European Company Verification Checklist: A Step-by-Step Guide to Verifying Any EU Company Before Transferring Funds

Before transferring funds to any European company – whether for investment, trading, or business purposes – a structured verification process is essential. Fraud schemes operating across the EU, Switzerland, and the United Kingdom routinely use registered company names, cloned identities, and professional websites to appear legitimate. This checklist provides a practical, step-by-step algorithm for verifying any EU-based entity. Each step targets a specific fraud indicator. Completing all steps before any payment significantly reduces the risk of financial loss to fraud.

How to Verify a European Company Before Transferring Funds

Step 1: Confirm Legal Existence

Every legitimate European company is registered in a national commercial register. Verify the entity through the Business Registers Interconnection System (BRIS) – the EU-wide portal connecting all national registers – and through the specific national register of the country where the company claims to be incorporated: Companies House (UK), Handelsregister (Germany), Registre du Commerce (France), Registro delle Imprese (Italy), or Registro Mercantil (Spain). The following facts must match exactly between the company’s own representations and the register entry: the full legal name, registration number, date of incorporation, current status (active, dissolved, or in liquidation), and the names of registered directors. Any mismatch – a different registration number, a director name that does not appear in the register, or a status showing dissolution – is a high-probability indicator of fraud or clone firm activity. Do not proceed to payment if the legal existence cannot be independently confirmed.

Step 2: Validate the Financial Licence

If the company offers investment services, trading, asset management, or any regulated financial activity, it must hold a valid licence from the relevant national regulator. Check the company directly in the regulator’s public register: the FCA Register (United Kingdom), BaFin’s Company Database (Germany), AMF’s List of Authorised Providers (France), CONSOB’s Register (Italy), or CNMV’s Official Register (Spain). Verify three specific facts: that the licence exists, that the licence type covers the specific services being offered, and that the website domain matches the domain listed in the regulator’s record. If the entity has no licence and is offering investment services, the activity is unauthorised and potentially criminal. If a licence exists but the domain or contact details do not match, the entity may be a clone firm – a fraud operation impersonating a legitimate licensed company.

Step 3: Detect Clone Firms

Clone firm fraud is one of the most effective and rapidly growing fraud categories in Europe. Fraudsters copy the name, registration number, and branding of a real licensed firm – but operate from different domains, email addresses, phone numbers, and office addresses. To detect a clone firm, compare every contact detail the entity has provided – website domain, email address, telephone number, and physical address – directly against the details listed in the regulator’s official register. If any contact detail differs from the regulator’s record, treat the entity as a suspected clone until independently confirmed otherwise. The FCA, BaFin, and AMF publish specific clone firm warnings when they identify entities impersonating licensed firms – check these warnings as part of the verification.

Step 4: Screen Warning Lists

Check the company name and all associated domains against every relevant warning list: the FCA Warning List, IOSCO’s Investor Alerts Portal (I-SCAN), AMF blacklists, BaFin warnings, CONSOB warnings, and CNMV warnings. Presence on any warning list is a definitive high-risk indicator. The entity has been publicly identified by a competent regulatory authority as unauthorised, fraudulent, or associated with fraud. No further payment should be made to the entity.

Step 5: Analyse the Domain and Website

Check the domain registration through WHOIS. Verify the date of registration, the registered owner, and whether the ownership details are hidden behind privacy services. A domain registered less than one year ago – particularly one offering investment or financial services – is a significant risk indicator. Concealed ownership information adds additional risk. Legitimate regulated companies do not hide their domain registration details.

Step 6: Verify Payment Details

Before transferring funds, verify the payment details provided by the company. Confirm that the IBAN belongs to the company – not to an individual or a third-party entity. Check whether the receiving bank is located in the EU or in an offshore jurisdiction. Confirm that the beneficiary name on the account matches the company’s registered legal name exactly. Red flags at this stage include: payment requested to a personal account, payment to a company with a different name, use of multiple IBANs across different transactions, and frequent changes to payment details. Any of these indicators suggest that the payment infrastructure is designed to obscure the destination of funds – a hallmark of fraud operations.

Step 7: Assess Payment Infrastructure

Identify the payment service providers (PSPs), electronic money institutions (EMIs), acquiring banks, and cryptocurrency wallets involved in the company’s payment processing. Legitimate companies use established, regulated payment infrastructure. Red flags include: unknown or unregulated PSPs, cryptocurrency-only payment options with no fiat alternative, and high-pressure tactics demanding immediate payment.

Step 8: Evaluate the Business Model

Certain representations are near-universal indicators of investment fraud: guaranteed returns, fixed percentage profits, “no risk” investment claims, and aggressive unsolicited telephone calls pressuring immediate deposits. No legitimate regulated investment firm guarantees returns. No legitimate firm pressures clients to transfer funds immediately. These representations alone – regardless of how professional the website appears – are sufficient grounds to classify the entity as high-risk.

Step 9: Review Communications

Examine the quality and professionalism of all communications. Legitimate regulated companies use corporate email domains – not Gmail, Outlook, or other free providers. Communications should be legally precise, free of grammatical errors, and accompanied by formal contractual documentation. Red flags include: pressure to act immediately, absence of written contracts or terms, grammatical errors inconsistent with a professional financial firm, and reluctance to provide documentation in writing.

Step 10: Search Public Records and Litigation

Search for the company name, director names, and associated domains in public court records, news archives, and consumer complaint databases. Look for fraud allegations, regulatory enforcement actions, and patterns of complaints. Repeated complaints from multiple sources – particularly complaints describing similar fraud mechanics – are strong indicators that the entity operates a systematic fraud scheme rather than a legitimate business.

Step 11: Analyse Corporate Structure

Examine the company’s corporate history and structure. Risk indicators include: recent incorporation (particularly if offering services that require years of operational history), nominee or proxy directors with no verifiable professional background, frequent changes of directors, and offshore beneficial owners. These structural features are commonly used by fraud networks to create disposable corporate vehicles that are difficult to trace and easy to abandon.

Step 12: Verify MiCA Compliance (Crypto-Asset Services)

If the entity offers crypto-asset services within the EU, it must hold a Crypto-Asset Service Provider (CASP) authorisation under the Markets in Crypto-Assets Regulation (MiCA). Check the ESMA register for authorised CASPs. If the entity is not authorised, its crypto-asset services are unlawful in the EU – and any funds transferred are at elevated risk.

Red Flags: When to Stop

The presence of two or three of the following red flags is sufficient to classify the entity as high-risk and to recommend that no transfer is made: no valid financial licence, presence on a regulatory warning list, payment details that do not match the company name, pressure to transfer funds immediately, and promises of guaranteed returns. Each of these indicators independently signals elevated fraud risk. In combination, they establish a pattern that is consistent with organised fraud and inconsistent with legitimate business operations.