United States 12 Month Oil Fund, LP - (USL)
10-K Filing Date: February 29, 2024
In general, cybersecurity incidents can result from deliberate attacks or unintentional events such as a cyber-attack against USCF, a natural catastrophe, an industrial accident, failure of USL’s disaster recovery systems, or consequential employee error. Cyber-attacks include, but are not limited to, gaining unauthorized access to digital systems for purposes of misappropriating assets or sensitive information, corrupting data, or causing operational disruption. Cyber-attacks may also be carried out in a manner that does not require gaining unauthorized access, such as causing denial-of-service attacks on websites. Cyber security failures or breaches of a fund’s clearing broker or third party service provider (including, but not limited to, index providers, the administrator and transfer agent, the custodian), have the ability to cause disruptions and impact business operations, potentially resulting in financial losses, the inability of fund shareholders to transact business, violations of applicable privacy and other laws, regulatory fines, penalties, reputational damage, reimbursement or other compensation costs, and/or additional compliance costs.
Risk Management
USL does not have computer systems or networks. Pursuant to the terms of the LP Agreement, USL's affairs are managed by USCF. USCF has implemented an information security program that is focused on ensuring the security and protection of computer systems and oversight of third-party service providers. This program includes specific provisions pertaining to data security and the security of information that, if disclosed, could have detrimental effects on USL. Such provisions relate to the handling of information and computers, as well as the protection of computer systems and software from unauthorized persons. As needed, but no less frequently than annually, USCF evaluates its cybersecurity risk profile in accordance with its compliance policies and procedures. The risk assessment aims to confirm that USCF's policies are being followed and enforced, and to identify risks that may have otherwise been unknown. To mitigate the risks from cybersecurity threats posed by third parties, USCF conducts due diligence on its critical third-party service providers with respect to (1) the cybersecurity programs and policies that they have in place as well as how they safeguard sensitive information, and (2) how those programs and policies apply to customers, including USCF and USL.
USCF's procedures include guidance for determining the materiality of cybersecurity incidents, including with respect to cybersecurity incidents experienced by third-party service providers. Such determinations are made by USCF's senior management, including its Chief Executive Officer, which uses both qualitative and quantitative factors in assessing the material impact of an incident. The factors include the functional impact, the information impact, costs, the observed activity, the location of observed activity, actor characterization, and recoverability of information. As of the date of this report, USCF is not aware of any material risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect USL, including its business strategy, results of operations, or financial condition.
Governance
The Director of Compliance, as identified below, provides regular reports to USCF's Board of Directors on developments to the information security and cybersecurity risks facing USL. Reports may include, among other things, an overview of the controls and procedures related to assessing, identifying, and managing risks related to cybersecurity threats, and management's evaluation of cybersecurity risks material to USL.