This is an independent educational platform. We do not provide financial advice, broker recommendations, or investment services. All content is for informational and educational purposes only.

Educational content only — not financial advice

How to Use SC's Register to Verify Any Broker — Step-by-Step

Published · Educational research

Licence verification is the foundational step in evaluating any entity offering capital market services to Malaysian residents. Official registers maintained by competent authorities provide authoritative records of authorisation status, permitted activities, and—in many cases—enforcement history. This article presents a structured, step-by-step methodology for using the SC Investment Adviser Register and CMS licensee databases, together with comparable international lookups and guidance on identifying clone firms and lodging complaints with the SC.

The procedures described are educational. They do not endorse any particular entity and do not guarantee detection of all fraudulent operations. Registers reflect information supplied by regulated entities and supervisory records at the time of query; users should verify current status immediately before any financial decision.

Part One: SC Investment Adviser Register and CMS Database

Step 1 — Access the Official Register Portal

Navigate directly to the Securities Commission Malaysia website at sc.com.my. Avoid reaching register pages through hyperlinks embedded in promotional emails or third-party websites, as these may redirect to phishing pages designed to mimic register interfaces.

The SC maintains searchable databases covering:

  • Licensed financial advisers and their appointed representatives;
  • CMS licensees including stockbrokers, fund managers, and unit trust management companies;
  • Recognised market operators and approved exchanges;
  • Public reprimands and enforcement actions against licensed entities.

Step 2 — Identify the Exact Legal Entity Name

Before searching, locate the full legal name of the entity as disclosed in its terms of service, product disclosure document, or website footer. Marketing brand names frequently differ from registered legal names. For example, a platform marketed under a short brand may be operated by a Sdn. Bhd. company with a longer formal title.

Record also any CMS licence number displayed on the website. Both name and number will be used for cross-verification.

Step 3 — Execute the Register Search

Enter the legal entity name in the SC register search field. If multiple results appear, examine each entry for matching SSM registration numbers where disclosed on the entity's website. Select the entry corresponding to the operating company rather than a parent or subsidiary unless the website explicitly states that services are provided by the parent under its licence.

  1. Open the SC register search on sc.com.my;
  2. Enter the legal entity name or CMS licence number;
  3. Review the list of matching results;
  4. Select the entry matching the entity's disclosed identifiers;
  5. Review the licence details page.

Step 4 — Verify Licence Status and Authorisations

On the licence details page, confirm the following elements:

  • Licence status: Current, suspended, revoked, or surrendered;
  • Licence number: Matches the number displayed on the entity's website;
  • Authorisations: Include the capital market products and services being offered (e.g., dealing in securities, fund management, financial planning);
  • Appointed representatives: If dealing through a representative, verify their appointment on the register.

An entity may hold a current CMS licence but lack authorisation for specific products it advertises—a form of regulatory mismatch that warrants further inquiry or avoidance.

Step 5 — Check Enforcement and Reprimand Records

Supplement the licence search by reviewing SC media releases and enforcement summaries for the entity name and for named individuals associated with the business (directors, public-facing "relationship managers"). Public reprimands or administrative penalties indicate past compliance failures even where the licence remains current.

Step 6 — Cross-Reference BNM Financial Consumer Alert List

Even with a valid register entry, check the entity and its domain against BNM's Financial Consumer Alert List. Clone firms may display copied licence numbers from unrelated authorised entities while operating from fraudulent domains.

Part Two: FCA Financial Services Register (United Kingdom)

Many platforms accessible to Malaysians cite Financial Conduct Authority (FCA) authorisation. Verification follows a parallel methodology:

  1. Access the FCA Financial Services Register (via fca.org.uk);
  2. Search by firm name and by FRN (Firm Reference Number) if displayed;
  3. Confirm the exact legal name matches the entity contracting with clients;
  4. Review "Permissions" to confirm authorised activities align with services offered;
  5. Check the FCA Warning List for unauthorised firms with similar names.

The FCA explicitly warns that clone firms copy FRNs and firm names. Always verify contact details against those listed on the register entry, not solely against the soliciting website.

Part Three: CySEC Public Register (Cyprus)

Cyprus Investment Firms (CIFs) supervised by CySEC appear on the commission's public register. Steps include:

  1. Navigate to cysec.gov.cy and access the regulated entities search;
  2. Search by company name or CySEC licence number (e.g., CIF number format);
  3. Confirm licence category permits the services described to retail clients;
  4. Review CySEC warning notices for unauthorised entities using similar branding.

CySEC authorisation does not automatically confer equivalent protections for Malaysian residents. CMS licensing requirements under CMSA 2007 apply independently to services directed at persons in Malaysia.

Part Four: BaFin Unternehmensdatenbank (Germany)

For entities claiming BaFin supervision:

  1. Access BaFin's company database (Unternehmensdatenbank) via bafin.de;
  2. Search the institution name in German and English variants;
  3. Review institution type (e.g., Wertpapierinstitut — securities institution);
  4. Consult BaFin's Warnhinweise (warnings) for unauthorised business notifications.

BaFin warnings frequently identify clone operations targeting German and international consumers simultaneously. Cross-reference any BaFin warning with SC and BNM alert lists when the entity also solicits Malaysian clients.

Part Five: Detecting Clone Firms

Clone firm fraud exploits information asymmetry by reproducing authentic regulatory identifiers in fraudulent contexts. A structured clone detection protocol includes:

Clone firm verification matrix
Check element Legitimate indicator Clone indicator
Website domain Matches register-listed domain or official corporate site Similar but non-identical domain; unusual TLD
Email contact Corporate domain email addresses Free webmail; domain mismatch
Phone number Matches register or official site Mobile-only; overseas call centre
Licence reference Register entry links to same legal entity Number belongs to different firm on register
Regulator warnings No active clone alerts Listed on FCA/SC/BNM clone warnings

When any clone indicator is present, cease communication, do not transfer funds, and report the domain to the SC, BNM, and NSRC (997). Document screenshots preserving URL bar contents, timestamps, and communication records.

Part Six: How to Complain to the SC and FMOS

If verification reveals unlicensed conduct, misleading representations, or post-transaction misconduct, consumers may lodge reports through appropriate channels. The pathway depends on the nature of the concern:

Reporting Unlicensed Operations

The SC accepts reports of businesses providing capital market services without required CMS licence authorisation. Reports may be submitted through the SC's online complaint portal on sc.com.my. Include:

  • Entity name and all known domain names;
  • Description of services offered;
  • Copies of promotional materials and communications;
  • Transaction records if funds were transferred;
  • Explanation of register search results demonstrating absence of authorisation.

Complaints About Licensed Entities

For disputes involving CMS licensees—such as alleged misleading disclosure, unsuitable advice, or fee disputes—consumers should first use the entity's internal complaints process as disclosed in its documentation. If unresolved, eligible complainants may escalate to the Financial Markets Ombudsman Service (FMOS) at fmos.org.my, which provides free dispute resolution for qualifying complaints involving direct financial losses up to RM250,000 against member firms.

FMOS was launched on 1 January 2025 through the consolidation of the Ombudsman for Financial Services (OFS) and the Securities Industry Dispute Resolution Center (SIDREC), under joint oversight of BNM and SC. FMOS membership applies to licensed financial service providers and capital market intermediaries regulated by BNM or SC.

Reporting Scams

For suspected fraud including clone firms and advance-fee schemes, also report to:

  • National Scam Response Centre (NSRC) at 997;
  • Your bank or payment provider (immediately upon suspecting fraud);
  • Royal Malaysia Police commercial crime division for cyber-enabled financial crime;
  • BNM Financial Consumer Alert List submission where applicable.

Documentation Best Practices

Effective verification and complaint processes depend on contemporaneous documentation. Maintain a due diligence file containing:

  1. Date-stamped screenshots of register search results;
  2. Archived copies of website terms, product disclosure documents, and marketing pages;
  3. Written record of verbal communications including date, time, and representative name;
  4. Payment confirmation records and bank correspondence;
  5. Copies of all reports submitted to SC, BNM, and other agencies with reference numbers received.

PDPA Considerations During Verification

When submitting complaints or disputes, you may need to provide personal data to regulators or FMOS. The Personal Data Protection Act 2010 (PDPA) governs how organisations process personal data in Malaysia. Review each recipient's privacy notice to understand data use, retention, and disclosure practices before submitting identity documents or financial records.

Limitations of Register Verification

Register verification confirms authorisation status at query time but does not assess product suitability, financial stability, execution quality, or ethical business practices. A licensed entity may still engage in conduct that breaches regulatory standards or causes consumer detriment. Comprehensive evaluation requires application of structured due diligence criteria beyond binary licence confirmation.

Verification against official registers is necessary but not sufficient. Treat register confirmation as the first gate in a multi-criteria evaluation framework, not as a terminal approval step.

Conclusion

The SC Investment Adviser Register and CMS licensee databases provide the authoritative source for confirming capital markets authorisation in Malaysia. Parallel verification on FCA, CySEC, BaFin, and SEC databases supports evaluation of cross-border claims, while clone firm detection protocols address impersonation risk. Understanding SC complaint pathways—including misconduct reporting, FMOS escalation for licensed entities, and NSRC referral for fraud—empowers consumers to contribute to public protection efforts. Integrate these verification steps with the broader analytical framework presented in our due diligence and regulatory overview articles.