ITEM 1C. CYBERSECURITY

As an externally managed company, our day-to-day operations are managed by our Adviser and our executive officers under the oversight of our board of directors. Our executive officers are senior professionals of our Adviser and our Adviser is a subsidiary of J.P. Morgan. As such, we are reliant on J.P. Morgan for assessing, identifying and managing material risks to our business from cybersecurity threats.

Overview

Cybersecurity risk is an important and continuously evolving focus for us, the Adviser, J.P. Morgan, and its affiliates. Significant resources are devoted to protecting and enhancing the security of computer systems, software, networks, storage devices, and other technology. The Adviser’s security efforts are designed to protect against, among other things, cybersecurity attacks that can result in unauthorized access to confidential information, the destruction of data, disruptions to or degradation of service, sabotaging systems or other damage.

The Adviser, J.P. Morgan, and its affiliates have experienced, and expect to continue to experience, a higher volume and complexity of cyber attacks against the backdrop of heightened geopolitical tensions. J.P. Morgan has implemented measures and controls reasonably designed to address this evolving environment, including enhanced threat monitoring. In addition, J.P. Morgan continues to review and enhance its capabilities to address associated risks, such as those relating to the management of administrative access to systems.

Third parties with which we, the Adviser, J.P. Morgan and its affiliates do business, that facilitate our, the Adviser’s, J.P. Morgan’s, and its affiliates’ business activities (e.g., vendors, supply chain, exchanges, clearing houses, central depositories, and financial intermediaries) or that J.P. Morgan has acquired are also sources of cybersecurity risk to us. Third party incidents such as system breakdowns or failures, misconduct by the employees of such parties, or cyber attacks, including ransomware and supply-chain compromises, could have a material adverse effect on J.P. Morgan, including in circumstances in which an affected third party is unable to deliver a product or service to us or the Adviser, where the incident delivers compromised software to J.P. Morgan or results in lost or compromised information of J.P. Morgan or its clients or customers.

Clients and customers are also sources of cybersecurity risk to us, the Adviser, J.P. Morgan and its affiliates and its information assets, particularly when their activities and systems are outside of J.P. Morgan’s own security and control systems. J.P. Morgan engages in periodic discussions with its clients, customers and other external parties concerning cybersecurity risks including opportunities to improve cybersecurity.

Risks from cybersecurity threats, including any previous cybersecurity events, have not materially affected us or our business strategy, results of operations or financial condition. Notwithstanding the comprehensive approach that J.P. Morgan takes to address cybersecurity risk, J.P. Morgan may not be successful in preventing or mitigating a future cybersecurity incident that could have a material adverse effect on us, the Adviser, J.P. Morgan or its affiliates or its business strategy, results of operations or financial condition.

Organization and Management

J.P. Morgan’s Information Security Program includes the following functions:

J.P. Morgan has a cybersecurity incident response plan designed to enable J.P. Morgan to respond to attempted cybersecurity incidents, coordinate as appropriate with law enforcement and other government agencies, notify clients and customers, as applicable, and recover from such incidents. In addition, J.P. Morgan actively partners with appropriate government and law enforcement agencies and peer industry forums, participating in discussions and simulations to assist in understanding the full spectrum of cybersecurity risks and in enhancing defenses and improving resiliency in J.P. Morgan’s operating environment.

Governance and Oversight

The governance structure for the Global Cybersecurity and Technology Controls organization is designed to appropriately identify, escalate and mitigate cybersecurity risks. Cybersecurity risk management and its governance and oversight are integrated into J.P. Morgan’s operational risk management framework, including through the escalation of key risk and control issues to management and the development of risk mitigation plans for heightened risk and control issues. Independent Risk Management (“IRM”) independently assesses and challenges the activities and risk management practices of the Global Cybersecurity and Technology Controls organization related to the identification, assessment, measurement and mitigation of cybersecurity risk. As needed, J.P. Morgan engages third-party assessors or auditing firms with industry-recognized expertise on cybersecurity matters to review specific aspects of J.P. Morgan’s cybersecurity risk management framework, processes and controls.

The governance and oversight for cybersecurity risk management includes governance forums that inform management of key areas of concern regarding the prevention, detection, mitigation and remediation of cybersecurity risks.

The CTOC escalates key operational risk and control issues, as appropriate, to the Global Technology Operating Committee (“GTOC”) or its business control committee or to the appropriate LOB and Corporate Control Committees. The GTOC is responsible for the governance of the firmwide Global Technology organization, including oversight of firmwide technology strategies, the delivery of technology and technology operations, the effective use of information technology resources, and monitoring and resolving key operational risk and control matters arising in the Global Technology organization.

Our board of directors is ultimately responsible for the oversight of risks from cybersecurity threats and has delegated responsibility for such oversight of cybersecurity matters to the audit committee. J.P. Morgan’s Cybersecurity Team provides our audit committee with updates, at least semi-annually, concerning cybersecurity risk matters. These updates generally include information regarding cybersecurity and technology developments, J.P. Morgan’s Information Security Program and recommended changes to that program, cybersecurity policies and practices, and ongoing initiatives to improve information security, as well as any significant cybersecurity incidents and the Adviser’s and J.P. Morgan’s efforts to address those incidents.