How to Verify a Forex Broker Is Legit: The Regulatory Due-Diligence Checklist

Most “is this broker a scam” content answers the wrong question. It rates the brand, looks at the badges on the homepage, reads a few reviews, and delivers a verdict on a marketing name. A desk does not work that way, because the marketing name is not what holds your money. The licensed legal entity is, and a single brand routinely operates several entities under very different regulators. This guide is the actual due-diligence process: identify the entity behind the brand, find its licence number, verify that number on the regulator’s own public register, confirm the permissions cover what you want to do, and check the warning lists. It ends with a numbered checklist you can run on any broker in about fifteen minutes.

The core idea to hold throughout: a broker is exactly as regulated as the specific entity that opens your account, and that is frequently not the Tier-1 one the website is built to imply.

By Ken Chigbo, Founder, KenMacro. 18-plus years in markets, London trading floor and institutional FX. This is the counterparty-risk screen the desk runs before capital touches any venue, inside the MACRO MASTERY desk.

Step one: separate the brand from the legal entity

The brand is the website, the logo, and the licence numbers in the footer. The legal entity is the company that your client agreement is actually with and that custodies your funds. Large broker groups run more than one. A typical structure is a UK entity under the FCA, an EU entity under a regulator such as CySEC in Cyprus, an Australian entity under ASIC, and a separate offshore entity registered somewhere with light oversight that onboards most international clients.

That offshore entity exists for a commercial reason: it can offer higher leverage, lighter onboarding and fewer client protections than the Tier-1 entities can. The homepage displays the impressive FCA or ASIC licence. The account-opening flow and the client agreement disclose the entity that is actually opening your account, and for a large share of clients outside the broker’s home market that is the offshore one. So the first task is not to look up a licence. It is to find, in the terms of business, the legal name of the entity you specifically will be a client of. Everything after this step is verification of that name, not the brand.

Step two: find the licence number the entity claims

Once you have the legal entity name, find the regulatory reference it claims for that entity. It is usually a firm reference number or licence number stated next to the entity name in the footer, the legal page, or the regulatory section of the terms. Note which regulator it names and the exact number. Do not accept “regulated by the FCA” with no number. A real licensed firm always has a specific, lookup-able reference, and a broker that will not give you one for the entity opening your account has answered the question already.

Step three: verify on the regulator’s own public register

This is the step that the brand-rating sites skip and the step that actually settles it. Go directly to the regulator’s own register, by typing the regulator’s address yourself, not by clicking a link the broker provided. The major public registers are free to search:

• United Kingdom, FCA: the Financial Services Register. Search the firm name or reference number.
• Australia, ASIC: ASIC Connect Professional Registers, the Australian financial services licensee record.
• Cyprus, CySEC: the CySEC public register of regulated entities, which covers a large share of EU-facing brokers.
• South Africa, FSCA: the FSCA register of authorised financial services providers.
• Switzerland, FINMA: the FINMA authorised institutions and licensee lists.

On the register entry, confirm three things, not one. First, that the legal entity from the client agreement actually appears, with the name matching exactly, not just the brand. Second, that the authorisation is current and active, not lapsed, withdrawn or restricted. Third, that the contact details on the official register match what the broker gave you, because a mismatch is how clone firms are caught.

Step four: check the permissions actually cover retail FX and CFDs

A firm can be genuinely on the register and still not be authorised for what you intend to do. The register entry lists the regulated activities the entity is permitted to carry on. Confirm those permissions cover dealing in or arranging deals in the relevant instruments for retail clients, which for this purpose means contracts for difference and rolling spot forex. Some entities are authorised only for a narrower activity, for introducing or for professional clients only, and a marketing site will still wave the word “regulated” over that. Authorised is not a yes or no. It is a scope question, and the scope is on the register entry in plain language.

Step five: check the warning and scam-alert lists

Every serious regulator publishes lists of firms it has warned about: unauthorised firms operating without permission, and clone firms impersonating genuine licensees. Search the brand name and the entity name against the relevant regulator’s warning list and, where it exists, the international scam-alert databases regulators contribute to. A name on a warning list is decisive. The clone-firm case is the dangerous one: the scam reuses a real firm’s name and number, so the genuine register entry looks fine until you compare the contact details. If the website, phone or email the broker gave you does not match the official register record exactly, you are dealing with the clone, not the licensee.

Step six: client money, negative balance protection, and the compensation scheme

Regulation is only as good as the specific protections that attach to your entity. Three matter most.

Segregation of client money. Reputable frameworks require client funds to be held in accounts separate from the firm’s own operating money, so that client balances are not the firm’s working capital. Confirm the entity is subject to a client-money segregation rule, not just that the brand says “your funds are safe”.

Negative balance protection. In the UK and EU retail framework, brokers must ensure a retail client cannot lose more than the funds in the trading account, so a gap move cannot leave you owing the broker. This is a statutory retail protection in those jurisdictions; an offshore entity of the same brand may not provide it.

The compensation scheme. If the licensed firm itself fails, a statutory scheme can compensate eligible clients. In the UK the Financial Services Compensation Scheme covers eligible investment claims up to 85,000 pounds per person per firm. In Cyprus the Investor Compensation Fund covers eligible claims up to 20,000 euros. These attach to the specific licensed entity. If your account is with the offshore entity of the same brand, a Tier-1 compensation scheme typically does not apply to it at all, which is the single most important consequence of the entity-shopping reality.

The red-flag list a desk reacts to immediately

Any one of these is enough to stop the process.

• Guaranteed-returns language. Risk-free, guaranteed profit, managed signals with promised returns. No legitimate regulated broker promises returns. This alone disqualifies.
• Offshore-only registration. The entity is registered only in a light-touch jurisdiction with no Tier-1 licence held anywhere by the entity opening your account.
• Register mismatch or warning-list hit. Contact details that do not match the official register, or the name on a regulator warning or clone-firm list.
• Leverage far above the regulated caps. The UK and EU retail cap on major currency pairs is 30 to 1, and lower on other assets. Advertised leverage well beyond that signals an offshore entity, not generosity.
• Withdrawal friction. Deposits are instant; problems appear at the exit. New conditions, delays, “verification” loops or a request to deposit more before you can withdraw are the most reliable late-stage tell of a scam.
• Pressure and unsolicited contact. Urgency to deposit, bonuses tied to trading volume, and especially unsolicited “recovery” offers after a prior loss.

The honest reality of entity shopping

The uncomfortable part is that this is not a fringe-scam problem. Many well-known, genuinely Tier-1-licensed brands operate exactly this way by design. The same brand is FCA or ASIC regulated for clients in its home market and routes a large share of international clients to an offshore entity with higher leverage and weaker statutory protection. Nothing about that is necessarily illegal. The point is that “Broker X is regulated” is a meaningless sentence. The only question that matters is which of Broker X’s entities is opening your specific account, under which regulator, with which compensation scheme. Two clients of the same brand can have completely different protection regimes, and most never check which one they are in.

The fifteen-minute verification checklist

Run this on any broker, in order. Stop at the first hard failure.

• 1. Open the client agreement or terms of business and write down the exact legal entity name your account will be with, not the brand.
• 2. Find the regulator that entity names and its exact licence or firm reference number. No number, stop.
• 3. Go directly to that regulator’s own public register by typing the address yourself. Search the number.
• 4. Confirm the entity name on the register matches the client-agreement entity exactly.
• 5. Confirm the authorisation is active, not lapsed, withdrawn or restricted.
• 6. Confirm the permitted activities cover retail dealing in CFDs and rolling spot forex, not a narrower scope.
• 7. Confirm the official register contact details match what the broker gave you. Any mismatch, treat as a clone.
• 8. Search the brand and entity names on the regulator’s warning and clone-firm lists. Any hit, stop.
• 9. Confirm client-money segregation, negative balance protection, and which compensation scheme covers that entity, if any.
• 10. Cross-check the advertised leverage against the regulated caps for the regime you believe you are in. A mismatch means you are not in that regime.

If a broker clears all ten, it is a properly licensed counterparty for the entity you verified. If it fails any of the first eight, the marketing does not matter. The register is the answer.

Related reading

• The free macro framework (the five-lens regime read counterparty risk feeds into)
• Why most forex traders lose money (the structural failures a clean broker does not fix)
• How to read the yield curve (one of the regime lenses the desk fixes first)
• How to plan your trading week (turning the regime into a small number of high-conviction situations)

Frequently asked questions

How do I check if a forex broker is legit?

Find the legal entity in the client agreement, not the brand on the homepage. Find the licence number that entity claims. Look it up on the regulator’s own public register (FCA Register, ASIC Connect, CySEC, FSCA, FINMA), and confirm the entity exists, the licence is active, and the permissions cover retail forex and CFD dealing. Then check the regulator’s warning and clone-firm lists for the name. A broker is only as regulated as the specific entity opening your account.

What is the difference between the broker brand and the operating entity?

The brand is the marketing name and logo. The operating entity is the licensed company your client agreement is with and that holds your money, and groups run several. A brand often has a Tier-1 UK, EU or Australian entity plus a separate offshore entity that onboards most international clients with higher leverage and weaker protection. You verify the entity named in your contract, not the brand on the site.

What is a clone firm and how do I spot one?

A clone firm copies a genuine regulated firm’s name and number to look legitimate. Never use contact details from the site that approached you. Go independently to the regulator’s register, find the genuine firm, and use only the website, phone and email listed there. If the broker’s details do not match the register exactly, or the name carries a clone-firm warning, treat it as a scam.

Is my money safe with a regulated forex broker?

Tier-1 regulation reduces specific risks but is conditional. Reputable frameworks require client-money segregation, negative balance protection for retail clients in the UK and EU, and a compensation scheme if the firm fails: the UK FSCS covers eligible claims up to 85,000 pounds and the Cyprus ICF up to 20,000 euros. These attach to the specific licensed entity. An offshore entity of the same brand may have weaker segregation and no Tier-1 scheme at all.

What are the biggest red flags of a forex broker scam?

Guaranteed-returns or risk-free language, offshore-only registration with no Tier-1 licence, register details that do not match or a name on a warning list, leverage far above the regulated retail caps, pressure to deposit fast, and any friction, delay or new condition that appears only at withdrawal. Withdrawal friction is the most reliable late-stage tell, because deposits are always easy and a problem broker reveals itself at the exit.

Why does a broker offer much higher leverage to some clients than others?

Because different clients are onboarded to different legal entities of the same brand, under different regulators. The UK and EU retail cap on major currency pairs is 30 to 1. The same brand’s offshore entity, regulated where those caps do not apply, can offer far higher leverage. So a high-leverage offer usually signals the offshore entity with weaker statutory protection. The leverage number tells you which protection regime you are actually in.

Educational analysis only, not financial advice. Past performance does not guarantee future results. Always manage risk and never risk more than you can afford to lose. This is macro education and scenario framework, never a signal or a recommendation to trade.