Parmar's $212M Constellation Healthcare Sentencing: Take-Private Fraud Lessons for Risk and Compliance

TL;DR

• On May 8, 2026, the U.S. District Court for the District of New Jersey sentenced former Constellation Healthcare Technologies CEO Parmjit “Paul” Parmar to 5 years in federal prison — the statutory maximum — for a $212.5 million securities fraud built on fake subsidiaries, falsified bank statements, and phantom customers.
• Parmar was ordered to pay $125 million in restitution to investors and lenders, including a high-net-worth family office and a consortium of financial institutions that funded the 2017 take-private deal.
• The scheme worked by inflating three fictitious subsidiaries “acquired” for more than $62 million and routing proceeds from London Stock Exchange AIM share sales through private accounts. Constellation filed for bankruptcy within 14 months of going private.
• For risk and compliance teams: independent bank confirmations, audit-committee-led subsidiary verification, and customer existence testing are the controls that would have caught this. Rebuild your post-close diligence and consolidation controls before your next deal.

Five years isn’t a long sentence by federal-fraud standards — but it’s the statutory maximum for the charges Parmar pleaded to, and it landed on the same day a New Jersey federal judge ordered him to pay $125 million back to the people his fictitious subsidiaries cost.

The numbers aren’t what make the Constellation Healthcare case worth your time this week. It’s the mechanics. Parmar didn’t run a Ponzi scheme. He didn’t sell unregistered securities to retail investors. He convinced a family office and a syndicate of lenders to write checks totaling $212.5 million for a publicly traded company — based on financial statements that included three subsidiaries that didn’t exist.

If you do M&A diligence, audit a public-company consolidation, sit on an audit committee, or design controls for revenue recognition, this sentencing is your case study for the rest of 2026.

What Happened: The Constellation Take-Private Fraud

Constellation Healthcare Technologies, Inc. was a real medical-billing company headquartered in Houston and listed on the London Stock Exchange’s Alternative Investment Market (AIM). Between 2015 and 2017, Parmar — its CEO — and two co-conspirators built a parallel set of books to make the company look bigger than it was.

According to the SEC complaint filed in 2018 and the criminal case in the District of New Jersey, the scheme had three core moving parts:

1. Fabricated subsidiary acquisitions. Parmar’s group reported that Constellation had acquired three subsidiaries for more than $62 million. The SEC alleges those subsidiaries either did not exist or generated dramatically less revenue than reported. They were rolled into Constellation’s consolidated financials anyway.
2. Falsified bank statements and phantom customers. The conspirators created fake customer records and altered bank statements to support the inflated revenue. Investors and lenders performing diligence saw what looked like a healthy, growing medical-billing platform.
3. Diverted proceeds from London share sales. Parmar’s team funded the sham acquisitions in part by selling Constellation shares on AIM and routing proceeds through private bank accounts they controlled.

The payoff: in January 2017, a private-investment family office paid $82.5 million and a consortium of financial institutions lent $130 million to finance a transaction taking Constellation private — based on the fraudulent financials. Total fraud loss: $212.5 million.

Roughly 14 months later, in March 2018, Constellation filed for bankruptcy. By that point the SEC had filed civil charges (the SEC’s Press Release 2018-90 names Parmar, CFO Sotirios “Sam” Zaharis, and director Ravi Chivukula), and DOJ followed with criminal charges.

CFO Zaharis and director Chivukula are still considered fugitives. Parmar is the only one of the three named principals to face sentencing.

The Legal Outcome: Penalties at a Glance

Five years feels light against $212M in losses — but federal sentencing for securities fraud is driven by guideline calculations, acceptance-of-responsibility credit, and the statutory cap on the specific counts the defendant pleads to. The restitution number is where the practical hit lands.

Control Failure Analysis: Where the Deal Diligence Broke

Parmar’s scheme didn’t survive because Constellation’s financials were unreviewable. It survived because the people reviewing them relied on what management gave them. Below is a control-by-control map of where this went wrong, and what would have stopped it.

None of these controls are exotic. They are the procedures most public-company auditors and most quality-of-earnings consultants run on every engagement — when they’re allowed to run them properly.

The “Trust the CEO” Failure Mode

The pattern in Constellation matches a long list of cases the SEC has brought over the past decade: a charismatic CEO, an under-resourced audit committee, and a financial reporting process that runs through management rather than around it.

We’ve seen it before in cases like Theranos and more recently in the SEC’s Ozy Media investor fraud action, where executive deception drove the loss. The Constellation twist is that the fraud was specifically engineered for a take-private transaction — a deal type where buy-side due diligence is supposed to be the final filter and where lenders are explicitly underwriting financials.

When the CEO controls what gets shown to whom, and your “verification” is reading PDFs management generates, you are not running diligence. You are reading the CEO’s pitch deck.

What This Means for Practitioners: Specific Controls to Rebuild

Three audiences need to do specific work as a result of this sentencing.

1. M&A Due Diligence Teams (Buy-Side)

Reset your bank confirmation procedure. Stop accepting PDFs from the seller. Direct bank confirmations go through your firm or your accounting advisor to the bank’s confirmation desk — never via the seller’s CFO. This is basic AICPA AU-C 505 territory, but it’s routinely skipped under time pressure.

Add customer existence sampling above $X materiality threshold. For every revenue stream that materially drives valuation, independently contact a statistical sample of customers (or run a third-party customer-list verification service). Confirm not just existence but the revenue tied to that customer for the period under review.

Treat subsidiary acquisitions in the trailing 24 months as separate diligence streams. Don’t accept consolidated financials at face value. Pull entity-level financials, registry records, and tax filings for each acquired entity. If the target can’t produce them, that’s a finding.

Fraud carve-outs in reps and warranties. Make sure your purchase agreement carves out fraud from caps, baskets, and survival periods. Insurance does not substitute for an enforceable fraud claim.

2. SOX and ICFR Teams at Public Companies

Subsidiary onboarding controls. Within one quarter of any acquisition, your ICFR team should perform a standalone walkthrough of the acquired entity’s revenue recognition, cash, and consolidation controls — independent of legacy management. Don’t rely on the carve-out audit work product alone.

Bank reconciliation independence. The person reconciling bank statements must not be the person with custody of bank login credentials or wire approval authority. At smaller issuers, this is the #1 segregation gap.

Audit committee meets the auditor without management. Quarterly. In writing in the audit committee charter. This is the single control that protects against CEO-driven financial statement manipulation, and it costs nothing.

Customer master file integrity testing. Sample new customers added during the period. Confirm they are real entities with real contracts. The Constellation phantom-customer pattern relies on a customer master file no one verifies.

3. Audit Committees and Boards

Demand standalone subsidiary financials for any acquisition above 10% of revenue. Refuse to accept “it’s in the consolidation” as an answer.

Require independent forensic accounting for any take-private or major recapitalization where management has signed reps. Yes, it costs more. It costs less than $125 million in restitution to people who can sue you.

Track issues to closure. If your auditor flags any concern related to acquired-entity financials, bank reconciliations, or customer revenue, that issue needs an owner, a due date, and a verified closure step. Open issues that drift are the fastest path to materially misstated financials. A real issues management tracker — not a shared spreadsheet with stale dates — is the baseline.

5 Things to Check This Week

1. Pull your bank confirmation policy. Is the confirmation routed through the bank directly, or through management? If the answer involves a PDF, fix it before close.
2. Open your customer master file and sample 25 new customers added in Q1. Verify existence and revenue for each. If you can’t verify, escalate.
3. List every subsidiary acquired in the last 24 months. Confirm each has had a standalone ICFR walkthrough. If not, schedule one.
4. Schedule an audit-committee-only session with the external auditor for the next quarter. Put it in the charter if it isn’t there.
5. Review your issues management process. Are findings related to financial reporting tracked to verified closure, with owner, evidence, and a date? If they live in someone’s inbox, they don’t exist.

If you don’t have a structured way to track findings, controls remediation, and overdue items, our Issues Management Tracker & Template is built exactly for this — owner, due date, evidence, escalation, audit trail. It’s the same structure regulators expect when they ask, “What did you do about it?”

The Bottom Line

The Constellation Healthcare sentencing isn’t a story about an exotic new fraud. It’s a story about a fraud that worked because the controls everyone assumed were running — bank confirmations, customer verification, subsidiary diligence — weren’t running. Or weren’t running independently of the CEO.

If your firm is buying, lending, or auditing a private company in 2026, the lessons aren’t novel. They’re foundational. The reason they keep producing $200-million losses is that “foundational” is the easiest thing to skip when the deal pressure is on.

Five years in federal prison, $125 million in restitution, two co-defendants on the run, and a bankrupt company are this week’s reminder that the foundation is what stops the loss.

Sources:

• U.S. Attorney’s Office, D.N.J. — Former CEO of Healthcare Company Sentenced to Five Years
• SEC Press Release 2018-90 — SEC Charges Three Former Healthcare Executives With Fraud
• SEC Complaint (2018-90)
• Law360 — Ex-CEO Gets 5 Years In Prison For $212.5M Fraud Case
• Accounting Today — SEC charges three former execs at Constellation Healthcare Technologies with accounting fraud

Related reading:

• SEC Ozy Media Investor Fraud Enforcement
• SEC Cybersecurity Disclosure Rule: 8-K Materiality Enforcement
• Vendor Due Diligence Techniques and Verification