$284 Million in Fake Documents: The Legacy Cares Municipal Bond Fraud and What Compliance Teams Must Learn

Randy Miller is serving six years in federal prison. His son Chad got five. A nonprofit sports complex in Mesa, Arizona lies dormant, its $284 million in bonds defaulted, investors left holding the bag — all because someone decided it was easier to forge a few letters of intent than to find real tenants for a stadium.

This isn’t a tale of sophisticated financial engineering or obscure loopholes. The SEC’s enforcement action against Legacy Cares is a reminder that the oldest fraud in the book — fabricating documents to support projections — still works until it doesn’t.

TL;DR

• The SEC obtained partial consent judgments in March 2026 against all four Legacy Cares defendants for a $284M municipal bond fraud built on fabricated revenue documents
• Randy Miller was sentenced to 6 years in prison; Chad Miller to 5 years; all four defendants face joint restitution of $228.26M
• The compliance lesson isn’t complicated: document integrity controls and independent revenue verification could have caught this before it became a catastrophe

---

What Happened at Legacy Cares

Randy Miller wasn’t an obscure fraudster. He was a sports business executive who founded Legacy Cares, Inc., a nonprofit with a genuinely ambitious goal: build one of the largest participatory sports venues in the United States — a 320-acre multi-sport park and family entertainment center in Mesa, Arizona.

To finance it, Legacy Cares issued two rounds of municipal bonds through an Arizona state conduit entity:

• August 2020: First bond offering
• June 2021: Second bond offering
• Combined total: Approximately $284 million

Municipal bond investors were told they’d be repaid from the revenue the sports complex generated — ticket sales, league contracts, event fees. The offering memoranda included revenue projections that were, according to the SEC’s complaint, “multiple times the amount needed to cover payments to investors.”

Those projections looked great on paper. The problem: they were built on documents that the defendants fabricated or materially altered.

Letters of intent from sports clubs, leagues, and organizations — the kind of commitments that would form the economic backbone of a revenue-generating sports venue — were allegedly forged or doctored. The contracts and pre-agreements underpinning those bullish revenue forecasts didn’t reflect real commitments from real organizations.

The sports complex opened in January 2022. It opened with far fewer events and dramatically lower attendance than the offering documents projected. It generated tens of millions of dollars less in revenue than investors had been told to expect.

By October 2022, the bonds defaulted.

---

The Legal Reckoning

The SEC charged Randy Miller, Chad Miller, Jeffrey De Laveaga, and Jeffrey Puzzullo with violating Section 17(a) of the Securities Act of 1933 and Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5 — the core antifraud provisions of federal securities law.

Here’s where things landed:

Criminal proceedings (U.S. Attorney’s Office, S.D.N.Y.):

• Randy Miller: Guilty plea → 6 years in prison + 3 years supervised release + $7.29M forfeiture (sentenced September 9, 2025)
• Chad Miller: Guilty plea → 5 years in prison + 3 years supervised release + $4.8M forfeiture (sentenced September 9, 2025)
• Jeffrey Puzzullo: Guilty plea → time served + 1 year supervised release (sentenced January 28, 2026)
• Jeffrey De Laveaga: Guilty plea, awaiting sentencing

Restitution: All four defendants are jointly and severally liable for $228,260,356.19 — ordered February 2, 2026.

SEC civil settlements (partial consent judgments):

• All four permanently enjoined from violating securities laws
• Permanently barred from participating in the issuance, purchase, offer, or sale of any security (except for their own personal accounts)
• Disgorgement, prejudgment interest, and civil penalties: still to be determined by the court on SEC motion

The SEC’s Public Finance Abuse Unit, based out of the San Francisco Regional Office, led the investigation. This unit was created specifically to police the approximately $4 trillion municipal bond market — and cases like this are exactly why it exists.

As then-Acting Deputy Director of Enforcement Antonia Apps put it: “Maintaining the integrity of the approximately $4 trillion municipal bond market is critical for local governments and investors alike.”

---

How Document Fabrication Slips Through

Municipal bond deals are not simple transactions. They involve issuers, underwriters, bond counsel, financial advisors, disclosure counsel, and rating agencies — a full ecosystem of parties who, in theory, are all reviewing the same offering documents.

So how does fabricated documentation survive that gauntlet?

A few reasons this kind of fraud persists:

1. Letters of intent aren’t binding — and that creates wiggle room. LOIs are preliminary documents. They signal interest, not commitment. Sophisticated parties reviewing an offering might see an LOI and not think to independently call the signatory to verify it’s real. The verification burden is diffuse.

2. Revenue projections are inherently forward-looking. Forecasts are assumptions by definition. When the supporting documentation for those assumptions is fabricated, it takes active diligence — not just document review — to catch the fraud. You have to pick up the phone. You have to go find the counterparty. Most due diligence processes don’t go that far.

3. Nonprofit entities get the benefit of the doubt. Legacy Cares was a nonprofit with a feel-good mission: sports for the community, economic development for Mesa. There’s a cognitive bias at play — charitable missions sometimes disarm skepticism.

4. Complex deals have many handoffs. In a multi-party transaction, everyone assumes someone else already verified the underlying facts. Bond counsel assumes the financial advisor did the diligence. The financial advisor assumes underwriting did it. Nobody owns the verification of the foundational assumptions.

---

What This Means for Compliance and Risk Teams

Even if your organization isn’t underwriting municipal bonds, the Legacy Cares case has direct implications for any compliance or risk program that relies on third-party representations and supporting documentation.

Document Integrity Is a Control — Not a Checkbox

“We received the documents” is not the same as “we verified the documents.” Most compliance frameworks treat document collection as the end state. Legacy Cares is a case study in why that’s insufficient.

Practical controls:

• For any high-stakes transaction, assign a specific owner responsible for independently verifying key supporting documents — not just receiving and filing them
• Direct counterparty confirmation: if a revenue projection rests on commitments from 20 sports organizations, a sample of those organizations should be contacted directly
• Track document provenance: who provided it, when, in what form? Alterations are easier to detect when you maintain version history

Revenue Projections Require Stress Testing

Offering memoranda that show revenue projections “multiple times” the break-even threshold should raise a flag, not inspire confidence. That’s not a cushion — it’s a sign the numbers may not have been built bottom-up.

For any deal with revenue-dependent repayment:

• Ask for the underlying assumptions, not just the outputs
• Model what happens if occupancy/utilization is 30% of projected — does the deal still work?
• For new or unproven revenue streams, weight the downside scenarios more heavily than the base case

Third-Party Commitments Are Only as Good as Your Verification Process

The Legacy Cares fraud depended on nobody calling the sports leagues to ask: “Did you sign this?” That single step — independent verification of key counterparty commitments — could have unraveled the entire scheme before a dollar was raised.

Build this into your due diligence checklist:

• Identify the 3-5 most critical revenue assumptions in any deal
• Assign a team member (not the deal team) to confirm those commitments directly with the counterparty
• Document the confirmation: who called, who answered, what was confirmed, when

Issues Management Matters When Red Flags Surface

In complex transactions, red flags often do surface — and then get explained away. An underwriter raises a concern, the issuer provides a clarifying document, the concern is closed. Without a structured process for tracking and escalating unresolved issues, red flags get buried in email threads.

A proper issues management process means:

• Every open question or concern during due diligence is logged
• Resolution requires documented evidence, not just an explanation
• Unresolved issues above a certain materiality threshold escalate to senior review before closing

---

So What? The Practitioner’s Takeaway

The Legacy Cares case won’t be the last municipal bond fraud, and document fabrication isn’t unique to that market. Any deal that depends on revenue projections backed by third-party commitments carries this risk — real estate development, sports venues, infrastructure projects, fintech partnerships.

The controls that prevent this aren’t exotic. They’re:

1. Independent verification of key documents and counterparties — don’t let the deal team self-certify
2. Stress-tested projections — ask what happens when the revenue projections are wrong by 50%
3. Structured issue tracking — so red flags don’t quietly disappear into the deal’s momentum

If your team doesn’t have a consistent process for logging, tracking, and escalating due diligence concerns, you’re relying on individual judgment under deal pressure. That’s not a compliance program — that’s hope.

A structured Issues Management Tracker gives your team a consistent framework for capturing and escalating findings — whether you’re reviewing a vendor relationship, a new product, or a complex transaction. It won’t prevent fraud by a determined bad actor, but it closes the gaps that let fraud survive human review processes.

---

FAQ

What is the Legacy Cares municipal bond fraud case?

Legacy Cares, Inc. was an Arizona nonprofit that raised approximately $284 million in municipal bonds in 2020 and 2021 to finance a sports complex in Mesa, Arizona. The SEC and the U.S. Attorney’s Office alleged that the founders fabricated or altered key supporting documents — including letters of intent from sports clubs and leagues — to inflate revenue projections. The bonds defaulted in October 2022. The four defendants have all pleaded guilty in parallel criminal proceedings, with Randy Miller sentenced to 6 years in prison and Chad Miller to 5 years. All four face joint restitution of over $228 million.

What charges did the SEC bring in the Legacy Cares case?

The SEC charged all four defendants — Randall “Randy” Miller, Chad Miller, Jeffrey De Laveaga, and Jeffrey Puzzullo — with violating Section 17(a) of the Securities Act of 1933 and Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5. In March 2026, partial consent judgments were entered permanently enjoining all defendants from future securities violations and from participating in securities offerings. Civil penalties and disgorgement amounts are still to be determined by the court.

What compliance controls could have prevented the Legacy Cares fraud?

Independent verification of key counterparty commitments is the most direct control — someone outside the deal team should have contacted the sports organizations whose contracts formed the basis of the revenue projections to confirm authenticity. Beyond that: structured due diligence issue tracking (so red flag questions don’t get buried), stress-tested financial projections, and a clear owner for document integrity verification would each have reduced the risk.

---

Sources: SEC Litigation Release No. 26498 (March 9, 2026); SEC Press Release 2025-59 (April 1, 2025); U.S. Attorney’s Office, Southern District of New York.