Nuveen Churchill Private Capital Income Fund 10-K Cybersecurity GRC - 2024-02-29

Page last updated on April 11, 2024

Nuveen Churchill Private Capital Income Fund reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-29 17:23:16 EST.

Filings

10-K filed on 2024-02-29

Nuveen Churchill Private Capital Income Fund filed an 10-K at 2024-02-29 17:23:16 EST
Accession Number: 0001628280-24-008070

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity The Fund depends on and engages various third parties and service providers, including suppliers, custodians, transfer agents, administrative agents, fund administrators and other third parties to source, make and manage its investments. Accordingly, the Fund s business is dependent on the communications and information technology ( IT ) systems that it shares with the Advisers and their ultimate parent company, TIAA, which further relies upon the systems of third-party IT service providers to TIAA. TIAA has established a cybersecurity program across its enterprise, which applies to certain of its affiliates, including the Advisers and the Fund. When identifying and overseeing risks from cybersecurity threats associated with its use of third-party service providers, the Fund further relies upon the expertise of risk management, legal, information technology, and compliance personnel of TIAA. TIAA conducts onboarding and ongoing due diligence of certain of the Fund s key third-party service providers to identify and oversee risks from cybersecurity threats associated with the Fund s use of such entities. Cybersecurity Program Overview TIAA has instituted an enterprise cybersecurity program designed to identify, assess, and mitigate cyber risks applicable to TIAA and its affiliates, which applies to the Fund and the Advisers. This cyber risk management program is integrated into TIAA s overall risk management program and involves risk assessments, implementation of security measures, and ongoing monitoring of systems and networks, including networks on which the Fund relies. TIAA relies on its internal subject matter experts and external experts, as needed, including, but not limited to, cybersecurity assessors, consultants, and auditors, to evaluate cybersecurity measures and risk management processes applicable to the Advisers, the Fund and other affiliates of TIAA. TIAA actively monitors the current cyber threat landscape in an effort to identify material risks arising from new and evolving cybersecurity threats, including material risks faced by the Fund and the Advisers in connection with their day-to-day operations. TIAA s cybersecurity leadership team are responsible for maintaining and overseeing the overall state of TIAA s cybersecurity program, information on the current threat landscape, and risks from cybersecurity threats and cybersecurity incidents impacting TIAA and its affiliates, including the Fund, the Advisers and their respective third-party service providers. TIAA s cybersecurity team, including its Chief Information Security Officer, is responsible for assessing and managing material risks from cybersecurity threats to the TIAA organization, including the Fund and the Advisers. TIAA s Chief Information Security Officer and cybersecurity leaders have significant expertise in in this area, including in IT and cybersecurity engineering, and have cybersecurity leadership experience in other major financial institutions. Management of the Fund is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting the Fund, including through the receipt of notifications from third party service providers and reliance on communications with cybersecurity, risk management, legal, IT, and/or compliance personnel of TIAA. Oversight of Cybersecurity Risk The potential impact of risks from cybersecurity threats on the Fund is assessed on an ongoing basis, as well as how such risks could materially affect the Fund s business strategy, operational results, and financial condition. Cybersecurity risk remains heightened to the financial industry, including the Fund, and a failure in or breach of our systems or infrastructure, or those of a material third party or service provider, could cause disruption and adversely impact the Fund s operations. TIAA and the Advisers continue to invest in the cybersecurity program to protect against emerging threats, including threats against third parties and service providers. The Fund has not experienced any material cybersecurity incident, and the Fund is not aware of any cybersecurity risks that are reasonably likely to materially affect its business. TIAA s cybersecurity team periodically reports to the Fund s management on cybersecurity matters, primarily through presentations. Such reporting will include updates on TIAA s cybersecurity program as it relates to the Fund , the external cybersecurity threat environment, and TIAA s programs to address and mitigate the risks associated with the evolving cybersecurity threat environment. These reports also include updates on TIAA s preparedness, prevention, detection, responsiveness and recovery with respect to cybersecurity incidents. The Board has the primary responsibility for overseeing and reviewing the guidelines and policies with respect to risk assessment and risk management, including cybersecurity. The Board receives periodic updates from the Fund s management regarding TIAA s cybersecurity program, information on current threat landscape and risks from cybersecurity threats and cybersecurity incidents impacting the Fund. 58

Company Information