SEC Nails $284 Million Municipal Bond Fraud: What the Legacy Cares Case Means for Compliance Teams

$284 million raised on forged documents. Bonds defaulted within two years. Investors got back about $2.4 million. That’s the Legacy Cares story — and the SEC just finished closing the loop on the last defendant.

TL;DR

• The SEC obtained final consent judgments against all four Legacy Cares defendants in March 2026, concluding a fraud case tied to $284 million in municipal bonds issued in 2020–2021.
• Executives fabricated letters of intent, forged signatures, and manufactured financial projections — all to deceive investors in a Mesa, Arizona sports complex that never came close to projections.
• Randy Miller and Chad Miller are already in federal prison. The compliance lessons are about document verification, issuer due diligence, and how fraudulent revenue projections get into offering memoranda in the first place.

---

What Happened at Legacy Cares

In August 2020 and June 2021, Legacy Cares — a nonprofit controlled by Randall “Randy” Miller — issued approximately $284 million in municipal bonds through the Arizona Industrial Development Authority to finance a massive multi-sports park in Mesa, Arizona. The 2020 tranche was $250.8 million; the 2021 add-on was $33 million. Both were unrated, speculative-grade bonds priced at yields between 6.25% and 7.836%.

Investors were promised revenue from the sports complex — leagues, tournaments, family entertainment events — more than enough to cover bond payments. Those projections were fabricated.

According to the SEC’s complaint, the defendants did the following:

• Fabricated letters of intent from sports clubs, leagues, and other entities that were supposed to use the complex
• Forged signatures on documents — some using incorrect letterhead from outdated sources, misspelled signatories, and phony organizational details
• Created fake pre-contracts after the underwriter (Ziegler) asked for more current, binding commitments — and simply manufactured those too
• Produced misleading financial projections based entirely on those fake contracts, including a “Summary Five-Year Pro Forma” and an “Economic and Fiscal Impact Summary” for the bond offering

The sports complex opened in January 2022 and promptly underperformed. The bonds defaulted in October 2022. Legacy Cares filed Chapter 11 bankruptcy in May 2023. After the bankruptcy sale, bondholders recovered approximately $2.4 million of the original $284 million.

---

The Defendants and What Happened to Them

Four individuals were ultimately charged in parallel SEC civil and DOJ criminal proceedings:

Defendant	Role	Criminal Outcome
Randall “Randy” Miller	Chairman and President, Legacy Sports	6 years in federal prison + $7.3M forfeiture + $228M joint restitution
Chad Miller	CEO, Legacy Sports (Randy’s son)	5 years in federal prison + $4.8M forfeiture + $228M joint restitution
Jeffrey De Laveaga	COO, Legacy Sports	Pleaded guilty; awaiting sentencing
Jeffrey Puzzullo	Construction consultant; prepared financial projections	Time served + 1 year supervised release; monetary restitution to be determined

All four agreed to bifurcated settlements in the SEC civil case — meaning they’ve accepted permanent injunctions barring them from participating in securities markets, but disgorgement, prejudgment interest, and civil penalties haven’t been finalized yet. Puzzullo’s restitution hearing is scheduled for April 22, 2026.

The investigation was led by the SEC’s Public Finance Abuse Unit, which specifically focuses on fraud in the $4+ trillion municipal bond market. The DOJ’s Southern District of New York and the FBI were also involved.

---

How Fake Documents Got Into the Offering Memorandum

The mechanics of how this fraud worked — and how it survived due diligence — deserve a close look.

The key failure wasn’t that the underwriter (Ziegler) didn’t ask questions. They did. When some of the letters of intent looked stale, Ziegler asked the issuer for more current documentation reflecting a stronger level of commitment. That’s a legitimate due diligence step.

The problem: Randy Miller, Chad Miller, Puzzullo, and De Laveaga responded to that request by fabricating brand-new documents. Not by going back to the sports leagues and getting updated letters — by manufacturing fake pre-contracts with forged signatures.

This points to a structural vulnerability in how revenue-backed bond offerings are validated:

1. Self-reported revenue projections — Issuers and their consultants provide the financial model. Underwriters review it but rarely independently verify underlying assumptions.
2. Document authentication gaps — Letters of intent, contracts, and pre-agreements are typically accepted as provided. Direct verification with the signing parties isn’t always standard practice.
3. Circular reliance — The financial consultant (Puzzullo) who created the revenue projections was working from the same fake letters of intent that he helped create. There was no independent check.

The SEC noted that the scheme was a “collaborative effort” — multiple defendants coordinating drafts of fake documents over time. This wasn’t a one-off error; it was systematic document fraud.

---

The “Red Flags” That Should Have Stopped This

High-yield muni buyers who spoke to Bond Buyer after the default were blunt: “This was amateur hour.” In retrospect, the warning signs were visible:

• Unrated bonds at 6.25–7.836% yields — speculative-grade pricing that should have prompted deep diligence
• Revenue projections “multiple times” the amount needed to cover bond payments — projections that aggressive were worth verifying
• A startup venue with no operating history — all revenue projections were hypothetical
• Dependence on letter-of-intent commitments — not executed contracts, not paid deposits, not event bookings with deposits

None of these are unknown risk factors in the municipal market. But the combination of aggressive yield chasing, limited independent verification, and a sophisticated multi-party fraud scheme created the conditions for $281+ million in investor losses.

---

What This Means for Compliance Teams

If you work in compliance at a financial institution, broker-dealer, municipal advisory firm, or any organization that participates in municipal securities offerings, the Legacy Cares case surfaces several things worth locking into your program.

1. Independent Document Verification Is a Control, Not a Courtesy

Accepting documents at face value is not due diligence. When an issuer’s projections depend on third-party commitments — contracts, letters of intent, anchor tenants, expected customers — those commitments need to be independently verified. That means:

• Directly contacting the alleged signing party, not just reviewing the document
• Checking organizational details: correct letterhead, active entity status, verified signatories
• Flagging anomalies: outdated dates, formatting inconsistencies, unusual signing authority

The National Association of Bond Lawyers (NABL) due diligence framework places this obligation squarely on underwriters: the duty is to form a reasonable belief that offering documents are materially accurate. You can’t form that belief by reviewing documents the issuer handed you without any independent check.

2. Revenue Projections Need Stress Testing, Not Just Review

A “Summary Five-Year Pro Forma” is only as good as the assumptions underneath it. Puzzullo’s projections looked detailed — they included expected attendance, event types, revenue per event. They were completely made up.

Standard practice for stress-testing revenue projections in conduit bond offerings:

• Request the underlying contracts or agreements that support projected revenue (not just summaries)
• Apply sensitivity analysis: What does the debt service coverage ratio look like if revenue hits 50% of projection? 30%?
• Benchmark against comparable venues: Are these attendance projections consistent with peer facilities in similar markets?
• Look for circular sourcing: Is the financial model built by the same consultant providing the contracts it’s based on?

That last point is exactly what happened here. The consultant who prepared the financial model was also one of the people fabricating the underlying contracts. A basic conflict-of-interest review would have flagged this.

3. Issues Tracking for Due Diligence Exceptions

When your due diligence process surfaces a flag — stale dates, unusual signatures, projections that seem stretched — that exception needs to be logged, escalated, and resolved. Not verbally noted and forgotten.

The underwriter in this case flagged that some documents looked stale. They asked for updated materials. The issuer provided them. The underwriter accepted them. There’s no indication that the initial flag was escalated, that a formal exception was documented, or that the “updated” materials were subjected to any different level of scrutiny.

A formal issues tracking process would have required:

• Logging the due diligence exception (stale documents, questionable projections)
• Escalating to a senior reviewer or compliance officer
• Documenting the resolution — including how the updated materials were verified
• Maintaining an audit trail through closing

This is exactly the kind of documented remediation process that protects your firm if a deal later blows up.

4. Conduct-Based Injunctions Are Long-Lasting Consequences

All four defendants received conduct-based injunctions permanently barring them from participating in securities markets. For compliance professionals thinking about individual accountability: the consequences of securities fraud aren’t just fines. They’re career-ending prohibitions backed by federal court orders and criminal prison sentences.

The individual accountability angle in this case is stark. Randy Miller, 6 years. Chad Miller, 5 years. These aren’t abstract compliance failures — they’re outcomes that destroyed lives, including the people who ran the scheme.

---

The Bigger Picture: SEC’s Public Finance Abuse Unit

The Legacy Cares enforcement came out of the SEC’s Public Finance Abuse Unit, a dedicated enforcement team focused on fraud in the municipal securities market. Their remit covers:

• Fraudulent offering documents
• Pay-to-play schemes involving municipal advisors
• Undisclosed conflicts of interest
• Failure to comply with continuing disclosure obligations

The $4+ trillion municipal bond market has historically received less scrutiny than corporate securities markets. That’s changing. The SEC’s Enforcement Division has stated explicitly that protecting this market is a priority — particularly for the retail investors, pension funds, and local governments that depend on it.

If your firm participates in municipal securities — as underwriter, municipal advisor, bond counsel, or conduit issuer — you should expect the same level of regulatory scrutiny you’d apply to a corporate securities offering.

---

So What? The Practical Takeaway

The Legacy Cares fraud wasn’t sophisticated. It worked because nobody independently verified the contracts that the entire revenue model depended on. The underwriter asked the right question — but accepted the issuer’s fabricated answer without independent confirmation.

For compliance teams:

• Build direct verification into your due diligence checklist — don’t just review; confirm with the source
• Stress-test revenue projections against pessimistic scenarios, not just base-case
• Log and escalate due diligence exceptions with formal documentation and sign-off
• Review consultant relationships for conflicts — who provided the underlying data for the model?
• Train deal teams that when something looks off, the burden of proof is on the issuer to demonstrate the document is legitimate, not just provide a replacement

Investors in this deal lost more than 99% of their principal. The compliance controls that might have stopped it were straightforward. The question is whether they were in place and being followed.

---

Keeping track of compliance findings and their resolution? The Issues Management Tracker gives you a structured framework for logging due diligence exceptions, escalation paths, and documented sign-offs — exactly the kind of audit trail that protects your firm when deals go sideways.

---

FAQ

What was Legacy Cares? Legacy Cares was a nonprofit organization controlled by Randall “Randy” Miller that issued approximately $284 million in municipal bonds in 2020 and 2021 to finance a multi-sports park and family entertainment center in Mesa, Arizona. The bonds defaulted in October 2022 after the complex opened with far fewer events and revenue than projected.

What did the SEC charge in the Legacy Cares case? The SEC charged four individuals — Randy Miller, Chad Miller, Jeffrey De Laveaga, and Jeffrey Puzzullo — with violating the antifraud provisions of the federal securities laws (Section 17(a) of the Securities Act of 1933 and Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5). All four fabricated or materially altered documents used to support false revenue projections in the bond offering memoranda. The DOJ filed parallel criminal charges; Randy Miller received 6 years in prison and Chad Miller received 5 years.

What should underwriters and compliance teams do differently after Legacy Cares? The core lesson is independent verification. Due diligence on revenue-backed bond offerings should include direct contact with parties whose commitments underpin revenue projections, formal exception tracking when documents look stale or unusual, stress testing of financial models, and review of consultant conflicts of interest. Accepting documents provided by the issuer without independent confirmation — especially for speculative-grade offerings — is not sufficient diligence under SEC expectations.