AB Private Credit Investors Corp 10-K Cybersecurity GRC - 2024-03-29

Page last updated on April 11, 2024

AB Private Credit Investors Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-29 14:28:57 EDT.

Filings

10-K filed on 2024-03-29

AB Private Credit Investors Corp filed an 10-K at 2024-03-29 14:28:57 EDT
Accession Number: 0001193125-24-081951

Item 1C. Cybersecurity.

Cyber Risk Management and Strategy

We have processes in place to assess, identify, and manage material risks from cybersecurity threats. Our business is dependent on the communications and information systems of the Adviser, AB and other third-party service providers. The Adviser manages our day-to-day operations and has implemented AB’s Information Security Program (“ISP”) that applies to the Fund and its operations.

We rely on the digital technology of AB and the Adviser to conduct our business operations and engage with our clients and business partners. The technology that AB, the Adviser, clients, and business partners rely upon becomes more complex over time as do threats to our business operations from cyber intrusions, denial of service attacks, manipulation and other cyber misconduct. Information Security is an ongoing process of exercising due care that is designed to protect corporate, client and employee information and systems from unauthorized access, destruction, disclosure, disruption and modification of use.

Through a combination of security, risk and compliance resources, AB implements information security through a dedicated ISP that is intended to identify, assess and manage material risks from cybersecurity threats applicable to the Fund, and which includes a focus on safeguarding information and assets from cyber threats, engaging in cyber threat monitoring and responding to actual or potential cyber incidents. Our ISP is led by AB’s Chief Information Security Officer (“CISO”) who actively partners with AB’s Chief Compliance Officer and Chief Risk Officer and, in turn, the Fund’s Adviser, Board and Chief Compliance Officer. Ultimately, we rely on AB’s full enterprise risk framework, which includes the ISP, information technology, business continuity, resiliency and cybersecurity risk, in combination with a broader risk management team, including AB’s Chief Security Officer.

AB’s CISO, with assistance from internal and external resources, is responsible for implementing and providing oversight of the ISP that applies to the Fund. The ISP employs a defense-in-depth strategy: an information assurance concept in which multiple layers of security controls are distributed throughout an operating environment. The concept manages risk with diverse defensive strategies, so that if one layer of defense fails, another layer of defense will attempt to compensate. The ISP features cybersecurity policies, standards and guidelines, committee governance, training, access controls and data controls.

The ISP, together with related risk and compliance resources, is designed to proactively manage the risk of threat from cybersecurity incidents through (i) implementing protocols to take cybersecurity considerations into account in adopting and onboarding our technology resources, (ii) monitoring IT controls to better ensure compliance with cybersecurity and other related legal and regulatory requirements, (iii) assessing adherence by critical and material third parties we partner with to ensure that the appropriate risk management standards are met, (iv) ensuring essential business functions remain available during a business disruption, and (v) regularly developing and updating response plans to address potential IT or cyber incidents should they occur. AB’s security, risk and compliance resources are designed to prioritize IT and cybersecurity risk areas, identify solutions that minimize such risks, pursue optimal outcomes and maintain compliance standards. We also rely on AB’s ISP to maintain an operation security function that has a real time response capability that triages potential incidents and triggers impact mitigation protocols.

Additionally, we rely on AB and the Adviser to utilize third parties to conduct periodic cybersecurity assessments, including assessments impacting the Fund, and AB’s internal audit function includes certain cyber risk audits as part of any overall risk audit. We rely on AB to review the recommendations and findings from those assessments and audits and implement corrective and other measures as appropriate and as may be relevant to the Fund. AB’s cybersecurity processes rely predominantly on internal resources, but also include important third party resources for certain matters, including the aforementioned assessments as well as our continuous cybersecurity threat monitoring and initial incident reporting system.

As part of the ISP that is applicable to the Fund, AB also performs cyber risk assessments on the Fund’s critical and material third party vendors during onboarding and periodically thereafter.

During the reporting period, we have not had a cybersecurity incident that has materially affected, or was reasonably likely to materially affect, the Fund, including our business strategy, results of operations or financial condition. There are risks from cybersecurity threats that if they were to occur could materially affect our business strategy, results of operations or financial condition, including as discussed in “Item 1A Risk factors - The failure in cyber security systems, as well as the occurrence of events unanticipated in the Fund’s disaster recovery systems and management continuity planning could impair its ability to conduct business effectively,” although we do not currently believe that such a result is reasonably likely.

Cyber Risk Governance

The Board provides strategic oversight over the Fund generally and has delegated oversight on cybersecurity matters to the Fund’s Audit Committee, including oversight of risks associated with cybersecurity threats. AB’s CISO, the Adviser’s Chief Compliance Officer and the Fund’s Chief Compliance Officer periodically report to the Audit Committee, which in turn reports to the Board on the status of AB’s ISP, cybersecurity risks, risk management policies and risk assessment initiatives. Such reports particularly emphasize any material risks concerning the Fund.

The Chief Compliance Officer of the Fund oversees the Fund’s risk management function generally and relies on the Adviser’s Chief Compliance Officer to assist with assessing and managing material risks from cybersecurity threats. The Adviser’s Chief Compliance Officer has 12 years of experience in the financial services industry, and during such time has acquired relevant experience overseeing and actively managing cybersecurity and information security programs for financial services companies with complex information systems. The Fund’s Chief Compliance Officer has been responsible for the general oversight function as Chief Compliance Officer to the Fund for 3 years and has worked in the financial services industry for 18 years, during which the Fund’s Chief Compliance Officer has gained expertise in assessing and managing risk applicable to the Fund.

Management is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting the Fund, including through the receipt of notifications from service providers and reliance on communications with ISP personnel of the Adviser and AB.

Company Information