How to Use the FCA Register to Verify Any Firm — Step-by-Step

Register verification is among the most effective due diligence steps when evaluating a financial services provider. Unlike website quality or sales representative persuasiveness, a register check provides authoritative binary data — whether declared activities are authorised or not. This guide explains a step-by-step educational methodology centred on the FCA Register, supplemented by Warning List screening, clone detection, and brief overviews of CySEC and BaFin registers for cross-border cases.

These procedures are for education only. They do not replace legal or financial advice. UK consumers evaluating any provider should treat register verification as a mandatory precondition before transferring funds.

Before You Begin: Information to Collect

Before accessing any register, gather the following from the firm's website legal notices, terms of business, and written communications — not from verbal assurances alone.

• Legal entity name — the full registered company name, not the marketing brand;
• Reference numbers — Firm Reference Number (FRN) for FCA-authorised entities, plus any company registration number;
• Registered address — as stated in legal disclosures;
• Claimed regulator — specific authority and permission type cited;
• Website domain — the exact URL you are asked to use.

Discrepancies between these data points and register entries are significant findings even before verification is complete.

Step 1: Access the FCA Financial Services Register

The Financial Services Register is the FCA's public database of authorised firms, individuals, and appointed representatives.

1. Navigate directly to register.fca.org.uk — avoid search engine advert links;
2. Select "Financial Services Register" search;
3. Enter the legal entity name from the website footer or contract — not the trading name alone;
4. If no results appear, retry with spelling variations, parent company names, and partial matches;
5. Open each relevant entry and review status, permissions, and registered address.

Positive match criteria: entity name, FRN, and address correspond to disclosures; the service offered (execution, advice, arranging) appears under permissions; status is "Authorised" or equivalent active state.

Negative findings: no matching entry, or matched entity details materially differ from marketing materials — treat as a stop condition pending written clarification.

Step 2: Read Permission Scope in Detail

FCA authorisation is not a blanket "all activities permitted" licence. The Register lists specific regulated activities and investment types. Verify:

• Whether dealing in investments as principal or agent covers the products offered;
• Whether advising on investments permission exists if personal recommendations are provided;
• Whether the contacting entity is an appointed representative of a principal firm — and whether that principal holds relevant permissions;
• Whether authorisation has been suspended, cancelled, or is subject to conditions.

A payment services authorisation alone, for example, does not permit investment advice. Permission scope must align with the actual service model.

Step 3: Screen the FCA Warning List

Register confirmation alone is insufficient. Parallel warning screening is essential.

1. Open the FCA Warning List;
2. Search for the legal entity name, domain, and trading names;
3. Review clone firm warnings for domains mimicking the authorised entity you matched on the Register;
4. Save dated screenshots of any matches for your records.

In clone scenarios, the Register may show a legitimate authorised firm while the URL you are using belongs to a separate fraudulent operation citing the same FRN. Always verify that the domain, entity name, and FRN belong to the same operational unit contacting you.

Step 4: Clone Firm Detection Protocol

Supplement register searches with these additional checks:

• Check WHOIS domain registration date against claimed operating history
• Confirm contact email domains match the official domain on the Register
• Call phone numbers listed on the Register — not numbers supplied by sales staff
• Search clone warnings for the domain on fca.org.uk
• Verify contract counterparty name matches the Register legal entity exactly

Clone operators exploit the gap between brand recognition and domain-level scrutiny. This protocol closes that gap.

Step 5: CySEC Register (Cyprus-Authorised Firms) — Brief Overview

Firms claiming Cyprus Securities and Exchange Commission (CySEC) authorisation as a home-state regulator under EU MiFID rules should be verified on the CySEC investment firms register at cysec.gov.cy.

1. Search by entity name or authorisation number;
2. Confirm status is "Authorised" and category is CIF (Cyprus Investment Firm);
3. Compare listed website domain, if provided, with the URL offered to you;
4. Check CySEC public warnings for related entries.

EU passport rights allowing service to UK retail clients changed after Brexit. CySEC authorisation alone does not substitute for FCA permissions when a firm actively targets UK consumers without appropriate UK authorisation.

Step 6: BaFin Database (Germany-Authorised Firms) — Brief Overview

For entities claiming German authorisation, consult the BaFin company database (Unternehmensdatenbank) via bafin.de.

1. Search by institution name;
2. Confirm institution type (e.g., Wertpapierinstitut — securities institution);
3. Verify registered office alignment;
4. Cross-check BaFin enforcement publications.

German authorisation permits activity within defined EU passporting rules for EEA clients but does not automatically authorise unsolicited UK retail solicitation post-Brexit.

Step 7: ASIC Register — Comparative Reference

UK consumers may encounter firms emphasising Australian Securities and Investments Commission (ASIC) licensing. For comparative verification, search ASIC Professional Registers at asic.gov.au and ASIC investor alerts. ASIC authorisation is relevant to Australian regulatory perimeter — not a substitute for FCA authorisation when serving UK retail clients.

Step 8: Document Your Findings

Maintain a verification dossier containing:

• Timestamped register screenshots;
• URLs accessed and search terms used;
• Notes on any discrepancies;
• Warning List and clone screening results;
• Written correspondence regarding regulatory status.

This documentation supports complaint submission to the FOS, Action Fraud, or the FCA if issues arise later.

Step 9: Classify Your Verification Outcome

• Verified: positive Register match, no Warning List entry, no clone indicators, consistent entity data — proceed only to contractual and product-level due diligence;
• Inconclusive: partial match or unexplained discrepancy — request written clarification and withhold funds until resolved;
• Failed: no Register match, Warning List entry, or confirmed clone — cease engagement and consider reporting via fca.org.uk.

Common Verification Errors

Error	Consequence	Correct Approach
Searching by trading name only	Missing the Register legal entity	Use the name from contracts and legal notices
Trusting representative screenshots	Accepting fabricated register images	Access register.fca.org.uk independently
Checking FRN without entity name	Clone misusing another firm's number	Verify number, name, and address together
Skipping Warning List screening	Missing flagged entities	Always screen both Register and Warning List
Assuming EU flag equals FCA protection	Offshore firms exploiting EU imagery	Verify specific passport or FCA permissions

Reporting Concerns

If verification reveals an unauthorised operator or you have suffered harm, report via the FCA's consumer channels at fca.org.uk, contact Action Fraud, and consult MoneyHelper for guidance. Consumer reports contribute to enforcement prioritisation even when individual fund recovery is uncertain.

Conclusion

Register verification transforms abstract regulatory concepts into actionable consumer practice. The FCA Register, Warning List, clone detection protocol, and supplementary CySEC or BaFin checks form a multi-layered habit requiring no specialised expertise — only methodical attention and the discipline to withhold funds until verification is complete. Integrate this process with our 15-criteria due diligence framework and regulatory overview for comprehensive provider evaluation.