PIMCO Capital Solutions BDC Corp. 10-K Cybersecurity GRC - 2024-03-12

Page last updated on October 1, 2024

PIMCO Capital Solutions BDC Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-12 19:28:26 EDT.

Filings

10-K filed on 2024-03-12

PIMCO Capital Solutions BDC Corp. filed a 10-K at 2024-03-12 19:28:26 EDT
Accession Number: 0001193125-24-066117

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity ." Securities Act of 1933 The shares are not registered under the Securities Act or any state securities laws. The shares are offered and sold in the United States without registration in reliance upon the exemption contained in section 4(a)(2) of the Securities Act and Rule 506 of Regulation D promulgated thereunder by the SEC for transactions not involving a public offering and upon exemptions from any applicable state securities laws. Each prospective investor in the United States must be an accredited investor (as defined in Regulation D) and is required to represent, among other customary private placement representations, that it is acquiring shares for its own account and not with a view to resale or distribution in violation of U.S. Federal or state securities laws. Further, each Stockholder must be prepared to bear the economic risk of the investment for an indefinite period, because shares are “restricted securities” (as defined in Rule 144 under the Securities Act) and can be resold only pursuant to an offering registered under the Securities Act or an exemption from such registration requirement. It is extremely unlikely that shares will ever be registered under the Securities Act. Securities Exchange Act of 1934 In connection with any acquisition or beneficial ownership by the Company of more than 5% of any class of equity securities of a company registered under the Exchange Act, the Company may be required to make certain filings with the SEC. Generally, these filings require disclosure of the identity and background of the purchaser, the source and amount of funds used to acquire the securities, the purpose of the transaction, the purchaser’s interest in the securities and any contracts, arrangements or undertakings regarding the securities. In certain circumstances, the Company may be required to aggregate its investment position in a given operating company with the beneficial ownership of that company’s securities by or on behalf of the Advisor and its affiliates, which could require the Company, together with such other parties, to make certain disclosure filings or otherwise restrict the Company’s activities with respect to such operating company’s securities. In addition, if the Company becomes the beneficial owner of more than 10% of any class of equity securities of a U.S. company registered under the Exchange Act or places an officer or a director on the board of directors of such a company, the Company may be subject to certain additional reporting requirements and to liability for short-swing profits under Section 16 of the Exchange Act. The Company intends to manage its investments so as to avoid the short-swing profit liability provisions of Section 16 of the Exchange Act. Compliance with Anti-Money Laundering Requirements In response to increased regulatory concerns with respect to the sources of funds used in investments and other activities, the Company may request prospective or existing Stockholders to provide additional documentation verifying, among other things, such Stockholder’s identity and source of funds used to purchase its shares. The Advisor may decline to accept a subscription if this information is not provided or on the basis of such information that is provided. Requests for documentation may be made at any time during which a Stockholder holds shares. In certain circumstances, the Advisor may be required to provide this information, or report the failure to comply with such requests, to Governmental authorities without notifying the Stockholder that the information has been provided. The Advisor will take such steps as may be necessary to comply with applicable law, regulations, orders, directives or special measures that may be required by Government regulators. Governmental authorities are continually considering expanding measures to implement broader anti-money laundering laws and, at this point, it is unclear what additional steps the Advisor may be required to take. These additional steps, however, may include, without limitation, prohibiting such Stockholder from making further contributions to the Company and depositing distributions to which such Stockholder would otherwise be entitled into an escrow account. 39 European Data Protection Legislation The Company is subject to European laws related to privacy, data protection and information security in the jurisdictions in which it inter alia does business and/or its investors are located, including with respect to natural persons investing in the Company, the General Data Protection Regulation (EU 2016/679). As privacy, data protection and information security laws are implemented, interpreted and applied, compliance costs may increase, particularly in the context of ensuring that adequate data protection and data transfer mechanisms are in place. Compliance with current and future privacy, data protection and information security laws and regulations could significantly impact current and planned privacy and information security related practices, the collection, use, sharing, retention and safeguarding of personal data and some of the current and planned business activities. A failure to comply with such laws and regulations could result in fines, sanctions or other penalties, which could adversely affect results of operations and overall business, as well as have an impact on reputation. Federal Income Tax Risks RIC Qualification Risks To obtain and maintain RIC tax treatment under Subchapter M of the Code, the Company must, among other things, meet annual distribution, income source and asset diversification requirements. If the Company does not qualify for or maintain RIC tax treatment for any reason and is subject to corporate income tax, the resulting corporate taxes could substantially reduce the Company’s net assets, the amount of income available for distribution and the amount of the Company’s distributions. Difficulty with Paying Required Distributions For federal income tax purposes, the Company may be required to recognize taxable income in circumstances in which it does not receive a corresponding payment in cash. For example, if the Company holds debt obligations that are treated under applicable tax rules as having original issue discount (such as zero coupon securities, debt instruments with PIK interest or, in certain cases, increasing interest rates or debt instruments that were issued with warrants), the Company must include in income each year a portion of the original issue discount that accrues over the life of the obligation, regardless of whether cash representing such income is received by the Company in the same taxable year. The Company may also have to include in income other amounts that it has not yet received in cash, such as deferred loan origination fees that are paid after origination of the loan or are paid in non-cash compensation such as warrants or stock. The Company anticipates that a portion of its income may constitute original issue discount or other income required to be included in taxable income prior to receipt of cash. Further, the Company may elect to amortize market discount and include such amounts in its taxable income in the current year, instead of upon disposition, as an election not to do so would limit its ability to deduct interest expenses for tax purposes. Because any original issue discount or other amounts accrued will be included in its investment company taxable income for the year of the accrual, the Company may be required to make a distribution to its Stockholders in order to satisfy the annual distribution requirement, even though the Company would not have received any corresponding cash amount. As a result, the Company may have difficulty meeting the annual distribution requirement necessary to qualify for and maintain RIC tax treatment under Subchapter M of the Code. The Company may have to sell some of its investments at times and/or at prices it would not consider advantageous, raise additional debt or equity capital or forgo new investment opportunities for this purpose. If the Company is not able to obtain cash from other sources, it may not qualify for or maintain RIC tax treatment and thus may become subject to corporate-level income tax. The resulting corporate taxes could substantially reduce its net assets, the amount of income available for distribution and the amount of its distributions. Some Investments May be Subject to Corporate-Level Income Tax The Company may invest in certain debt and equity investments through taxable subsidiaries and the taxable income of these taxable subsidiaries will be subject to federal and state corporate income taxes. The Company may invest in certain foreign debt and equity investments which could be subject to foreign taxes (such as income tax, withholding and value added taxes). Certain Portfolio Investments May Present Special Tax Issues The Company expects to invest in debt securities that are rated below investment grade by rating agencies or that would be rated below investment grade if they were rated. Investments in these types of instruments may present special tax issues. U.S. federal income tax rules are not entirely clear about certain issues related to such investments such as when the Company may cease to accrue interest, original issue discount or market discount, when and to what extent deductions may be taken for bad debts or worthless instruments, how payments received on obligations in default should be allocated between principal and income and whether exchanges of debt obligations in a bankruptcy or workout context are taxable. These and other issues will be addressed by the Company, to the extent necessary, to distribute sufficient income to preserve its tax status as a RIC and minimize the extent to which it is subject to U.S. federal income or excise tax. 40 There may be withholding of U.S. federal income tax on dividends for non-U.S. stockholders Distributions by a BDC generally are treated as dividends for U.S. tax purposes, and will be subject to U.S. income or withholding tax unless the stockholder receiving the dividend qualifies for an exemption from U.S. tax, or the distribution is subject to one of the special look-through rules described below. Distributions paid out of net capital gains can qualify for a reduced rate of taxation in the hands of an individual U.S. stockholder, and an exemption from U.S. tax in the hands of a non-U.S. stockholder. However, if reported by a RIC, dividend distributions by the RIC derived from certain interest income (such distributions, “interest-related dividends”) and certain net short-term capital gains (such distributions, “short-term capital gain dividends”) generally are exempt from U.S. withholding tax otherwise imposed on non-U.S. stockholders. Interest-related dividends are dividends that are attributable to “qualified net interest income” ( i.e. , “qualified interest income,” which generally consists of certain interest and OID on obligations “in registered form” as well as interest on bank deposits earned by a RIC, less allocable deductions) from sources within the United States. Short-term capital gain dividends are dividends that are attributable to net short-term capital gains, other than short-term capital gains recognized on the disposition of U.S. real property interests, earned by a RIC. However, no assurance can be given as to whether any of the Company’s distributions will be eligible for this exemption from U.S. withholding tax or, if eligible, will be reported as such by the Company. Furthermore, in the case of shares of the Company’s stock held through an intermediary, the intermediary may have withheld U.S. federal income tax even if the Company reported the payment as an interest-related dividend or short-term capital gain dividend. Since the Company’s common stock will be subject to significant transfer restrictions, and an investment in its common stock will generally be illiquid, non-U.S. stockholders whose distributions on the common stock are subject to U.S. withholding tax may not be able to transfer their shares of the common stock easily or quickly or at all. A failure of any portion of the Company’s distributions to qualify for the exemption for interest-related dividends or short-term capital gain dividends would not affect the treatment of non-U.S. stockholders that qualify for an exemption from U.S. withholding tax on dividends by reason of their special status (for example, foreign government-related entities and certain pension funds resident in favorable treaty jurisdictions). Legislative or Regulatory Tax Changes Could Adversely Affect Investors At any time, the federal income tax laws governing RICs or the administrative interpretations of those laws or regulations may be amended. Any new laws, regulations or interpretations may take effect retroactively and could adversely affect the taxation of us or the Stockholders. Therefore, changes in tax laws, regulations or administrative interpretations or any amendments thereto could diminish the value of an investment in the Company’s shares or the value or the resale potential of its investments. Item 1B. Unresolved Staff Comments Not applicable. Item 1C. Cybersecurity The Company’s management, including the Company’s Chief Compliance Officer and the investment manager’s Global Chief Information Security Officer, are responsible for conducting a regulatory risk assessment which includes cybersecurity threats. Members of Company management possess relevant experience in various disciplines that are important to effectively managing cybersecurity related risks including Security Operations, Vulnerability Management, Network Security, Application and Cloud Security, and cybersecurity risk management. Management of the Company and the investment manager maintain compliance programs which include policies and procedures that are reasonably designed to address regulatory risks related to cybersecurity. The compliance programs include controls to monitor the prevention, detection, mitigation and remediation of cybersecurity incidents impacting the Company; in addition to the compliance programs, a vendor oversight program is leveraged to monitor risks associated with relevant service providers including cybersecurity. Cybersecurity Program Overview The Adviser has instituted a cybersecurity program designed to identify, assess, and mitigate cyber risks applicable to the Company. The cyber risk management program involves risk assessments, implementation of security measures, and ongoing monitoring of systems and networks, including networks on which the Company relies. The Adviser actively monitors the current threat landscape in an effort to identify material risks arising from new and evolving cybersecurity threats, including material risks faced by the Company. The Company relies on the Adviser to engage external experts, including cybersecurity assessors, consultants, and internal auditors to evaluate cybersecurity measures and risk management processes, including those applicable to the Company. The Company relies on the Adviser’s risk management program and processes, which include cyber risk assessments. The Company depends on and engages various third parties, including suppliers, vendors, and service providers, to operate its business. The Company relies on the expertise of risk management, legal, information technology, and compliance personnel of the Adviser when identifying and overseeing risks from cybersecurity threats associated with our use of such entities. 41 Board Oversight of Cybersecurity Risks The Board provides oversight on cybersecurity matters, including risks associated with cybersecurity threats. The Board receives periodic updates from the Company’s Global Chief Information Security officer or their designee regarding the overall state of the Adviser’s cybersecurity program, information on the current threat landscape, and risks from cybersecurity threats and cybersecurity incidents impacting the Company. Management’s Role in Cybersecurity Risk Management The Company’s management, including the Company’s Chief Compliance Officer (“CCO”), is responsible for assessing and managing material risks from cybersecurity threats. Members of Company management possess relevant expertise in various disciplines that are key to effectively managing such risks. Management of the Company is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting the Company, including through the receipt of notifications from service providers and reliance on communications with risk management, legal, information technology, and/or compliance personnel of the Adviser. Assessment of Cybersecurity Risk The potential impact of risks from cybersecurity threats on the Company are assessed on an ongoing basis, and how such risks could materially affect the Company’s business strategy, operational results, and financial condition are regularly evaluated. During the reporting period, the Company has not identified any risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that the Company believes have materially affected, or are reasonably likely to materially affect, the Company, including its business strategy, operational results, and financial condition.
Item 1C. Cybersecurity The Company’s management, including the Company’s Chief Compliance Officer and the investment manager’s Global Chief Information Security Officer, are responsible for conducting a regulatory risk assessment which includes cybersecurity threats. Members of Company management possess relevant experience in various disciplines that are important to effectively managing cybersecurity related risks including Security Operations, Vulnerability Management, Network Security, Application and Cloud Security, and cybersecurity risk management. Management of the Company and the investment manager maintain compliance programs which include policies and procedures that are reasonably designed to address regulatory risks related to cybersecurity. The compliance programs include controls to monitor the prevention, detection, mitigation and remediation of cybersecurity incidents impacting the Company; in addition to the compliance programs, a vendor oversight program is leveraged to monitor risks associated with relevant service providers including cybersecurity. Cybersecurity Program Overview The Adviser has instituted a cybersecurity program designed to identify, assess, and mitigate cyber risks applicable to the Company. The cyber risk management program involves risk assessments, implementation of security measures, and ongoing monitoring of systems and networks, including networks on which the Company relies. The Adviser actively monitors the current threat landscape in an effort to identify material risks arising from new and evolving cybersecurity threats, including material risks faced by the Company. The Company relies on the Adviser to engage external experts, including cybersecurity assessors, consultants, and internal auditors to evaluate cybersecurity measures and risk management processes, including those applicable to the Company. The Company relies on the Adviser’s risk management program and processes, which include cyber risk assessments. The Company depends on and engages various third parties, including suppliers, vendors, and service providers, to operate its business. The Company relies on the expertise of risk management, legal, information technology, and compliance personnel of the Adviser when identifying and overseeing risks from cybersecurity threats associated with our use of such entities. 41 Board Oversight of Cybersecurity Risks The Board provides oversight on cybersecurity matters, including risks associated with cybersecurity threats. The Board receives periodic updates from the Company’s Global Chief Information Security officer or their designee regarding the overall state of the Adviser’s cybersecurity program, information on the current threat landscape, and risks from cybersecurity threats and cybersecurity incidents impacting the Company. Management’s Role in Cybersecurity Risk Management The Company’s management, including the Company’s Chief Compliance Officer (“CCO”), is responsible for assessing and managing material risks from cybersecurity threats. Members of Company management possess relevant expertise in various disciplines that are key to effectively managing such risks. Management of the Company is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting the Company, including through the receipt of notifications from service providers and reliance on communications with risk management, legal, information technology, and/or compliance personnel of the Adviser. Assessment of Cybersecurity Risk The potential impact of risks from cybersecurity threats on the Company are assessed on an ongoing basis, and how such risks could materially affect the Company’s business strategy, operational results, and financial condition are regularly evaluated. During the reporting period, the Company has not identified any risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that the Company believes have materially affected, or are reasonably likely to materially affect, the Company, including its business strategy, operational results, and financial condition.


Company Information

NamePIMCO Capital Solutions BDC Corp.
CIK0001905824
SIC Description
Ticker
Website
CategoryNon-accelerated filer
Emerging growth company
Fiscal Year EndDecember 30