FNC-RF Compliance for PSPs: What France's Labaronne Law Requires by May 2026
France quietly introduced one of the most operationally demanding French payment fraud regulations in Europe. Under the Labaronne Law (2025-1058), all Payment Service Providers operating in France must participate in the FNC-RF — the Fichier National des Comptes bancaires signalés pour Risque de Fraude, France's centralised fraud account database managed by the Banque de France (BdF) — by May 6, 2026.
That deadline is weeks away.
What the FNC-RF Actually Requires
The FNC-RF is designed to let PSPs flag, share, and act on intelligence about fraudulent accounts in real time. PSP France fraud compliance isn't optional under this framework and it comes with three distinct obligations:
- Declaration: You must report any account you identify as involved in a fraud event to the central platform.
- Qualification: If another institution flags an account you hold, you are legally required to investigate it and provide a formal status — Confirmed Fraud or Legitimate — within the system.
- Continuous synchronisation: You must regularly sync your internal systems with the Banque de France FNC-RF database to ensure your fraud detection is always working from the latest data.
On paper, these are straightforward obligations. In practice, the implementation is anything but.
Why FNC-RF Compliance is Harder Than it Looks
The Banque de France operates the FNC-RF through the Malware Information Sharing Platform (MISP), a system originally designed for cybersecurity intelligence, not payment fraud. That means PSPs have to translate banking operations into MISP-specific data structures: Events, Sightings, Galaxy Clusters. The Banque de France MISP integration requirements are non-trivial for teams without dedicated regulatory engineering resource.
There's no push notification system. Your infrastructure must continuously poll the BdF database on a schedule or risk acting on stale data, and accessing the platform requires managing mutual TLS certificates and OAuth 2.0 token logic just to authenticate.
For most PSPs, especially those without dedicated regulatory engineering teams, this is a significant backend project delivered against a hard deadline.
What iPiD Node Does
iPiD Node offers a fully managed FNC-RF compliance module that handles the integration complexity so you don't have to. It continuously polls the Banque de France registry at high frequency, maintaining a synchronised local copy that keeps your fraud detection current. It translates MISP requirements into simple banking actions like query, declare, qualify and update, via a clean API suite. It also includes a ready-to-use GUI for manual risk checks and alert management, without requiring your team to understand MISP internals.
Security maintenance, certificate management, and authentication are all handled by iPiD. As the Banque de France updates its technical requirements over time, iPiD Node continues to comply, protecting your organisation from future maintenance overhead.
Looking Further: FNC-RF as a Building Block
The Labaronne Law PSP obligations don't exist in isolation. They reflect a broader direction in European payments regulation: shared fraud intelligence infrastructure, mandatory participation, and defined liability for non-compliance.
PSD3 currently progressing through the EU legislative process is expected to extend similar logic across the single market, requiring PSPs to participate in coordinated fraud data-sharing schemes and strengthening Verification of Payee (VoP) France obligations beyond the current VoP framework. The European Parliament and Council reached an agreement in November 2025, and the PSR/PSD3 package is expected to take effect by 2028. The European Payments Council (EPC) is proactively working on European interoperability through the FRIDA initiative, which aims to develop a central fraud-information platform.
The Labaronne Law's own architect, Deputy Daniel Labaronne, has stated publicly that the FNC-RF is designed to eventually connect to a European-level platform under PSR, making the infrastructure you build today directly relevant to what comes next.
The institutions investing in compliant, scalable fraud infrastructure now will be better positioned when those requirements arrive.
Learn how iPiD Node can support your FNC-RF compliance.
