As Wells Fargo fires employees for mouse movers, let’s talk about surveillance

A recent FINRA filing indicates that the bank recently terminated some employees for simulating mouse movements at their PCs.

In May, San Francisco-based bank Wells Fargo fired over a dozen employees, alleging that they were simulating keyboard activity to give the false impression they were at their desks. 

The firings came to light via disclosures the bank shared with the Financial Industry Regulatory Authority this month, with such disclosures claiming the fired employees were simulating keyboard activity and using “mouse jiggler” tools.

The FINRA disclosures did not reveal whether the terminated employees were caught using the tools while working remotely, but they were all part of Wells Fargo’s “wealth- and investment-management unit,” as Bloomberg noted in first reporting the story.

Movin’ the mouse

These mouse jigglers (or movers) are designed to let workers feign actual work, and they surged in popularity during the remote work heyday of the COVID pandemic. The mouse jiggler prevents your computer from going into sleep mode, and you can buy one online for about $20.

Why the need for a mouse mover or the need to track such a device?

With more people working from home during the pandemic, and some still doing so at least part-time now, many executives adopted “spyware” or “bossware” to monitor their staff’s laptops and ensure people are present at their laptops.

From what has been disclosed in the filing and reported by news outlets, it is not clear what they were doing instead of working. Indeed, none of the reports I’ve read have clarified if the people let go were working from home at those time or were in the office, or some combination thereof.

A bank spokesperson declined to offer more details about the firings to the news outlets, saying only: “Wells Fargo holds employees to the highest standards and does not tolerate unethical behavior.”

Monitoring employees for possible misconduct is expected by the regulators – to such an extent that much of its guidance, speeches and enforcement actions are dedicated to the surveillance topic.

Wells Fargo has been operating under a hybrid, flexible model since 2022 when the firm started requiring workers to return to the office, and of the big US banks it is known for being a bit more generous about hybrid work. Most of its employees have to be in the office three days a week and not four or five.

Bossware

It’s certainly not just Wells Fargo that uses monitoring software to track productivity, computer usage and monitor employee access and controls for security purposes.

When it comes to mouse jiggler apps, some companies have restrictions on downloading external software or using USB devices on company-issued laptops, so that means just installing the jiggler device gets detected and runs afoul of company rules.

And if your company’s monitoring software offers functionality that identifies external peripherals or even unusual device activity, the mouse mover will be detected.

Some companies go further and have random pop-up alerts that must be answered, regardless of whether your mouse is moving or not, plus track keystrokes and eye movements, take screenshots and log which websites are visited.

Surveillance is needed and regulators expect it

The reality is that a distressed commercial real estate market, with many businesses streamlining their building capacities, is making chief financial officers rethink budgets and allow for some hybrid work options, including to retain and recruit talented employees who moved further from cities during and just after the pandemic.

And it’s quite reasonable that employers want their employees to be productive, wherever they work, especially a bank that has roughly 200,000 employees.

While they’re tracking productivity, it is wise for employers to remind their employees they have no reasonable expectation of privacy when using their work-issued devices.

Indeed, the work-from-home model has introduced novel cybersecurity concerns and has invited some fraud, such as reimbursement fraud, a type of fraud over which Wells Fargo fired or suspended more than a dozen employees in 2018 for after-hours meal expenses. Remember, this was pre-pandemic and before greater work-from-home arrangements.

Monitoring employees for possible misconduct is expected by the regulators. It’s expected to such an extent that the regulators regularly talk about their expectations of the use of surveillance, supervisory and recordkeeping tools with such regularity that much of regulatory guidance and public remarks – and some industry conferences – are dedicated to these topics.

In fact, the reasoning behind the two-and-a-half-year round of of electronic communications cases by the SEC (and CFTC) has been premised on the idea that if a business is not capturing certain business communications (namely, the off-channel ones), then it has an incomplete record and can’t properly surveil for potential investor harm or market abuse.

GRIP Comment

There is a side to this story that must be pointed out. It’s pretty sad that some employees feel the need to purchase and use a mouse jiggler. Maybe some of them are slackers. But maybe some of them are just taking an afternoon break to tend to some home and kid stuff, and will get their work done later in the evening.

In writing this article, I noticed some comments to articles and on LinkedIn from people who said they got out of traditional office work because they felt over-monitored in a paternalistic and stifling way. They resented everyone being treated with mistrust as a default standpoint – and not the other way around, with the stricter monitoring only kicking in after an employee triggered its need.

Some behavioral scientists have pointed out that overzealous surveillance can lead to the very behaviors it’s designed to prevent, because angry employees just don’t care any longer. Or because these employees sense the strict monitoring is not being applied to the top leadership at the organization – just everyone below that level.

Also, surveillance tools and policies need to be analyzed under state and federal privacy rules (and non-US requirements, if applicable), especially if and when monitoring tools are used outside of the confines of work-issued devices and work spaces.

Finally: Wells Fargo might not be the best employer to be preaching to its staff about proper behavioral standards.

Since 2016, the bank has spent billions of dollars settling civil and criminal charges related to a multi-year scheme that led to more than two million fake accounts being opened without customers’ consent or knowledge, a practice that began when top managers began setting unrealistic sales goals for employees. Last year, the former head of the bank’s retail operation was sentenced to three years of probation, and the bank’s former CEO was banned from the industry.

While that might compel the bank to monitor its employees more as one part of its business strategy, at least some of the bank’s energy should also be spent on ensuring the impulses that gave birth to that reputationally damaging sales scandal are never going to arise again and the business has a culture that rewards a client-focused business model.