$284 Million in Forged Documents: The Legacy Cares Municipal Bond Fraud and What It Means for Compliance Teams

Bondholders put in $284 million. They got back $2.4 million. That’s not a bad investment — that’s a near-total wipeout, engineered through fabricated contracts, forged signatures, and revenue projections built entirely on fiction.

On March 9, 2026, the SEC issued Litigation Release No. 26498, announcing partial consent judgments against all four defendants in the Legacy Cares municipal bond fraud case. Criminal sentences have already been handed down. Restitution of $228 million has been ordered. And yet, the structural conditions that allowed this fraud to reach investors largely untouched — fabricated due diligence materials that an underwriter accepted without adequate verification — remain a live compliance risk across the industry.

Here’s what happened, what was missed, and what your team should do about it.

---

TL;DR

• Legacy Cares raised $284M in municipal bonds (2020–2021) to build a sports complex in Mesa, Arizona — using fabricated letters of intent and forged contracts as the basis for investor revenue projections.
• All four defendants have now settled or been convicted. Randy Miller (6 years prison), Chad Miller (5 years), Jeffrey Puzzullo (time served), Jeffrey De Laveaga (sentencing pending). Restitution of $228M ordered.
• For compliance teams: This is a due diligence documentation failure — and it implicates not just issuers but underwriters, financial consultants, and anyone who accepted third-party documents at face value.

---

What Happened at Legacy Cares

Randy Miller was the chairman and president of Legacy Sports, a nonprofit he controlled. His son Chad was the CEO. In 2020 and 2021, Legacy Cares — their affiliated nonprofit entity — issued municipal bonds through the Arizona Industrial Development Authority to finance what they billed as a 320-acre multi-sports park and family entertainment center in Mesa, Arizona.

The two offerings raised approximately $284 million total: $250.8 million in August 2020 (unrated revenue bonds priced at yields from 6.25% to 7.836%) and another $33 million in June 2021.

To attract investors, the offering memoranda projected substantial revenue — figures high enough to comfortably cover bond payments. Those projections were based on letters of intent and pre-contracts from sports clubs, leagues, and entities claiming they would use the facility.

Those documents were fabricated.

According to SEC complaints, the defendants:

• Created letters of intent with incorrect letterhead from outdated sources
• Included forged signatures from purported signatories
• Listed misspelled names of signatories who hadn’t actually signed anything
• Fabricated pre-contracts when the underwriter (Ziegler) asked for more current commitments

Jeffrey Puzzullo, a construction consultant paid from bond proceeds, prepared the financial projections and economic impact reports that were built on these false documents. When Ziegler requested fresher documentation, Chad Miller — with Puzzullo and others — didn’t go back to real sports organizations. They just made new fake contracts with forged signatures.

The SEC called it clearly: “The creation and gathering of the fraudulent letters of intent was a collaborative effort amongst Puzzullo and the prior defendants, who communicated with each other instructions from Randy Miller and Chad Miller and shared drafts of fake documents.”

The Collapse Was Fast

The sports complex opened in January 2022. Within its first year, it was already in trouble — far fewer events, far lower attendance than the offering memoranda projected. By October 2022, the bonds defaulted. By May 2023, Legacy Cares filed for Chapter 11 bankruptcy.

The bankruptcy sale of the entire complex returned approximately $2.4 million to bondholders. On a $284 million investment, that’s a 99.2% loss.

Bondholders filed lawsuits against underwriter Ziegler and bond counsel Gust Rosenfeld, alleging that it was their responsibility to conduct adequate due diligence on the projections they were facilitating.

How the Criminal and Civil Cases Landed

The parallel DOJ and SEC proceedings resulted in:

Defendant	Role	Criminal Outcome	SEC Status
Randall “Randy” Miller	Chairman/President, Legacy Sports	6 years prison, $7.3M forfeiture	Partial consent judgment (July 2025)
Chad Miller	CEO, Legacy Sports (Randy’s son)	5 years prison, $4.8M forfeiture	Partial consent judgment (July 2025)
Jeffrey De Laveaga	COO, Legacy Sports	Pleaded guilty; awaiting sentencing	Partial consent judgment (July 2025)
Jeffrey Puzzullo	Construction consultant	Time served + 1 year supervised release	Partial consent judgment (March 2026)

On February 2, 2026, a federal court ordered Randy Miller, Chad Miller, Puzzullo, and De Laveaga to pay restitution jointly and severally of $228,260,356.19. All four have been permanently enjoined from participating in any securities offering — other than for their personal accounts.

Disgorgement, prejudgment interest, and civil penalties are still to be determined by the court.

The Due Diligence Failure at the Center of This

Here’s what’s uncomfortable for the industry: the fraudulent documents were passed to the underwriter. Ziegler was provided fabricated letters of intent. When Ziegler asked for more current documentation, the defendants provided more fabricated documentation — and it was accepted.

The SEC’s complaint notes: “Because the dates on some of the letters of intent were stale, the underwriter for the bonds had requested that Sports USA obtain additional communications… In response to this request, Chad Miller, with Puzzullo and others at Sports USA working at Chad Miller’s direction, fabricated pre-contracts with false signatures.”

High-yield investors who declined the deal later described it as “an ugly deal” with “a lot of red flags.” Speculative-grade, unrated, projecting enormous revenue from contracts that couldn’t be independently verified — the warning signs were there for investors willing to look.

But many didn’t look hard enough. And the underwriter’s due diligence process apparently didn’t catch forged letterhead or signatures that didn’t match.

What This Means for Compliance Teams

This case isn’t just a story about bad actors. It’s about what happens when the document verification process in a high-stakes transaction is treated as a box-checking exercise rather than a control.

1. Document Authenticity Is a Control — Treat It That Way

In any transaction where third-party commitments form the basis of financial projections, verification cannot end at “we received a signed letter.” Specific controls to implement:

• Source verification: Independently contact the signatory organization to confirm the letter or contract. Don’t rely on the counterparty to facilitate that contact.
• Signature authentication: For high-value commitments, consider notarization requirements or DocuSign audit trails that independently timestamp execution.
• Letterhead cross-check: Verify that contact information on documents matches the organization’s current public records, not outdated versions.
• Stale document flag: Set a clear policy — if a document is more than 90 days old and the counterparty refreshes it rather than you re-confirming independently, that’s an escalation trigger.

2. Revenue Projections Based on Third-Party Commitments Require Independent Validation

The Legacy Cares projections were many times higher than what would be needed to cover debt service — a fact buried in offering memoranda that investors often skim. When projected revenues are contingent on third-party contracts:

• Commission an independent feasibility study from a firm with no relationship to the issuer.
• Require that the feasibility analyst contact referenced organizations directly, not through the issuer.
• Build a stress scenario into projections — what happens if 50% of projected commitments don’t materialize? Is the debt still serviceable?

3. Underwriter Due Diligence Is a Compliance Function, Not Just a Legal One

The lawsuits against Ziegler reflect an expectation that underwriters bear meaningful responsibility for document integrity in offerings they facilitate. Whether or not those suits succeed, the reputational and regulatory exposure is real.

For institutions that underwrite or distribute securities — including municipal bonds, structured products, or private placements — the due diligence process should:

• Assign a named owner for each document verification task (not “legal” as a general category — a specific person accountable for confirming authenticity).
• Maintain a document review log that records how each material document was verified, by whom, and when.
• Escalate when verification is blocked or dependent on the issuer to facilitate.

4. Issues That Surface During Due Diligence Must Be Tracked

Red flags in due diligence are only useful if they’re captured, escalated, and resolved before a transaction closes. “An ugly deal with a lot of red flags” that closes anyway is a tracking failure — someone identified the issues but there was no structured path to act on them.

An issues management system that captures findings from due diligence — and requires documented resolution or escalation before deal approval — turns anecdotal concern into a compliance record. It also creates the audit trail that demonstrates your team did its job if a transaction goes wrong.

5. Parallel Criminal and Civil Exposure Is Now the Norm for Fraud Cases

The Legacy Cares case involved simultaneous DOJ prosecution and SEC civil action. Randy and Chad Miller faced securities fraud charges (maximum 5 years each) plus aggravated identity theft (mandatory consecutive 2 years). The coordination between federal prosecutors and the SEC’s Public Finance Abuse Unit is increasingly routine in large fraud cases.

For compliance officers at broker-dealers, financial advisors, and issuers: the question to ask isn’t just “could this result in an SEC fine?” but “could this result in a referral to DOJ?” The threshold for that referral is lower than many assume, and the consequences — personal criminal liability for executives — are categorically different from civil penalties.

The Broader Municipal Market Implications

Legacy Cares wasn’t just a bad deal — it’s prompting a broader conversation about disclosure requirements and independent verification in the municipal bond market. The SEC’s Public Finance Abuse Unit, which led this investigation, has signaled through this case that fraud in public financing will be aggressively pursued.

Watch for:

• Increased SEC scrutiny of revenue bond offerings where projections depend heavily on pre-execution third-party commitments.
• Stricter underwriter standards for document authentication, potentially including requirements for independent confirmation of material contracts.
• Bondholder litigation against advisors — the lawsuits against Ziegler and Gust Rosenfeld signal that the market will look to recover losses from transaction participants when fraud is discovered.

So What Should You Do Now?

If your institution participates in municipal bond underwriting, issuance, or investment:

1. Audit your document verification process. Map every step from “we received a document” to “we confirmed it’s authentic.” Find the gaps.
2. Add independent source verification for any material commitment that drives financial projections.
3. Implement a due diligence issues log — a formal record of every concern raised during deal review, with resolution documentation before closing.
4. Train deal teams on the signs of document fabrication: stale dates, mismatched letterhead, signatures that look inconsistent with the named signatories.
5. Escalation path for stale refreshes: When an issuer provides “updated” documents in response to a due diligence request rather than you re-confirming independently, that should require senior sign-off.

FAQ

What was the Legacy Cares municipal bond fraud? Legacy Cares raised approximately $284 million in municipal bonds in 2020 and 2021 through the Arizona Industrial Development Authority to build a sports complex in Mesa, Arizona. The four defendants — including the nonprofit’s chairman, CEO, COO, and a financial consultant — fabricated letters of intent and pre-contracts from sports organizations to support fraudulent revenue projections. The bonds defaulted in 2022 and bondholders recovered approximately $2.4 million from the bankruptcy sale.

What charges did the SEC and DOJ bring? The SEC charged all four defendants with violating Section 17(a) of the Securities Act of 1933 and Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5. In parallel criminal proceedings, Randy Miller received 6 years in prison, Chad Miller 5 years — both for securities fraud and aggravated identity theft. All four defendants have settled the SEC civil case (with monetary relief still to be determined) and are permanently enjoined from participating in securities offerings.

What should compliance teams take from this case? The central failure here was a document verification process that accepted fabricated materials at face value. Compliance teams should implement independent source verification for any third-party commitments that form the basis of financial projections, maintain a formal issues log that captures and requires resolution of due diligence red flags, and understand that underwriters and advisors now face both SEC civil exposure and potential DOJ criminal referrals when they facilitate offerings built on fraudulent documents.

---

If your team is managing findings from due diligence, regulatory exams, or internal audits, the Issues Management Tracker gives you a structured system for capturing, escalating, and resolving issues before they become enforcement actions.