Skip to content
Home » Blog » Australian Financial Regulators: Contacts, Complaints and Investor Reporting Guide 2026

Australian Financial Regulators: Contacts, Complaints and Investor Reporting Guide 2026

Australia has a well-developed financial regulatory system, but it is not a single complaints desk.

An investor dealing with a delayed withdrawal, an unauthorised broker, misleading investment advice or a suspicious crypto platform may need to contact several different organisations. ASIC receives reports about possible breaches of financial and corporate law. AFCA handles eligible disputes between consumers and financial firms. Scamwatch collects intelligence about scam activity, while ReportCyber is the national route for reporting cyber-enabled crime. APRA supervises the financial strength and stability of major regulated institutions rather than deciding ordinary compensation disputes.

These organisations exchange information in some circumstances, but their responsibilities are not interchangeable.

The practical question is therefore not simply:

Where can I report a financial company in Australia?

The more useful question is:

Do I need regulatory enforcement, dispute resolution, scam intelligence, criminal investigation or urgent help with a payment?

This guide explains the distinction and shows how to prepare a complaint that has a realistic chance of reaching the correct authority.

The Main Australian Complaint Channels at a Glance

SituationMain channel
Possible misconduct by a financial firm or companyASIC
Personal dispute with an Australian financial firmFirm first, then AFCA
Suspicious investment or scam activityScamwatch
Cybercrime, account takeover or online financial fraudReportCyber
Concern about the stability or conduct of an APRA-regulated institutionAPRA
Suspicious transaction reporting by a regulated businessAUSTRAC
Immediate danger or threat to lifePolice on 000

The same incident may justify more than one report. For example, an investor who transferred money to a cloned brokerage website might report the operator to ASIC, submit scam intelligence to Scamwatch, lodge a cybercrime report through ReportCyber and contact the bank immediately.

Complaint, Misconduct Report or Cybercrime Report?

Australian authorities use several terms that sound similar but lead to different processes.

An individual financial complaint

This is a dispute between a customer and a financial business.

Examples include:

  • an investment withdrawal that remains pending;
  • disputed transactions;
  • unsuitable financial advice;
  • unexplained charges;
  • refusal to close an account;
  • an insurance claim dispute;
  • lending or credit problems;
  • superannuation administration issues;
  • failure to follow the customer’s instructions.

The investor should normally complain to the financial firm first. If the firm does not resolve the matter, AFCA may be able to consider the dispute. ASIC identifies AFCA as the independent external dispute-resolution scheme for consumer and small-business complaints about financial firms.

A regulatory misconduct report

A misconduct report tells ASIC that a business or person may have breached legislation administered by the regulator.

Examples include:

  • providing financial services without an appropriate licence;
  • misleading financial advertising;
  • unauthorised financial advice;
  • misuse of investor funds;
  • dishonest company conduct;
  • a business using another firm’s identity;
  • repeated or systemic consumer harm;
  • a financial professional acting outside the scope of an authorisation.

ASIC states that misconduct reports help it detect serious conduct and wider systemic problems. A report can inform supervisory or enforcement work, but it is not the same as an application for personal compensation.

A scam report

A Scamwatch submission provides intelligence to Australia’s National Anti-Scam Centre.

The report can concern suspicious contact or activity, including:

  • fake investment platforms;
  • impersonation;
  • recovery-service schemes;
  • crypto investment fraud;
  • fraudulent advertisements;
  • unexpected payment demands;
  • phishing or deceptive communications.

Scamwatch explains that reports help authorities identify trends, take action where appropriate and warn others. The reporting form does not generally provide an individual response.

A cybercrime report

ReportCyber is appropriate where the incident involves internet-enabled crime, such as:

  • online investment fraud;
  • account takeover;
  • cryptocurrency theft;
  • identity misuse;
  • malicious links;
  • fake trading websites;
  • unauthorised digital transfers;
  • phishing;
  • hacking or extortion.

Reports made by individuals through ReportCyber can be referred to the relevant state or territory law-enforcement agency. The cyber.gov.au reporting service also allows users to report cyber incidents and vulnerabilities.

ASIC: Australian Securities and Investments Commission

ASIC is Australia’s corporate, markets, financial-services and consumer-credit regulator.

For an investor, ASIC is usually the central authority where the concern involves possible unlawful financial conduct, an unlicensed investment business or misleading activity by a company or financial professional.

What can be reported to ASIC?

ASIC may receive reports involving:

  • unlicensed financial services;
  • unlicensed credit activity;
  • unauthorised investment advice;
  • misleading or deceptive financial promotions;
  • misconduct by an Australian Financial Services licensee;
  • company-director misconduct;
  • dishonest or improper company activity;
  • financial advisers operating outside their authority;
  • possible breaches affecting several consumers;
  • suspicious investment websites claiming Australian regulation.

ASIC provides an online tool that directs users to the appropriate reporting route depending on the type of issue.

What ASIC generally does not do

ASIC is not an ombudsman or private recovery service.

Submitting a report does not mean ASIC will:

  • represent the investor;
  • negotiate directly with the company;
  • order an immediate withdrawal;
  • recover every payment;
  • provide detailed updates about an investigation;
  • determine compensation in an individual dispute.

Where the problem is a personal dispute with a financial firm, ASIC directs consumers toward the firm’s complaints process and AFCA.

How ASIC uses reports

ASIC assesses reports according to factors such as seriousness, available evidence, public impact and whether the matter falls within its jurisdiction.

The regulator may:

  • record the intelligence;
  • ask for more information;
  • refer the matter internally;
  • contact the business;
  • conduct surveillance;
  • begin an investigation;
  • take administrative, civil or criminal action;
  • refer the matter to another body.

ASIC warns that it may contact a reporter only where further information is required.

ASIC contact route

ASIC accepts reports through its official misconduct-reporting system. General enquiries can be submitted through its online enquiry form or by telephone using the contact details published on the ASIC website.

For a specific problem, the online Report issue to ASIC tool is generally more useful than sending an unstructured general message.

AFCA: Australian Financial Complaints Authority

AFCA is the main external dispute-resolution body for complaints involving Australian financial firms.

Licensed Australian financial-services providers are generally required to participate in the AFCA scheme. AFCA describes its service as free and independent for consumers and small businesses.

What AFCA can consider

AFCA may handle eligible complaints involving:

  • investment products;
  • financial advice;
  • banks and deposit accounts;
  • loans and consumer credit;
  • insurance;
  • superannuation;
  • payment services;
  • managed investments;
  • stockbroking and certain investment firms;
  • financial hardship;
  • fees, transactions and account administration.

For investment and financial-advice complaints, AFCA can consider problems involving an investment held by the consumer or advice received from a financial firm.

Examples of investment complaints

An investor may approach AFCA about allegations such as:

  • unsuitable financial advice;
  • failure to disclose important risks;
  • negligent administration;
  • disputed fees;
  • failure to follow instructions;
  • investment losses allegedly caused by poor advice;
  • misleading representations;
  • problems with a managed investment;
  • conduct by a participating Australian financial firm.

AFCA will assess whether the firm is a member and whether the complaint falls within its rules and time limits.

Start with the financial firm

Before escalating, write to the company’s internal dispute-resolution team.

The complaint should clearly state:

  • what happened;
  • when it happened;
  • the financial loss or disputed amount;
  • the action already taken;
  • the outcome being requested.

If the company does not resolve the complaint, AFCA can be approached online or by telephone. ASIC and APRA both direct unresolved financial disputes to AFCA.

AFCA contact information

Telephone: 1800 931 678
Method: Online complaint portal, telephone, email or written complaint

AFCA publishes a free-call number and accepts complaints through several channels.

What evidence should be sent to AFCA?

Useful supporting records include:

  • financial advice documents;
  • investment confirmations;
  • transaction records;
  • account statements;
  • emails and letters;
  • screenshots from online portals;
  • copies of the complaint sent to the firm;
  • the company’s final response;
  • a short chronology of the dispute.

AFCA specifically recommends providing advice documents, transaction records, communications and platform screenshots where relevant.

What happens after submission?

AFCA may:

  • refer the complaint to the financial firm;
  • request additional information;
  • help the parties negotiate;
  • facilitate conciliation;
  • assess the evidence;
  • issue a preliminary view;
  • make a determination where the dispute is not resolved.

AFCA selects the method it considers most likely to resolve the complaint fairly and efficiently.

Scamwatch and the National Anti-Scam Centre

Scamwatch is operated as part of Australia’s anti-scam framework and collects reports about suspected scam activity.

It is useful where the concern involves a suspicious broker, fake crypto project, impersonation website, investment advertisement or fraudulent payment request.

What should be reported?

Scamwatch reports may cover:

  • fake investment opportunities;
  • fraudulent trading platforms;
  • crypto schemes;
  • regulator impersonation;
  • bank impersonation;
  • fraudulent recovery services;
  • social-media investment promotions;
  • fake celebrity endorsements;
  • romance-investment schemes;
  • payment requests involving gift cards or cryptocurrency;
  • phishing messages;
  • cloned businesses.

The Scamwatch form can be used for suspicious contact or activity even where the reporter has not yet lost money.

What Scamwatch does with a report

A report may help authorities:

  • identify new scam patterns;
  • connect reports about the same operator;
  • publish warnings;
  • disrupt scam infrastructure;
  • share intelligence with relevant agencies.

However, the Scamwatch reporting form warns that individual reporters may not receive a response.

Scamwatch language assistance

The online reporting form is in English. People needing help in another language can call the Translating and Interpreting Service on 131 450 and ask to be connected to Scamwatch on 1300 302 502.

ReportCyber: Reporting Online Financial Crime

An investment complaint becomes a cybercrime issue when a website, online account, digital wallet or electronic communication is used to facilitate suspected criminal activity.

When to use ReportCyber

ReportCyber may be appropriate for:

  • fake broker websites;
  • fraudulent crypto platforms;
  • stolen online-banking access;
  • compromised email or social-media accounts;
  • cryptocurrency theft;
  • fraudulent wallet transfers;
  • malicious remote-access software;
  • investment scams delivered through messaging apps;
  • identity theft;
  • cyber extortion.

Cyber.gov.au advises scam victims to report cybercrime through ReportCyber and also submit information to Scamwatch.

ReportCyber contact and support

Reports are submitted through the national cyber-reporting portal.

Australian Cyber Security Hotline: 1300 CYBER1
Telephone digits: 1300 292 371

The hotline is available for assistance with cyber threats, while the online portal is used to lodge formal reports.

Emergency situations

Where there is an immediate threat to life or risk of serious harm, call 000 rather than relying on an online report.

APRA: Australian Prudential Regulation Authority

APRA supervises banks, credit unions, building societies, insurers and much of the superannuation industry from a prudential perspective.

Its primary role is to support the safety and stability of the Australian financial system.

When APRA may be relevant

Information may be relevant to APRA where it concerns:

  • governance problems within an APRA-regulated institution;
  • prudential risk;
  • financial stability;
  • risk-management failures;
  • serious institutional weaknesses;
  • conduct that may affect the safety of depositors, policyholders or superannuation members.

APRA accepts information about institutions it regulates by email or telephone.

What APRA does not usually resolve

APRA is generally not the correct body for an ordinary customer compensation dispute.

For most complaints involving an APRA-regulated institution, APRA points consumers to AFCA. The exception noted by APRA is private health insurance, where the Private Health Insurance Ombudsman may be the relevant route.

APRA contact information

Within Australia: 1300 558 849
From outside Australia: +61 2 8037 9015
Email for information about regulated institutions: info@apra.gov.au

APRA’s call centre operates during published weekday business hours.

AUSTRAC: Anti-Money Laundering Intelligence

AUSTRAC is Australia’s financial-intelligence agency and anti-money-laundering regulator.

It is important to understand that ordinary investors do not generally use AUSTRAC as a personal dispute-resolution service.

Who submits suspicious matter reports?

Suspicious Matter Reports are primarily submitted by regulated reporting entities, such as certain banks, financial-service businesses, remittance providers and digital-currency businesses.

A reporting entity may need to submit an SMR where it forms a reasonable suspicion that a person or transaction is connected with criminal activity, identity misuse, money laundering, terrorism financing or another relevant offence.

What an investor should do

An individual who believes money has been transferred through a suspicious account should:

  1. contact the bank, exchange or payment provider;
  2. ask the provider’s fraud or security team to review the transaction;
  3. provide payment references and wallet information;
  4. submit reports to Scamwatch and ReportCyber;
  5. report regulated financial misconduct to ASIC where relevant.

The bank or other reporting entity may then assess whether an AUSTRAC report is required.

Checking Whether a Broker or Adviser Is Licensed

Before making a complaint, confirm exactly what the business is authorised to do.

An Australian Financial Services licence does not simply mean that every website using the licence number belongs to the licensee.

Check the ASIC Professional Registers

Search using:

  • company name;
  • adviser name;
  • Australian Business Number;
  • Australian Company Number;
  • licence number.

Moneysmart recommends checking:

  • whether the licence is active;
  • whether the person is an authorised representative;
  • the services covered by the licence;
  • whether the website address matches the register;
  • whether the person has been banned or disqualified.

Moneysmart specifically advises users to compare any website URL listed in the register with the URL they are actually using.

Check the scope of authorisation

A firm may be authorised for one activity but not another.

For example, a licence may permit:

  • general financial advice;
  • personal financial advice;
  • dealing in certain products;
  • operating a managed investment;
  • arranging insurance;
  • providing credit services.

Do not treat the existence of a licence as proof that every promoted product or representative is covered.

Check the representative

A person giving advice may work under another company’s AFS licence as an authorised representative. That authorisation should appear in ASIC’s registers.

What Complaints Do Australian Authorities Commonly Receive?

Withdrawal problems

Relevant allegations may include:

  • a withdrawal remaining pending;
  • repeated rejection of requests;
  • unexplained cancellation;
  • refusal to close the account;
  • support demanding another deposit;
  • account restrictions following a withdrawal request;
  • a sudden change in terms.

A withdrawal delay is not automatically proof of fraud. The complaint should identify the stated processing time, actual delay, communications and any new conditions imposed.

Unexpected fees

Common complaints involve demands for:

  • a withdrawal tax paid directly to the platform;
  • an insurance payment;
  • a verification charge;
  • an account-release fee;
  • a liquidity payment;
  • a blockchain validation fee;
  • a security deposit;
  • an additional investment.

Include the exact wording of the demand, the recipient account and the payment deadline.

Misleading financial advice

Reports may concern:

  • guaranteed returns;
  • false claims that losses are impossible;
  • pressure to invest quickly;
  • unsuitable advice;
  • undisclosed commissions;
  • false statements about regulation;
  • unauthorised trading;
  • a representative claiming to be licensed when they are not.

ASIC’s current advertising guidance addresses the obligation not to make false or misleading statements when promoting financial and credit products and services.

Clone firms and licence misuse

A cloned platform may copy:

  • the name of an Australian company;
  • an AFS licence number;
  • an office address;
  • staff names;
  • a regulator logo;
  • an Australian phone number.

The most important comparison is between the website being used and the contact information shown in the official register.

Crypto-related complaints

Useful evidence includes:

  • wallet addresses;
  • transaction hashes;
  • exchange names;
  • blockchain network;
  • screenshots of balances;
  • withdrawal records;
  • messages requesting additional crypto;
  • the identity of the exchange from which funds were sent.

Contact the sending exchange immediately. It may be able to preserve account information, flag the destination or assist law enforcement.

Evidence Checklist for an Australian Financial Complaint

A well-prepared file should contain:

  • full company name;
  • trading name;
  • every domain and subdomain;
  • claimed AFS or credit licence number;
  • ABN or ACN;
  • names of representatives;
  • email addresses and telephone numbers;
  • account number;
  • date the relationship started;
  • payment dates and amounts;
  • bank beneficiary details;
  • card transaction references;
  • wallet addresses;
  • cryptocurrency transaction hashes;
  • screenshots of account balances;
  • copies of withdrawal requests;
  • messages demanding extra payments;
  • advertising materials;
  • terms and conditions;
  • the complaint sent to the company;
  • the company’s final response;
  • a short chronological summary.

Do not include account passwords, private wallet keys or complete card details.

A Practical Complaint Template

Subject

Complaint concerning [company name], [website] and disputed investment withdrawal

Introduction

I am submitting a complaint concerning [company name], operating through [domain]. The business claims to hold or operate under Australian Financial Services Licence number [number]. I have been unable to confirm that the website and representatives are connected to the licensed entity.

Chronology

On [date], I opened an account after being contacted through [channel].
On [date], I transferred [amount] to [recipient].
On [date], I requested a withdrawal of [amount].
On [date], the company requested an additional payment described as [fee].
As of [date], the withdrawal remains unresolved.

Regulatory concern

My concerns include possible unlicensed financial activity, potentially misleading licence claims, undisclosed charges and a refusal to process the withdrawal under the terms originally presented.

Requested action

For ASIC:

I request that ASIC assess whether the company, representatives and website fall within its jurisdiction and whether the reported conduct may involve breaches of Australian financial-services or corporate law.

For AFCA:

I request that AFCA consider the dispute and the financial loss arising from the firm’s conduct.

For Scamwatch:

I am submitting this information to assist the National Anti-Scam Centre in identifying related reports and emerging scam patterns.

Which Authority Should You Contact?

Use ASIC when:

  • a company may be operating without a licence;
  • a financial adviser may be unauthorised;
  • an AFS licence may be misused;
  • advertising appears materially misleading;
  • there may be company or financial-services misconduct;
  • several consumers may be affected.

Use AFCA when:

  • the business is an AFCA member;
  • you have already complained to the firm;
  • you want an individual dispute reviewed;
  • you seek compensation or another personal remedy;
  • the problem concerns banking, credit, insurance, superannuation, investments or financial advice.

Use Scamwatch when:

  • you encountered suspicious or deceptive activity;
  • the company may be fake;
  • the contact involved impersonation;
  • an investment scheme was promoted through social media;
  • the report may help identify a wider scam pattern.

Use ReportCyber when:

  • the conduct occurred online;
  • money or cryptocurrency was stolen;
  • an account was compromised;
  • identity information was misused;
  • a fake website or digital platform was used;
  • the incident may constitute cybercrime.

Use APRA when:

  • the information concerns the prudential safety of a regulated institution;
  • there may be a serious governance or risk issue;
  • the matter could affect depositors, policyholders or members more broadly.

What Australian Regulators Usually Cannot Guarantee

Even a detailed report does not guarantee that an authority will:

  • recover transferred money;
  • reverse a blockchain transfer;
  • force an offshore company to communicate;
  • disclose an investigation;
  • act within a specific number of days;
  • provide private legal representation;
  • compensate the investor automatically;
  • identify an anonymous website operator immediately.

The purpose of each report must be realistic.

ASIC receives regulatory intelligence. AFCA resolves eligible disputes. Scamwatch analyses scam reports. ReportCyber refers cybercrime information. APRA focuses on institutional stability.

Frequently Asked Questions

Can ASIC return money lost to an investment platform?

ASIC may investigate misconduct and pursue enforcement, but it does not operate as a personal recovery agent. An eligible complaint seeking compensation may need to go through the company, AFCA or legal proceedings.

Should I report the same platform to ASIC and Scamwatch?

Yes, where both routes are relevant. ASIC may assess financial-law concerns, while Scamwatch records scam intelligence and recurring patterns.

Can AFCA investigate an offshore broker?

AFCA generally deals with participating Australian financial firms. If the operator is offshore, unlicensed or not an AFCA member, AFCA may not have jurisdiction.

How do I know whether a company is an AFCA member?

AFCA provides a member search facility. Check the legal company name rather than relying only on a brand or website name.

What if a platform displays an Australian licence?

Search the ASIC Professional Registers and compare the company name, authorised services, representatives and website. A copied licence number does not establish a genuine connection.

Should I contact my bank before filing complaints?

Yes. Contact the bank, card issuer, exchange or payment service immediately. Fast notification may improve the chance of stopping or tracing a recent payment.

Can I report a scam if I did not lose money?

Yes. Scamwatch accepts reports about suspicious contact and activity. Early reports can help authorities recognise new patterns.

Can a non-Australian investor report a company to ASIC?

A person outside Australia may report possible misconduct where the business claims Australian authorisation, uses an Australian company or appears to breach laws administered by ASIC. Whether ASIC can act depends on jurisdiction and available evidence.

Is AUSTRAC a complaint-resolution service?

No. AUSTRAC receives regulated anti-money-laundering reports and financial intelligence. Consumers normally contact their bank, ASIC, Scamwatch, ReportCyber or AFCA depending on the issue.

Final Assessment

Australia’s complaint system works best when each authority receives the type of information it is designed to handle.

A regulatory report to ASIC should explain the possible legal breach. An AFCA complaint should identify the personal dispute and requested remedy. A Scamwatch report should document the scam pattern. A ReportCyber submission should preserve digital and transaction evidence.

Sending the same emotional paragraph to every organisation is rarely effective.

A stronger approach is to prepare one evidence file, then adapt the opening section for each recipient:

  • ASIC: possible financial or corporate misconduct;
  • AFCA: unresolved dispute and requested compensation;
  • Scamwatch: suspicious conduct and scam indicators;
  • ReportCyber: online crime and digital evidence;
  • bank or exchange: urgent transaction tracing and account protection.

The most important first step is to identify who actually received the money. The website may claim to be Australian, but the payment recipient, wallet address, legal entity and licence register usually reveal whether the platform has a genuine connection to Australia.

Scam Alert Check — Report a Company or Online Fraud and Get Free Guidance

Encountered a suspicious broker, scam website or online fraud? Tell us what happened and get a free consultation on possible recovery steps.

Leave a Reply

Your email address will not be published. Required fields are marked *