For the last eight months, we worked intensively on this project. The understanding was that there would be a long testing period, during which we would cover all costs, and once the project went live, we would recoup our investment. We built and deployed the entire solution. The bank conducted QA testing for nearly eight months. I personally got on a call with the bank’s representative, gave them access to the dashboard, and walked them through the entire system.
The consultant then asked us to share the final agreement, write detailed instruction manuals in both English and Spanish, and explain the end-to-end functionality. But here’s what he did next:
He handed over the entire manual we created to another vendor and instructed them to replicate our product exactly, same appearance and functionality, so the bank wouldn’t realize that the solution being deployed was not the one they had tested and approved.
Here’s why this situation is extremely serious:
We have signed an NDA with the bank, and the bank believes they are using our product. In reality, the consultant has replaced it with someone else’s product. If a data breach occurs, the responsibility will fall entirely on us.
To undercut us, the consultant has exposed sensitive bank data to this third-party vendor, who has no NDA with the bank.
The replacement service frequently returns errors such as “Server not working.” The bank will assume it is our system that is malfunctioning.
The consultant collected payment from the bank according to the agreement we prepared, but has not paid us a single penny.
Regarding the potential misuse of public funds, it is concerning that the bank president is a friend of this consultant, which may explain how carelessly this entire project was awarded.
What do you think we should do? Should we take legal action against this consultant?