This is an independent educational platform. We do not provide financial advice, broker recommendations, or investment services. All content is for informational and educational purposes only.

Educational content only — not financial advice

The Complete Due Diligence Framework: 15 Criteria for Broker Evaluation

Published · Educational research

Evaluating a financial services provider requires more than confirming that a website appears professional or that promotional materials cite regulatory authorisation. Structured due diligence applies consistent analytical criteria across entities, reducing reliance on marketing narratives and facilitating documented comparison. This article presents fifteen criteria derived from SC guidelines, CMSA 2007 requirements, and consumer protection principles applicable to the Malaysian context.

The framework is educational. It does not rank, recommend, or endorse any broker or platform. Learners may adapt these criteria to their own research processes and document findings systematically before engaging with any financial services entity.

Framework Overview

The fifteen criteria are organised into four domains: regulatory standing, operational transparency, financial and transactional structure, and consumer protection infrastructure. Each criterion includes a definition, evaluation questions, and indicators of adequate versus deficient disclosure.

Domain A: Regulatory Standing

Criterion 1 — CMS Licence Status and Authorisation Scope

Verify that the entity holds a current Capital Markets Services licence with authorisations covering the specific products and services offered. A licence to provide financial planning does not authorise dealing in derivatives unless explicitly listed in licence conditions.

  • Evaluation questions: Does the legal entity name match the SC Investment Adviser Register or CMS database? Do authorisations include relevant product classes?
  • Adequate indicator: Current CMS licence with matching authorisations published on register and website.
  • Deficient indicator: No register entry, suspended licence, or authorisation mismatch.

Criterion 2 — Cross-Jurisdictional Licence Verification

Where overseas authorisation is claimed (FCA, CySEC, BaFin, SEC, etc.), independently verify the reference on the relevant official register. Confirm the legal entity name matches across jurisdictions.

  • Evaluation questions: Is the overseas licence held by the same corporate group entity contracting with clients?
  • Adequate indicator: Verifiable register entry with consistent entity naming.
  • Deficient indicator: Licence number belongs to unrelated entity; no overseas register entry.

Criterion 3 — Regulatory Warning and Enforcement History

Search SC media releases, the BNM Financial Consumer Alert List, and equivalent international warning databases for the entity, its domains, and key individuals.

  • Evaluation questions: Has the entity or related domain appeared on public warning lists?
  • Adequate indicator: No relevant warnings; clean enforcement record for material breaches.
  • Deficient indicator: Active warnings, recent enforcement actions, or clone firm alerts.

Domain B: Operational Transparency

Criterion 4 — Legal Entity Identification

The provider must disclose its full legal name, SSM registration number, registered office address, and contact details in its disclosure documents or equivalent materials.

  • Evaluation questions: Can the entity be located in SSM corporate records? Is ownership structure disclosed?
  • Adequate indicator: Complete legal identification matching register records.
  • Deficient indicator: Vague "About Us" content; undisclosed corporate structure.

Criterion 5 — Product Disclosure Documentation

Regulated retail products require disclosure documents presenting material risks, costs, and features in plain language consistent with SC guidelines.

  • Evaluation questions: Is a current disclosure document available before application? Does it describe risks specific to the product class?
  • Adequate indicator: Accessible, dated disclosure with comprehensive risk information.
  • Deficient indicator: No disclosure document; outdated materials; generic risk language only.

Criterion 6 — Execution Policy and Conflict Disclosure

Entities dealing on own account or routing orders through affiliated liquidity providers must disclose execution arrangements and material conflicts of interest.

  • Evaluation questions: Does the provider act as agent or principal? Are conflicts identified and managed per CMSA 2007 standards?
  • Adequate indicator: Published execution policy; conflict management framework disclosed.
  • Deficient indicator: No execution disclosure; undisclosed proprietary trading against client flow.

Criterion 7 — Platform and Technology Governance

Assess whether the trading or client portal operates with stated uptime commitments, security certifications, and two-factor authentication options. Operational resilience affects access to funds and order management during market events.

  • Evaluation questions: What security controls protect account access? Is there documented disaster recovery?
  • Adequate indicator: Multi-factor authentication; published system status page; encryption standards described.
  • Deficient indicator: No security documentation; history of unexplained platform unavailability.

Domain C: Financial and Transactional Structure

Criterion 8 — Fee, Spread, and Commission Transparency

All costs affecting client outcomes—spreads, commissions, overnight financing, currency conversion, inactivity fees, withdrawal charges—should be disclosed in a consolidated schedule before account opening.

  • Evaluation questions: Can total transaction costs be calculated from published schedules?
  • Adequate indicator: Comprehensive fee schedule with worked examples.
  • Deficient indicator: Hidden fees discovered post-transaction; vague "competitive pricing" claims without data.

Criterion 9 — Client Money and Asset Segregation

CMS licensees holding client assets must comply with CMSA 2007 client asset provisions, maintaining segregated accounts with approved institutions unless an exemption applies.

  • Evaluation questions: Are client funds held in segregated accounts? What happens to client assets in insolvency?
  • Adequate indicator: Explicit segregation policy; named custodian or trust account structure.
  • Deficient indicator: Commingling with corporate funds; no client asset policy disclosed.

Criterion 10 — Deposit and Withdrawal Procedures

Legitimate entities publish clear deposit methods, processing timeframes, and withdrawal policies. Withdrawal pathways should not impose undisclosed conditional fees or arbitrary minimum thresholds inconsistent with initial disclosure.

  • Evaluation questions: Are withdrawal timeframes stated? Are there documented reasons for withdrawal delays?
  • Adequate indicator: Published withdrawal policy; processing timelines; no third-party personal account deposits.
  • Deficient indicator: Withdrawal requests trigger escalating fee demands; deposits to personal wallets.

Criterion 11 — Financial Stability Indicators

While private companies may not publish full accounts, group-level financial reporting, regulatory capital adequacy disclosures, and credit ratings (where available) provide indicators of operational continuity capacity.

  • Evaluation questions: Is the operator part of a listed group with audited financial statements? Does the SC publish capital metrics?
  • Adequate indicator: Audited accounts or regulatory capital disclosures available.
  • Deficient indicator: No financial transparency; frequent ownership changes without explanation.

Domain D: Consumer Protection Infrastructure

Criterion 12 — FMOS Membership

CMS licensees and BNM-regulated financial service providers serving retail clients should be members of the Financial Markets Ombudsman Service (FMOS), which provides free dispute resolution for qualifying complaints.

  • Evaluation questions: Is FMOS membership confirmed on fmos.org.my? Is membership disclosed in client documentation?
  • Adequate indicator: Current FMOS membership for retail-facing licensed entity.
  • Deficient indicator: No FMOS membership for retail-facing licensed entity; false FMOS claims.

Criterion 13 — Internal Complaints Handling

Disclosure documents must describe the internal complaints process, including contact points, expected timeframes, and escalation pathways to FMOS.

  • Evaluation questions: Is the complaints process documented? Are response timeframes specified?
  • Adequate indicator: Published complaints policy with defined timeframes.
  • Deficient indicator: No complaints contact; unresponsive support channels.

Criterion 14 — Privacy and Data Handling (PDPA)

Providers collect significant personal and financial data. Privacy policies should comply with the Personal Data Protection Act 2010 (PDPA), specifying data retention, cross-border transfer, and breach notification practices.

  • Evaluation questions: Where is data stored? Is it shared with third parties? Does the policy reference PDPA principles?
  • Adequate indicator: Comprehensive privacy policy aligned with Malaysian law.
  • Deficient indicator: Absent privacy policy; unrestricted data sharing clauses.

Criterion 15 — Marketing Conduct and Promotional Compliance

SC guidelines restrict misleading or deceptive promotional conduct. Marketing should not guarantee outcomes, understate risks, or use inappropriate comparison benchmarks.

  • Evaluation questions: Do promotions include balanced risk warnings? Are performance representations substantiated?
  • Adequate indicator: Promotions include required warnings; no unrealistic return representations.
  • Deficient indicator: Aggressive unsolicited marketing; guaranteed return language; absent risk warnings.

Comparison Table: Fifteen-Criteria Evaluation Matrix

The following table provides a structured template for documenting due diligence findings across two or more entities under review. Replace "Entity A" and "Entity B" with the legal names of providers being evaluated. Use categorical ratings: Verified, Partial, Not verified, or Deficient.

Fifteen-criteria comparison matrix (educational template)
# Criterion Entity A Entity B Evidence source
1 CMS licence and authorisations SC Investment Adviser Register
2 Cross-jurisdictional licences FCA / CySEC / BaFin registers
3 Warning and enforcement history BNM alert list; SC media releases
4 Legal entity identification Disclosure docs; SSM registry
5 Product disclosure documentation Product information sheets
6 Execution policy and conflicts Disclosure documents; website
7 Platform and technology governance Security policy; status page
8 Fee and cost transparency Published fee schedule
9 Client asset segregation Disclosure docs; trust account policy
10 Deposit and withdrawal procedures Account terms; user reports
11 Financial stability indicators Audited accounts; regulatory filings
12 FMOS membership fmos.org.my member search
13 Internal complaints handling Complaints policy section
14 Privacy and data handling (PDPA) Privacy policy
15 Marketing conduct compliance Marketing materials review

Applying the Framework: A Structured Workflow

Implement the framework through a sequential workflow to maintain analytical consistency:

  1. Intake: Record the entity's legal name, domain, claimed licence numbers, and products offered.
  2. Regulatory gate (Criteria 1–3): If licence verification fails or active warnings exist, document findings and terminate evaluation unless further inquiry is warranted for academic purposes.
  3. Documentation review (Criteria 4–6): Collect and analyse disclosure documents and execution policies.
  4. Financial structure review (Criteria 8–11): Map cost structures and client asset arrangements.
  5. Protection infrastructure (Criteria 12–15): Confirm FMOS access, complaints handling, PDPA compliance, and marketing standards.
  6. Synthesis: Complete the comparison matrix; identify material deficiencies requiring further investigation.
  7. Documentation archival: Preserve dated evidence supporting each rating assigned.

Interrelationship With Complementary Resources

This framework integrates with procedural guidance in our article on SC register verification, regulatory context in our financial regulation overview, fraud pattern recognition in our scam anatomy checklist, and documented case studies in our SC flagged entities analysis. Together, these resources support a comprehensive self-directed learning pathway.

Due diligence is an ongoing process, not a one-time event. Regulatory status, corporate ownership, and product terms may change. Periodic re-evaluation against these fifteen criteria maintains current awareness.

Limitations and Scope

This framework does not assess product suitability for individual financial circumstances—a task requiring personalised advice from a qualified professional. It does not predict financial performance or guarantee prevention of loss. Criteria weighting may vary based on the product class under review; for example, client asset segregation assumes greater salience for leveraged derivative accounts than for execution-only equity brokerage.

Official guidance from SC and consumer resources on BNM should be consulted for regulatory updates affecting evaluation standards.

Conclusion

Structured due diligence applying fifteen criteria across regulatory standing, operational transparency, financial structure, and consumer protection infrastructure enables systematic comparison of financial services providers. The comparison matrix template supports documented, evidence-based evaluation without reliance on promotional claims. Used as part of a broader educational research process, this framework equips self-directed learners with analytical tools consistent with Malaysian regulatory expectations under CMSA 2007 and consumer protection principles.