European FI-ISAC

Back to main topic

Content

The European Financial Institutes – Information Sharing and Analysis Centre (FI-ISAC) is an independent member-driven and non-profit organisation that aims at fostering the exchange of cyber situational awareness of interest for the financial sector and thus contributing to the sector’s cybersecurity and resilience.

Financial ISAC logo

Founded in 2008, the European FI-ISAC gathers stakeholders from within both the public and private financial sector. These include, inter alia, representatives from national Computer Emergency Response Teams (CERTs) (GovCERTs) and Law Enforcement Agencies (LEAs), as well as private financial entities. Other organisations represented are ENISA, Europol, the European Central Bank (ECB), the European Payments Council (EPC) and the European Commission. 

ENISA supports the European FI-ISAC by providing the secretariat and further assistance to ensure active cooperation and information sharing among the organisation’s members.

Mission statement

The mission of the European FI-ISAC is to exchange information on ICT-related topics of interest for the European financial sector, including:

  • Vulnerabilities, cyber incidents/campaigns and case-studies;

  • Threats, risks and trends (e.g., technology developments);

  • Any other cyber-criminal activities affecting the financial community;

  • Policy initiatives and regulatory compliance.

Such information exchange is crucial to raise awareness on potentials risks, provide early warnings on threats, as well as to proactively detect and respond to cyber incidents affecting the European financial sector.

Co-operation model

Orange triangle with ‘FI-ISAC Europe’ written in the middle. Arrows connect Banks, Law Enforcement (LE), and CERTs at each corner, symbolising trusted, two-way information sharing between the financial sector, law enforcement, and cybersecurity teamsThe European FI-ISAC has developed a solid cooperation model to enable an active information sharing among its members:

  • Online meetings are held on a monthly basis;

  • Physical meetings are hosted by members twice per year, in different European cities;

  • Relevant information is continuous forwarded via the FI-ISAC list server;

  • Direct individual communication channels are established between member organisations/individuals.

Trusted relationships are the key to successful cooperation and exchange among members. For such purposes, members of the European FI-ISAC are appointed on an individual basis (i.e., non-members are not allowed to attend meetings on behalf of members), are encouraged to actively and equally contribute to the information exchange and must sign the Traffic Light Protocol (TLP) (i.e., an agreement to ensure that sensitive information is shared according to requirements defined by the source individual/organisation).

The European FI-ISAC always welcomes opportunities to expand the organisation and advance its mission. Of note, it signed a Memorandum of Understanding (MoU) with the Europol’s European Cybercrime Centre (EC3) to facilitate and enhance cooperation between the European financial community and the European law enforcement agencies. Moreover, representatives from other ISACs or sectors and academics with relevant expertise are also invited to ad hoc meetings. Diagram showing a circular flow of trust-building. Four bolded words — Trust, Value, Effort, and Reward — are arranged in a cycle inside a blue oval. Arrows connect them clockwise, with labels along the arrows: Risk (Trust → Value), Action (Value → Effort), Results (Effort → Reward), and Review (Reward → Trust).

For more information, please contact:

Chair: Filip De Cock

Vice Chair is Robert Schischka [@] fi-isac.eu

Secretariat: Jurgita Skritaite (Jurgita.Skritaite[@]enisa.europa.eu) and Sofia Signor (Sofia.Signor[@]enisa.europa.eu)