Insider trading rarely begins with a trade. It begins with access — and a decision about what to do with it. That’s the uncomfortable lesson at the center of one of the largest insider trading prosecutions in recent memory, and one that has put elite law-firm controls under renewed scrutiny.
In early May, federal prosecutors and the SEC brought parallel cases alleging a decade-long insider-trading scheme involving confidential M&A information taken from some of the world’s largest corporate law firms. Nicolo Nourafchan, a mergers-and-acquisitions lawyer licensed in New York, was charged in U.S. District Court in Massachusetts with securities fraud in a broader criminal case involving 29 other defendants, according to the Wall Street Journal. Prosecutors allege the scheme involved confidential information about more than a dozen merger-and-acquisition deals before they were public. The SEC separately filed a civil enforcement action against 21 individuals.
The detail that has drawn the most attention: The alleged mastermind is a corporate lawyer.
According to prosecutors, Nourafchan misappropriated confidential client information across a string of elite law firms over roughly a decade, then fed it to a college friend who built out a widening network of traders. Those traders allegedly used the tips to buy shares before the deals became public, and kicked back a share of the profits. Transactions named in the indictment include Amazon’s bid for Roomba-maker iRobot, Johnson & Johnson’s acquisition of Momenta Pharmaceuticals, and IAC’s purchase of Care.com.
The law firms themselves were named as victims, not defendants. Nourafchan has not entered a plea, and his lawyer declined to comment to The Wall Street Journal. Robert Yadgarov, the college friend described in the article, also has not entered a plea; his lawyer said Yadgarov would plead not guilty.
Nothing here is proven, and insider trading cases — as defense lawyers are quick to note — can come apart at the edges, because the government must prove knowing misuse of material nonpublic information, not just well-timed trades.
But set the verdict aside for a moment. The mechanics of the alleged scheme are what every compliance officer, control room manager, and general counsel should be reading closely.
The scheme didn’t hide. It used code.
According to prosecutors, the ring didn’t avoid leaving a communication trail — it tried to disguise one. Participants allegedly used burner phones and encrypted apps. They used code words. Tips were reportedly called “flights,” and religious “learning” allegedly meant passing information. They moved money through shell companies and foreign brokerage accounts, and dressed up kickbacks as loans.
This is the part that matters. A keyword filter watching for “MNPI” or “don’t trade on this” would have caught none of it. The language was deliberately ordinary. “Flights.” “Learning.” A loan. Nothing on that list trips an alarm built on banned words — which is precisely why the scheme allegedly ran for years.
Covert communication is not an exotic risk. It is the predictable behavior of people who know they are doing something wrong and are choosing channels and vocabulary to stay invisible. The move off-channel? The sudden shift to a personal device? The instruction not to use email? Those are signals. They are just not signals a word list can see.
What the law license adds
Federal prosecutors made a pointed observation when the charges were announced: The alleged conduct didn’t only violate securities law — it exploited the special access and ethical duties that come with a law license.
That is the warning specifically for legal teams. M&A lawyers sit on top of the most valuable non-public information in the market, often before anyone else. Firms named in this case have faced uncomfortable questions:
- How was a lawyer able to access confidential deal files, including transactions he allegedly didn’t work on?
- Were access controls tight enough to detect misuse sooner?
- Can a firm see what its own people are doing with the information barriers it has drawn on paper?
Information barriers, restricted lists, and supervision policies are only as strong as a firm’s ability to detect when they’re being crossed. A policy that lives in a compliance manual but cannot observe communication in real time is a policy that only finds out what happened years later, in an indictment.
Where HarmCheck fits
This is the gap HarmCheck was built to close.
HarmCheck’s Restricted List monitoring checks internal communications against a firm’s restricted securities list in real time, flagging references to restricted tickers, issuers, and related entities the moment they appear — including common-word tickers that keyword tools can miss. Active Listening detects covert communication patterns as they emerge: attempts to move conversations to unmonitored or less-supervised channels, such as “DM me,” “take this to Signal,” or “no email.” And when a matter does surface, Rapid Deploy can run massive historical communication sets at 20,000-plus pages per hour to help identify escalation points, communication patterns, and defensible findings.
We don’t determine guilt, and we don’t replace investigators, compliance officers, or counsel. But the pattern in this case is the pattern in nearly every case like it: The misconduct left a trail, and the trail was visible long before the indictment.
The firms that come through the AI era well won’t be the ones that react fastest to a subpoena. They’ll be the ones that could see the signal while it was still in draft form.
Book a free demo of HarmCheck today.