Fraud Blacklists & Scam Warnings: How to Use Regulatory Warning Lists to Protect Your Investment

Fraud blacklists and scam warnings published by European financial regulators are the fastest available tool for identifying unauthorised entities, clone firms, and fraudulent investment platforms. These official warning lists – maintained by the FCA, BaFin, AMF, CONSOB, CNMV, ESMA, and other national regulators – notify the public that a specific entity is not authorised to provide financial services, is impersonating a licensed firm, or is operating a fraudulent scheme. Checking these lists before investing takes minutes. Recovering funds after investing in a blacklisted entity takes months or years. This guide explains what regulatory warning lists contain, how to use them effectively, and how they function as evidence in fund recovery proceedings.

What Are Fraud Blacklists and Scam Warnings

Fraud blacklists and scam warnings are official publications by financial regulatory authorities identifying entities that are operating without the required authorisation to provide financial services in their jurisdiction. These warnings are issued when a regulator determines that an entity is offering investment services, brokerage, fund management, crypto-asset services, or other regulated financial activities without holding a valid licence – or when the entity is impersonating a licensed firm by using its name, registration number, or branding while operating from different contact details and bank accounts. These warnings typically contain the entity’s name or trading name, website domain, and in many cases the entity’s email address, telephone numbers, physical address, and – where identified – the IBAN or payment intermediary used to collect investor funds. The warning specifies whether the entity is unauthorised, is a clone of a licensed firm, or is otherwise operating illegally. Regulatory warnings are published on the regulator’s official website and in most cases remain accessible permanently as a public record.

What Not to Confuse: Registers, Warning Lists, and Private Databases

Official Licensed Entity Registers

Every European financial regulator maintains an official register of entities authorised to provide financial services in its jurisdiction. The FCA Register in the United Kingdom, the BaFin company database in Germany, the AMF register in France, the CONSOB register in Italy, and the CNMV register in Spain list every entity that holds a valid licence to provide the regulated activities specified in the register entry. At the EU level, ESMA maintains consolidated registers of authorised investment firms. The Business Registers Interconnection System (BRIS) – accessible through the European e-Justice portal – provides access to national corporate registers across EU member states, confirming whether a company is legally incorporated. BRIS confirms corporate registration – it does not confirm financial regulatory authorisation. A company can be registered in a corporate registry without holding any financial services licence.

Warning Lists and Blacklists

Warning lists are the opposite of licence registers – they identify entities that should not be trusted. An entity appearing on a warning list has been assessed by a regulatory authority as operating without authorisation, cloning a licensed firm, or otherwise conducting illegal financial activity. Warning list inclusion is not a criminal conviction – but it is an official determination by a supervisory authority that the entity presents a risk to investors and is not operating within the regulated framework.

Private Scam Databases

Private scam databases – commercial websites, investor forums, and independent fraud reporting platforms – publish user-submitted reports about suspected fraudulent entities. These databases can provide useful initial orientation but do not carry the legal weight of official regulatory warnings. A company appearing on a private scam database may or may not be fraudulent. A company appearing on an official regulatory warning list has been assessed by a public authority. Private databases can be used as an investigative starting point – not as a self-sufficient basis for legal action.

Key Official Warning List Sources in Europe

FCA Warning List (United Kingdom)

The Financial Conduct Authority publishes a Warning List identifying firms and individuals that are not authorised or registered to carry out regulated financial activities in the United Kingdom. The FCA Warning List specifically identifies clone firms – entities using the name, registration number, or branding of a genuinely authorised firm while operating from different contact details and collecting funds into different accounts. The FCA explicitly states that the Warning List covers firms and individuals not authorised or permitted to operate in the UK.

BaFin Warnings (Germany)

The Bundesanstalt für Finanzdienstleistungsaufsicht publishes warnings against entities offering financial services in Germany without the required authorisation. BaFin warnings cover unauthorised investment firms, forex platforms, crypto-asset service providers, and entities conducting banking operations without a licence. BaFin’s company search database enables cross-referencing – confirming whether an entity claiming BaFin authorisation actually holds a valid licence.

AMF Blacklists (France)

The Autorité des Marchés Financiers publishes blacklists of unauthorised websites and entities offering financial services to French investors. AMF blacklists are organised by category – forex, binary options, crypto-asset derivatives, diamond and wine investments, and other categories. AMF explicitly states that its blacklists are not exhaustive – new fraudulent entities appear continuously, and the absence of an entity from the list does not confirm its legitimacy.

CONSOB Warnings (Italy)

The Commissione Nazionale per le Società e la Borsa publishes warnings against entities conducting unauthorised financial activities in Italy and regularly issues orders blocking access to websites illegally offering financial services to Italian investors. CONSOB’s website blocking power is unique among EU regulators – enabling direct enforcement against fraudulent domains accessible from Italian territory.

CNMV Warnings (Spain)

The Comisión Nacional del Mercado de Valores publishes warnings on unauthorised entities offering investment services to Spanish investors – covering forex platforms, unregistered investment firms, and entities operating without the required CNMV authorisation.

IOSCO Investor Alerts (International)

The International Organization of Securities Commissions maintains the I-SCAN (International Securities Commissions Alert Network) database – aggregating warnings from securities regulators worldwide. IOSCO I-SCAN enables cross-jurisdictional checking – an entity that has not yet been flagged by the investor’s national regulator may already appear in the IOSCO database based on warnings issued by regulators in other jurisdictions. IOSCO explicitly warns that the absence of an alert in the database should not be taken as confirmation of legitimacy – investors must always verify authorisation directly with the national regulator.

Crypto-Asset Verification Under MiCA in 2026

ESMA MiCA Register

For cryptocurrency investments, the EU Markets in Crypto-Assets Regulation (MiCA) establishes a new regulatory architecture that is critical for investor protection. ESMA publishes the central MiCA register covering authorised Crypto-Asset Service Providers (CASPs), approved crypto-asset white papers, and entities identified as non-compliant. Under MiCA, crypto-asset services in the EU may only be provided by authorised CASPs or financial institutions operating under the notification regime.

Transitional Period Considerations

The European Supervisory Authorities (ESAs) issued a specific consumer warning in 2025 noting that investor protection for certain crypto-assets may be limited during the transitional period – which extends until July 2026 in some member states. During this period, some entities may operate under national transitional arrangements that provide lower levels of regulatory protection than full MiCA authorisation. Verification through the ESMA MiCA register confirms whether an entity has obtained full authorisation or is operating under transitional provisions – a distinction with direct implications for investor protection.

Crypto-Specific Verification

Any entity offering crypto-asset services – exchange, custody, portfolio management, transfer, or advisory services – should be verifiable through the ESMA MiCA register. An entity that claims to be MiCA-authorised but does not appear in the ESMA register is either misrepresenting its status or operating without the required authorisation. For crypto investments specifically, the MiCA register is the definitive verification source – not the entity’s own website or marketing materials.

Common Categories Found in Regulatory Warning Lists

Unauthorised Investment Firms

Entities offering investment products – securities, bonds, structured products, fund participations – without holding the required licence from the national financial regulator. These entities may present fabricated licence numbers or claim exemptions from registration requirements that do not apply to their activity.

Forex, CFD, and Binary Options Platforms

Unregulated platforms offering foreign exchange trading, contracts for difference, or binary options without MiFID II authorisation. This is one of the most frequently warned-against categories across all European regulators – FCA, BaFin, AMF, CONSOB, and CNMV all maintain extensive warning lists targeting unauthorised trading platforms.

Clone Firms

Entities that copy the name, registration number, and branding of a genuinely licensed firm but operate from different contact details – different phone numbers, different email addresses, different websites, and different bank accounts. Clone firms are designed to exploit investor trust in the legitimate entity’s regulatory status. The FCA publishes specific clone firm alerts – and checking not just the entity name but the exact domain, address, phone number, and payment details against the regulator’s record is the only way to identify a clone.

Fake Recovery Services

Entities that contact existing fraud victims – claiming to be law enforcement, regulatory investigators, or specialist recovery firms – and demand upfront fees for “guaranteed fund recovery.” Fake recovery services target vulnerable victims who have already lost funds and are seeking any path to recovery. Several European regulators now publish specific warnings against recovery fraud operators.

Crypto Platforms Without Proper Authorisation

Exchanges, wallet services, staking platforms, and yield-generating platforms operating without CASP authorisation under MiCA or without registration under national AML frameworks. This category is expanding rapidly as the MiCA authorisation requirement takes effect across EU member states.

Social Media and Relationship Investment Scams

Investment opportunities promoted through WhatsApp groups, Telegram channels, Instagram advertisements, and dating platforms – where the investment advice or platform referral originates from a fabricated personal or romantic relationship. Several European regulators have begun publishing dedicated consumer alerts specifically targeting social media and relationship-based investment fraud.

The Legal Weight of Warning List Entries

What Warning List Inclusion Proves

Inclusion in an official regulatory warning list is not a criminal conviction – but it is a determination by a public supervisory authority that the entity is not authorised to provide the financial services it is offering. In legal proceedings, a warning list entry establishes that the entity was publicly identified as unauthorised by the relevant regulator, that any claim of regulatory authorisation made by the entity to investors was false, that the entity was operating outside the regulatory framework designed to protect investors, and that a reasonable investor would have been misled if the entity presented itself as licensed or regulated.

What Warning List Absence Does Not Prove

The absence of an entity from a warning list does not confirm that the entity is legitimate. IOSCO explicitly states that absence from the I-SCAN database should not be interpreted as confirmation of legitimacy. AMF explicitly states that its blacklists are not exhaustive. Regulators add entities to warning lists as they identify them – but new fraudulent platforms appear faster than regulators can assess and list them. The only way to confirm authorisation is to check the official licence register – not to rely on the absence of a warning.

How Warning Lists Are Used in Fund Recovery

Building the Evidence Package

In fund recovery proceedings – criminal complaints, regulatory notifications, civil claims, and payment intermediary disputes – a warning list entry is a powerful evidentiary element, but it functions most effectively in combination with other evidence. The complete evidence package combines the regulatory warning list entry confirming the entity is unauthorised, screenshots of the entity’s website and client portal showing the services offered and any false regulatory claims, bank SWIFT and SEPA records documenting the payment trail, card statements and merchant descriptors identifying the payment intermediary, communication records – chat logs, emails, call recordings – documenting the representations made by the entity’s representatives, verification that the entity does not appear in the official licence register, and identification of the payment service provider, EMI, acquiring bank, or cryptocurrency exchange that processed the transactions.

Strengthening Claims Against Payment Intermediaries

The combination of a regulatory warning list entry and transaction evidence is particularly powerful in claims against the banks, payment service providers, EMIs, and acquiring banks that processed payments for the unauthorised entity. The argument that a payment intermediary processed transactions for an entity that was publicly listed as unauthorised by the relevant regulator strengthens the case that the intermediary failed in its AML and compliance obligations – supporting regulatory complaints and civil liability claims against the intermediary.

Application in Legal Proceedings

Warning list entries support legal proceedings at every stage. In criminal complaints – establishing that the entity was operating illegally and that investors were deceived about its regulatory status. In regulatory notifications – demonstrating that the regulator’s own warning was not acted upon by financial intermediaries. In civil claims – proving that the entity misrepresented its authorisation status and that the investor’s reliance on that misrepresentation was reasonable. In freezing applications – demonstrating the fraudulent nature of the entity’s operations and the risk of asset dissipation.

The Correct Verification Sequence

Step 1 – Corporate Registry Check

Verify whether the entity is registered as a legal entity through BRIS (European e-Justice portal) or the national corporate registry in the entity’s claimed country of registration. Corporate registration confirms legal existence – nothing more. A registered company can still be unauthorised, insolvent, or fraudulent.

Step 2 – Licence Register Check

Verify whether the entity holds a valid financial services licence through the official register of the national financial regulator in the entity’s claimed jurisdiction – FCA Register, BaFin company database, AMF register, CONSOB register, CNMV register. Confirm that the licence covers the specific activity the entity claims to perform, that the licence is currently valid, and that the entity’s contact details – domain, address, phone number – match the regulator’s records.

Step 3 – Warning List Check

Search the warning lists of the regulator in the entity’s claimed country, the regulator in the country where the entity is marketing its services, and the IOSCO I-SCAN database for cross-jurisdictional coverage. For crypto-asset entities, check the ESMA MiCA register separately.

Step 4 – Clone Firm Verification

If the entity claims to be a specific licensed firm, cross-reference every detail – domain name, registered address, phone number, email address, and payment account details – against the regulator’s record for the legitimate firm. Clone firms use the legitimate firm’s name and licence number but operate from different contact details and collect funds into different accounts. A match on name and licence number but a mismatch on domain, address, or payment details is the signature of a clone firm.

Step 5 – Payment Trail Analysis

Examine the payment instructions provided by the entity. An IBAN in a country different from the entity’s claimed registration, payment to a third-party company rather than the entity itself, or payment to a personal account are transaction-level red flags that warning lists and licence registers alone cannot identify. Payment trail analysis completes the verification that registry and warning list checks begin.