The rollout of the FNC-RF is a major milestone in France's fight against wire transfer fraud. Each PSP will need to choose the right connection method based on its resources and technological maturity, ensuring it can make full use of shared data to protect its customers. A well-integrated FNC-RF implementation represents an opportunity not only to comply with regulation but also to enhance fraud detection strategies across the board.