BigLaw Insider Trading Case Exposes Broken Information Barriers Across Elite M&A Firms
Federal prosecutors charge 30 people in decade-long scheme where transient lawyer exploited access controls at six top firms, generating tens of millions in illicit profits.
Federal prosecutors charged 30 defendants in a decade-long insider trading conspiracy that exploited weak information barriers at six elite M&A law firms, generating tens of millions of dollars in illicit profits from nearly 30 confidential deals.
The scheme centered on Nicolo Nourafchan, a Yale Law graduate who moved laterally through Sidley Austin, Latham & Watkins, Cleary Gottlieb, and Goodwin Procter between 2013 and 2023, systematically recruiting junior associates as tipsters while accessing deal files he wasn’t staffed on—even while officially on leave. Nineteen defendants were arrested in early May 2026, with two fugitives in Russia and Israel, according to the U.S. Department of Justice. Nine others had already pleaded guilty in cases dating to 2024.
The prosecution reveals that prestige hiring and standard Compliance protocols failed to stop an insider who understood exactly how to exploit law firm architectures. Nourafchan accessed confidential materials on Amazon’s abandoned $1.7 billion iRobot acquisition through Goodwin Procter’s document management system while on leave in 2022, according to U.S. News. That access—to deals he had no reason to view—highlights a fundamental breakdown in information wall enforcement across firms that handle billions in M&A flow annually.
Nourafchan and co-conspirator Stephen Yadgarov recruited lawyers at competing firms to leak deal timelines and confidential terms. Tipsters received kickbacks of up to hundreds of thousands of dollars in cash, routed through intermediaries and shell companies in Panama and Switzerland disguised as loans. Defendants used coded language in text messages, referring to deal tips as ‘flights’ and public announcement dates as ‘rabbi surgery’ dates.
The Recruits: Junior Associates Under Financial Pressure
Gabriel Gershowitz, a college classmate of Nourafchan and Yadgarov, pleaded guilty in February 2025 after being recruited in 2019, according to the ABA Journal. He worked at Weil Gotshal & Manges, DLA Piper, and Willkie Farr & Gallagher while funneling confidential data. His cooperation agreement, filed ahead of a November 2026 sentencing, suggests prosecutors are using junior associates to build cases against higher-level orchestrators.
The recruitment pattern exposed a critical vulnerability: social connections from elite universities created trusted channels that bypassed institutional compliance. Prosecutors allege the conspirators leveraged college networks to identify associates with access but limited financial cushion—lawyers early in their careers who might trade privileged information for six-figure kickbacks. According to Yahoo Finance, federal prosecutors stated in charging documents that ‘Nourafchan and Yadgarov recruited other attorneys and insiders to serve as sources of inside information and paid their sources kickbacks consisting of up to hundreds of thousands of dollars in cash.’
Institutional Liability Questions Mount
Firms named as victims—including Wachtell Lipton Rosen & Katz alongside Sidley, Latham, Goodwin, Weil, DLA Piper, Willkie, and Cleary—face scrutiny over how associates accessed materials outside their deal teams. According to Law.com, defendants accessed confidential materials on deals in which they were not staffed, suggesting document management systems lacked role-based restrictions or audit trails that would flag unusual access patterns.
Willkie Farr & Gallagher stated it was ‘aware that a former employee is alleged to have engaged in conduct that would constitute a severe violation of our clear and well-defined compliance policies,’ according to Above the Law. Latham & Watkins called the alleged conduct ‘a serious violation of our robust policies and procedures.’ Neither statement addressed how those policies failed to detect a decade of systematic leakage or whether lateral hires underwent enhanced vetting for conflicts and access risks.
‘Regulators are increasingly focusing not only on individual traders, but on the wider professional ecosystems surrounding confidential corporate information, including lawyers, consultants, advisers and intermediaries.’
— Lawyer Monthly
The case arrives as the Securities and Exchange Commission pursues parallel civil enforcement against 21 individuals, signaling coordinated pressure on professional intermediaries who enable market manipulation. According to Lawyer Monthly, U.S. Attorney Leah Foley framed the charges as targeting ‘the special access and ethical duties that come with a law license’—a prosecutorial framing that shifts liability from rogue actors to the institutions that failed to constrain them.
The Compliance Gap: Technical Controls vs. Human Factors
Standard information barriers rely on self-reporting by lawyers who identify conflicts, plus technical walls that restrict deal team access. But Nourafchan’s ability to access files while on leave suggests firms granted system permissions based on employment status rather than active deal roles. That architectural flaw—common in legacy document management platforms—means a lawyer with valid credentials can browse any file unless explicitly restricted.
The money laundering infrastructure—shell companies in Panama and Switzerland, intermediaries routing payments as ‘loans’—indicates sophistication that should have triggered compliance alerts at multiple stages. Yet the scheme ran from 2013 to 2023 before unraveling, suggesting firms lacked transaction monitoring for associates receiving unusual payments or behavioral analytics that might flag associates repeatedly accessing deals outside their practice groups.
Lateral hiring vetting emerged as another critical gap. Nourafchan moved across four elite firms over a decade, each time gaining access to fresh deal flow without apparent scrutiny of his access patterns at prior employers. Firms treat lateral M&A hires as low-risk because they come from peer institutions with similar compliance standards—an assumption this case demolishes. The lack of cross-firm information sharing on access violations or suspicious behavior means a lawyer ejected from one firm for ethical breaches can land at another without baggage.
What to Watch
Gershowitz’s sentencing in November 2026 will reveal how much leniency cooperating defendants receive, setting the tone for other junior associates weighing guilty pleas. Prosecutors have indicated ‘unnamed co-conspirators who worked at BigLaw firms as recently as this year,’ suggesting additional arrests as cooperators identify accomplices still in active practice.
Law firms face pressure to audit document access logs retroactively, implement role-based permissions that auto-expire when lawyers roll off deals, and enhance lateral hire vetting to include access pattern reviews from prior employers. The SEC’s parallel civil action may result in consent decrees requiring firms to overhaul compliance architectures—a costly intervention that could reshape how BigLaw manages confidential information at scale. Whether institutional liability extends beyond victim status to negligent enablement will determine if this case triggers a compliance reckoning or remains framed as a betrayal by trusted insiders.