ITEM 1C. CYBERSECURITY

The Trust does not have a board of directors; therefore, the Trustee is responsible for oversight of the Trust’s risks from cybersecurity threats. The Trustee has dedicated personnel that are responsible for assessing and managing the Trust’s cyber risk management program, informing senior management of the Trustee regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents and supervising such efforts. The Trustee’s information technology team has decades of experience selecting, deploying, and operating cybersecurity technologies, initiatives, and processes, and relies on threat intelligence as well as other information obtained from governmental, public or private sources, including external consultants engaged by the Trustee to monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents. External partners are a key part of the Trustee’s cybersecurity protocols and policies. The Trustee works with leading firms in the cybersecurity industry, leveraging their technology and expertise to monitor and maintain the performance and effectiveness of products and services that are used by the Trustee.

The Trustee maintains a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats, which processes are integrated into the Trustee’s overall risk management process. The Trustee maintains robust cybersecurity protocols including, but not limited to technological capabilities that prevent and detect disruptions; computer workstations and programs protected with passwords and passphrases, as well as employee training throughout the year on financial regulations and cybersecurity followed up by testing of that knowledge. The protocols are based on recognized best practices and standards for cybersecurity and information technology. The Trustee has an annual assessment, performed by a third-party vendor, of the Trustee’s cyber risk management program.

Other, non-technical protocols include securing of documents and work areas that could contain personal, non-public information and independent verification of information changes by outside vendors.

The Trust faces risks from cybersecurity threats that could have a material adverse effect on its business, financial condition, results of operations, cash flows or reputation. The Trustee has experienced, and will continue to experience, cyber incidents in the normal course of its business. However, prior cybersecurity incidents have not had a material adverse effect on the Trust’s business, financial condition, results of operations, or cash flows. See Item 1A. Risk Factors – The Trust may be subject to attempted cybersecurity disruptions from a variety of sources including state-sponsored actors.

 

11