When Stock Exchanges Amplify Fraud: The Penn Park Capital Management Limited Case

Boiler-room investment fraud doesn’t survive on its own. It feeds on borrowed credibility. One of the easiest ways for scammers to look trustworthy is by getting their names published on platforms that ordinary investors already rely on.

That’s exactly what happened when a boiler‑room operation, having stolen the identity of a legitimate firm called Penn Park Capital Management Limited (“PPC”), managed to publish bogus press releases on the London Stock Exchange’s Regulatory News Service (RNS). Not only had PPC already hijacked the business name of a legitimate company, they had also created a bogus corporate persona presenting itself as “Europe’s leading fund manager” – a story recently covered in The Observer newspaper’s business section in the UK.

The Coalition of Cyber Investigators has significant experience identifying and investigating boiler room investment frauds and has defined a multi-stage typology. Exploiting genuine company details, cloning the identities of real individuals, and generating press releases, industry commentary, and social media presence are all ways of credentialising themselves sufficiently to persuade victims that they are investing their money with a credible and professional fund manager. To the untrained eye, the bogus PPC looked genuine.

If any doubts existed in the minds of potential victims, the publication of a fake PPC press release on the London Stock Exchange’s RNS provided comfort and reassurance.

On paper, RNS is simply a distribution pipe. Companies submit their market announcements, and they appear in the RNS feed. Millions of investors, journalists, and data providers treat those feeds as gospel: if it’s on the London Stock Exchange’s channel, it must be real.

According to the London Stock Exchange, “Releasing announcements through RNS ensures company information is distributed immediately and accurately in full text and in industry-leading formats. Announcements are visible on over 2 million market professional terminals, databases and financial webs.”

And that’s what the scammers exploited.

Here’s what happened

The bogus fund manager PPC was never licensed or authorised by any financial regulator. For example, it wasn’t on the Financial Conduct Authority (FCA) register in the UK, nor was it licensed in any of the other countries it claimed to have a presence in.

In simple terms, it was a boiler room scam operation with no legitimate right to operate as an investment firm. As it presented itself as a UK company, a simple check on the FCA register would have identified in seconds that the bogus PPC was not licensed.

Yet it still managed to upload and publish slick press releases through the London Stock Exchange’s RNS. The announcement sat alongside genuine filings from FTSE‑listed companies. For a retail investor browsing news on the London Stock Exchange, there was no obvious difference.

The London Stock Exchange adds a boilerplate disclaimer to its news service, emphasising that the content of all announcements is the sole responsibility of the issuing company, and the exchange does not verify or endorse the information.

This legal shield is designed to protect the platform, but it doesn’t protect its consumers. In practice, the London Stock Exchange’s trusted brand gave an unlicensed entity the appearance of legitimacy.

For most people outside the industry, RNS isn’t a message board - it’s the official news wire of the stock exchange. That implied endorsement makes it so powerful for investors and so tempting for fraudsters.

Why disclaimers aren’t enough

Fraudsters look for the easiest possible openings. In this case, every red flag was obvious: no regulator license, no history, boiler‑plate contacts. The kind of checks that would have flagged the fake PPC as suspicious could be automated in seconds.

The gap here isn’t technical capability. It’s the assumption that disclaimers are sufficient. They’re not. Disclaimers may protect the institution in court, but they do nothing for the people who lose money chasing credibility that never should have existed in the first place.

The duty of care gap

What’s really at stake is the duty of care. If your platform profits from distributing financial announcements and investors rely on your brand for trust, you have an ethical duty to ensure the entities using your service are, at a minimum, licensed by a regulator.

That doesn’t mean exchanges or newswires need to vet every data point in a press release. But it does mean they should stop acting as publishing vehicles for firms that aren’t even allowed to sell investments in the first place.

Why it matters

Once a scam appears on the London Stock Exchange’s RNS feed, it doesn’t stay there. Financial portals, analyst dashboards, and even mainstream outlets pull that announcement into their own systems, meaning that a single unlicensed press release can cascade through the wider ecosystem in minutes.

The fact that the London Stock Exchange’s RNS is approved by the Financial Conduct Authority (FCA) to act as a Primary Information Provider in the United Kingdom also adds additional credibility, and the FCA has a statutory duty to protect consumers – that is not consistent with primary information providers allowing scammers to use their platform to credentialise themselves.

This is what we call amplification risk: when the credibility of a trusted institution multiplies the reach of fraud far beyond what the scammers could ever achieve on their own.

What needs to change

The fix is straightforward:

• Block unlicensed firms. Mandatory checks against regulator databases should be standard before publication.

• Treat disclaimers as a back‑up, not the first line of defence.

• Recognise the brand risk. Exchanges and major platforms can’t afford to be in the business of laundering credibility for scams.

• Regulators need to review their current controls in these circumstances – in this scenario, those controls have failed.

The bigger picture

The fake PPC case isn’t unique. It’s part of a wider pattern where fraudsters exploit institutions that investors trust the most. Each week in this series we’ll spotlight a different platform where this happens, from European exchanges to global finance portals.

Fraud thrives on amplification. Trust demands accountability, not disclaimers.

If you've been affected by an investment fraud scheme and need assistance, The Coalition of Cyber Investigators specialise in investigating boiler room investment fraud.

We offer investigations, preparation of investigative reports for law enforcement, regulators and insurers, and pre-investment validation services to help you avoid scams in the first place.

If you need assistance, contact us on our LinkedIn company page - just search for The Coalition of Cyber Investigators and send us a message. Or message us through the contact form on our website www.coalitioncyber.com

Authored by: The Coalition of Cyber Investigators

©2025 The Coalition of Cyber Investigators. All rights reserved.

The Coalition of Cyber Investigators is a collaboration between

Paul Wright (United Kingdom) - Experienced Cybercrime, Intelligence (OSINT & HUMINT) and Digital Forensics Investigator;

Neal Ysart (Philippines) - Elite Investigator & Strategic Risk Advisor, Ex-Big 4 Forensic Leader; and

Lajos Antal (Hungary) Highly Experienced Cyber Forensics, Investigations and Cybercrime Expert.

The Coalition unites leading experts to deliver cutting edge research, OSINT, Investigations & Cybercrime Advisory Services worldwide.

Our two co-founders, Paul Wright and Neal Ysart, offer over 80 years of combined professional experience. Their careers span law enforcement, cyber investigations, open source intelligence, risk management, and strategic advisory roles across multiple continents.

They have been instrumental in setting formative legal precedents and stated cases in cybercrime investigations, as well as contributing to the development of globally accepted guidance and standards for handling digital evidence.

Their leadership and expertise form the foundation of the Coalition’s commitment to excellence and ethical practice.

Alongside them, Lajos Antal, a founding member of our Boiler Room Investment Fraud Practice, brings deep expertise in cybercrime investigations, digital forensics and cyber response, further strengthening our team’s capabilities and reach.