A deal with a public bank has put us into trouble
We recently began working through a consultant, with a public bank that has a strong presence in both South and North America. This consultant already had a history of not paying us for our work over the past two years, yet we still supported him even during personal difficulties, such as when his mother was ill. When this new deal came along, he assured us that if we were able to convert it, he would compensate us for all the losses we had incurred over those two years. We thought that if deploying our solution could finally make up for our losses, it might be worth trusting him one last time.
For the last eight months, we worked intensively on this project. The understanding was that there would be a long testing period, during which we would cover all costs, and once the project went live, we would recoup our investment. We built and deployed the entire solution. The bank conducted QA testing for nearly eight months. I personally got on a call with the bank’s representative, gave them access to the dashboard, and walked them through the entire system.
The consultant then asked us to share the final agreement, write detailed instruction manuals in both English and Spanish, and explain the end-to-end functionality. But here’s what he did next:
He handed over the entire manual we created to another vendor and instructed them to replicate our product exactly, same appearance and functionality, so the bank wouldn’t realize that the solution being deployed was not the one they had tested and approved.
Here’s why this situation is extremely serious:
We have signed an NDA with the bank, and the bank believes they are using our product. In reality, the consultant has replaced it with someone else’s product. If a data breach occurs, the responsibility will fall entirely on us.
To undercut us, the consultant has exposed sensitive bank data to this third-party vendor, who has no NDA with the bank.
The replacement service frequently returns errors such as “Server not working.” The bank will assume it is our system that is malfunctioning.
The consultant collected payment from the bank according to the agreement we prepared, but has not paid us a single penny.
Regarding the potential misuse of public funds, it is concerning that the bank president is a friend of this consultant, which may explain how carelessly this entire project was awarded.
What do you think we should do? Should we take legal action against this consultant?