The ERM program is headed up by the Chief Compliance Officer (CCO), Rodney Spullini, a graduate of Yale Law School and member of the New York State Bar Association. The ERM program resides in the bank’s Legal Department, and Rodney reports directly to the Chief Legal Officer (CLO) and General Counsel.

Bank of Bayside ERM Program

The ERM program is headed up by the Chief Compliance Officer (CCO), Rodney Spullini, a graduate of Yale Law School and member of the New York State Bar Association. The ERM program resides in the bank’s Legal Department, and Rodney reports directly to the Chief Legal Officer (CLO) and General Counsel.  Although the bank is a mid-size niche player on Wall Street specializing in making markets in agricultural commodities and weather derivatives, the customized contracts, complex product structure, and heavy dependence on relationships keeps Spullini’s small but agile team of 35 employees working around the clock on Bank of Bayside’s ERM program, with about 25 of them embedded in the business units to keep deal structurers and relationship specialists on the straight and narrow in contract formation.

The company is largely driven by the fortunes of the Midwest and Southeast regions, where clients are either hedging existing exposures to natural catastrophes and weather related events, or seeking to take a position on them for speculative purposes.  These regions combined comprise 65% of Bank of Bayside’s revenues and 75% of after-tax earnings.  Given the high volume and margins generated in these regions, Rodney’s team focuses on frequently obtaining detailed risk information from these regions.  Risk information requirements from the Northeast, Southwest, and West Coast business regions are materially less both in terms of amount and frequency.

Bank of Bayside’s initial attempts at ERM consisted of reports on regulatory exposures from transactions deemed non-compliant with regulations in some material way provided by the business regions.  These reports were developed in response to an internal Board of Directors initiative mandated in the aftermath of sanctions levied by the Commodities and Futures Trading Commission for multiple violations by the firm.  Going beyond existing contracts, the bank’s Legal team began to identify other legal, compliance, and regulatory risks.  The first Enterprise Risk Management Committee (ERMC) used this information to implement thresholds of deal size and type for secondary review by the committee, and placed a hard limit prohibiting any deal beyond a given size.  It also strictly prohibited business personnel from engaging in certain forms of transactions (e.g. collateralized debt obligations) and from contracting in specific markets (e.g. non-U.S.).

Over time, additional risks beyond contractual compliance with regulations were incorporated into risk reporting, with the information supplied by other risk related departments.  The Chief Information Security Officer (CISO) submits reports on cyber security exposures and events, including the number of attempts to breach data systems by system, the number of breaches that occurred, and remediation efforts to resolve breaches and prevent future ones.  Internal Audit provides reports on audit testing of financial reporting controls, including any significant deficiencies and material weaknesses identified.  Human Resources submits reports summarizing company violations of key employment laws and regulations such as employee discrimination, sexual harassment, wage and overtime pay, workplace safety, and workers compensation cases, both as to number and dollar amounts.  Each business region shows the bank’s net exposure to commodity price movements and its credit exposure to contract non-performance by counterparty.  Finance, Planning, and Analysis submits reports tracking actual versus plan financials on both a quarterly and year to date basis, including commentary on deviations between actual and plan.  The Chief Economist provides a rolling 12 month forecast of key economic indicators such as Gross Domestic Product growth, changes in the Consumer Price Index, interest rates, corporate bond spreads, equity market indices, and exchange rates of major currencies to the U.S. dollar.

The resulting information is compiled, summarized, and distributed quarterly to the ERMC, which consists of the CEO, CFO, Treasurer, CISO, Chief Economist, and CLO.  Representatives from each of the five business regions, the Head of Internal Audit, and Rodney are permitted to join ERMC meetings on a non-voting invitee basis.  The information is used to deliberate key operational decisions such as changes to employment practice policies, whether to buy or build an enterprise resource planning (ERP) system, responses to regulatory inquiries, and whether to enter or exit a given market or region.  The ERMC also reviews and, if necessary, modifies its criteria for second level deal reviews.   All risks are ranked by Legal using a scale of 1 (low) to 10 (high) based on the team’s internal conversations with each of the areas providing the risk information.  The risk report is over 25 pages, covering more than 400 risks.

The ERMC meets quarterly to discuss the report and trends indicated, and whether any changes in operational plans or initiatives are warranted based on the report.  The risk report is then further summarized and shared quarterly with the Audit Committee of the Board of Directors by Rodney and the CLO.  Rodney and his ERM team meet monthly with each risk related department separately to discuss risk developments in their particular risk area, as well as with the Midwest and Southeast region business leaders to discuss major compliance exposures and future potential deals of concern.  These meetings are far more granular discussions of specific risks than what is discussed at the ERMC.

The Chief Economist has a small modeling team that forecasts the bank’s capital requirements under Fed Stress Test scenarios, and other scenarios developed by the Chief Economist.  The results are presented quarterly to the ERMC and annually to the full Board of Directors.  The model projects key parameters affecting most contracts written by the bank, with each contract’s details modeled individually and rolled up to total capital required by region and contract type.  The parameters included in the model are the key economic indicators that the Chief Economist regularly forecasts, as well as default rates of counterparties based on their credit ratings.  Gross ups are estimated for contracts not included and a 15% mark-up is added for operational risks.  Assumptions are updated quarterly and the model is validated by external consultants every three years.  The modeling is performed independently from the ERM team’s risk process.  It is used by the CFO to make financing decisions on capital structure (i.e. debt vs. equity), shareholder dividends, and share repurchases.  These decisions are approved by both the ERMC and the Finance Committee of the Board.

Currently Legal constructs and maintains the risk disclosures, which build off their risk process.  They are largely qualitative except as required by the bank’s regulators.  Rodney and the ERM team review the risk disclosures quarterly to ensure alignment between the findings from the ERM process and the company’s public risk disclosures.