Millburn Multi-Markets Fund L.P. 10-K Cybersecurity GRC - 2024-04-01

Page last updated on July 16, 2024

Millburn Multi-Markets Fund L.P. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 20:04:18 EDT.


10-K filed on 2024-04-01

Millburn Multi-Markets Fund L.P. filed a 10-K at 2024-04-01 20:04:18 EDT
Accession Number: 0001468910-24-000004

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The General Partner has written procedures and policies that govern the Partnership’s general cybersecurity program. These policies and procedures include, among other things, the identification of risks, locations of information, management of third party risk and incident response, among other factors, and are designed to address real world concerns. The Cybersecurity Committee (the “Committee”) of the General Partner is responsible for overseeing cyber and information security. The Committee meets at least quarterly to discuss cybersecurity risks and frequently holds more informal discussions in the interim. The Committee is subject to oversight by the board of directors of the General Partner (the “Board”). The Committee is co-chaired by the General Partner’s President/Chief Operating Officer, Chief Technology Officer/Co-Head of Trading, and General Counsel/Chief Compliance Officer who oversee day-to-day implementation of cyber and information security by employees with specialized expertise and experience in such matters. The Board is kept apprised of the cybersecurity policies and procedures on a formal basis at least annually, and is kept informed on a less formal basis through participation in training and policy updates. The Committee meets at least quarterly to discuss and review testing, cybersecurity risks/events and all other relevant matters. Committee members are given the opportunity at these meetings to ask questions of all relevant personnel. The General Partner utilizes a combination of statistics, data and testing by third party service providers and software in order to monitor and identify cybersecurity threats. To the extent those threats require immediate attention, they are dealt with and reported to the Committee thereafter in accordance with the procedures outlined in the General Partner’s incident response plan. Other threats, as well as follow ups once threats are properly dealt with, are then discussed and analyzed by the Committee. Reports on these activities are discussed with the Board on at least an annual basis, with any material issues raised promptly to the Board as well. To assess the effectiveness of the General Partner’s cybersecurity programs and to mitigate exposure, the General Partner has consulted with strategic partners, such as outside counsel specializing in this subject matter as well as the General Partner’s cyber insurance provider. The General Partner also undertook a table top exercise designed to identify and mitigate issues and train personnel. The General Partner’s head of risk management (who is also mentioned above as one of the co-chairmen of the Committee) participates in all Committee meetings and, as part of the risk management function, the Committee applies principles of risk management to its information security program. As with all risks identified by the General Partner, risks are identified and evaluated, with higher risk items receiving priority attention. The General Partner has undertaken efforts to mitigate cyber risks and their impact, including, but not limited to, certain implementation of firewalls, anti-virus/anti-malware, controls around remote network access, multi-factor authentication, system event monitoring and notifications and electronic surveillance, frequent backups, encryption and password protection, education and testing, supervision of third parties, limitations on access, vulnerability scanning, patch installation, physical safeguards, virus scanning, and penetration testing. Employees are required to complete initial cybersecurity training upon commencement of employment and, thereafter, on an annual basis. The training is designed by a third party service provider. The General Partner carries cyber insurance. The General Partner maintains formal cybersecurity procedures that are considered during contract review with respect to third party vendors handling and having access to information. The General Partner has not identified any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected the General Partner or the Partnership’s business strategy, results of operation or financial condition. Nonetheless, there is no guarantee that a future cyber incident would not materially affect the General Partner or the Partnership’s business strategy, results of operations or financial condition. Despite the various efforts the General Partner has undertaken to mitigate cyber risks and their impact, systems, networks and/or devices potentially can be breached. Such cybersecurity breaches may cause: (i) disruptions and impacts to business operations, potentially resulting in financial losses to the Partnership and limited partners; (ii) interference with the General Partner’s ability to calculate the value of an investment; (iii) impediments to trading; (iv) the inability of the Partnership and its service providers to transact business; (v) violations of applicable privacy and other laws; (vi) regulatory fines, penalties, reputational damage, reimbursement or other compensation costs or 9 additional compliance costs; and (vii) the inadvertent release of confidential information. Similar adverse consequences could result from cybersecurity breaches affecting counterparties with which the Partnership engages in transactions; governmental and other regulatory authorities; exchange and other financial market operators, banks, brokers, dealers, insurance companies and other financial institutions; and other parties. In addition, substantial costs may be incurred by these entities in order to prevent any cybersecurity breaches in the future. The nature of malicious cyber-attacks is becoming increasingly sophisticated and the Partnership cannot control the cyber systems and cybersecurity systems of counterparties or third party service providers. While, to date, we have not been subject to cyberattacks that, individually or in the aggregate, have been material to our operations or financial condition, the preventive actions we take to reduce the risks associated with cyberattacks may be insufficient to repel or mitigate the effects of a major cyberattack in the future.

Company Information

NameMillburn Multi-Markets Fund L.P.
SIC DescriptionCommodity Contracts Brokers & Dealers
CategoryNon-accelerated filer
Smaller reporting company
Fiscal Year EndDecember 30