497 1 d349782d497.htm 497 497

SUPPLEMENT DATED May 1, 2022

To the

PROSPECTUS DATED MAY 1, 2004-WRL FREEDOM ELITE ADVISORSM

PROSPECTUS DATED MAY 1, 1994-WRL FREEDOM SP PLUS ®

PROSPECTUS DATED MAY 1, 1989- THE EQUITY PROTECTOR®

Issued by

Transamerica Life Insurance Company

WRL Series Life Account

Please direct transactions, claim forms, payments and other correspondence and notices as follows:

 

Transaction    Direct or Send to

Telephonic Transaction

   

1-727- 299-1800 or 1-800-851-9777 (toll free)

Facsimile Transaction

   

1-727-299-1648 (subaccount transfers only)

1-727-299-1620 (all other facsimile transactions)

Electronic Transaction

   

tlic.transamerica.com

Payments made by check

   

PO Box 429, Cedar Rapids IA 52406-0429 or

6400 C St. SW, Cedar Rapids IA 52499

Claims, general correspondence, and notices

   

Mailing Address: 6400 C St. SW, Cedar Rapids IA 52499

The following information hereby supplements or amends, and to the extent is inconsistent replaces, certain information contained in your prospectus:

INVESTMENT OPTIONS

Please note the following portfolio change:

 

   

Effective on January 1, 2022, the fund advisor for Transamerica Janus Balanced VP and Transamerica Janus Mid-Cap Growth VP changed its name from Janus Capital Management LLC to Janus Henderson Investors US LLC.

* * * * *

The following section has been revised in “Additional Information”:     

Cyber Security And Business Continuity Risks

The increasing digitalization of the financial services landscape has intensified the financial and reputational risk presented by cybersecurity threats. The COVID-19 pandemic, and the rise in remote working, have further escalated these threats, with the FBI reporting a 300% increase in cybercrimes in the United States since the start of the pandemic.1 As our business becomes more technology driven and our digital reliance increases, we become a greater target for cybercriminals, and more vulnerable to threats such as ransomware attacks.

What Transamerica is doing: We continue to take steps to strengthen our cybersecurity governance, infrastructure, and ability to respond to cyberattacks, for example by further developing our dedicated IT security team, and strengthening controls. The security program aims at analyzing and remediating known vulnerabilities, as well as conducting ongoing exercises to prepare for and respond effectively to cyberattacks. Transamerica’s Risk department also periodically assesses known potential cyber risk factors, together with the first line functions such

 

1

as the Security Operations Center, with known trends or material incidents reported to Transamerica’s Management and Supervisory Boards as necessary. Transamerica also has dedicated teams, processes, and procedures in place that are intended to mitigate potential cyberattacks. https://aegon.me/cybercrime-pandemic.

Overview

Information security and privacy regulation: Transamerica’s businesses are regulated with respect to information security, data breach response, privacy, and data use at both the federal and state levels. At the federal level, various Transamerica companies are subject to the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), and the Health Insurance Portability and Accountability Act (HIPAA), among other laws. At the state level, Departments of Insurance and Financial Services typically administer a series of privacy and information security laws and regulations that impact several Transamerica businesses. In addition, in recent years numerous state legislatures have passed or have attempted to pass additional, more broad-based general consumer privacy laws, such as the California Consumer Privacy Act and the California Privacy Rights Act. Those California laws, as amended, will be administered by the newly formed California Privacy Protection Agency. Additional laws and regulations with respect to these topics are also anticipated to be promulgated and to go into effect in the coming years, and they may be administered by new or different state agencies or by the offices of state Attorneys General. The White House, SEC, and other regulators have also increased their focus on companies’ cybersecurity vulnerabilities and risks, including in relation to third-party service providers.

Operational Risks: A computer system failure or security breach of Transamerica’s IT systems or that of critical third parties may disrupt Transamerica’s business, damage Transamerica’s reputation and adversely affect Transamerica’s results of operations, financial condition, and cash flows.

Transamerica relies heavily on computer and information systems and internet and network connectivity (collectively, “IT systems”) to conduct a large portion of its business operations. This includes the need to securely store, process, transmit and dispose of confidential information, including personal information, through a number of complex systems. In many cases this also includes transmission and processing to or through customers, business partners, (semi-) governmental agencies and third-party service providers. The introduction of new technologies, computer system failures, cyber-crime attacks or security or data privacy breaches may materially disrupt Transamerica’s business operations, damage Transamerica’s reputation, result in regulatory and litigation exposure, investigation and remediation costs, and materially and adversely affect Transamerica’s results of operations, financial condition and cash flows.

The information security risk that Transamerica faces includes the risk of malicious outside forces using public networks and other methods, including social engineering and the exploitation of targeted offline processes, to attack Transamerica’s systems and information and potentially demand ransom. It also includes inside threats, both malicious and accidental. For example, human error, bugs and vulnerabilities that may exist in Transamerica’s systems or software, unauthorized user activity and lack of sufficiently automated processing or sufficient logging and monitoring can result in improper information exposure or failure or delayed detection of such activity in a timely manner. Transamerica also faces risk in this area due to its reliance in many cases on third-party systems, all of which may face cyber and information security risks of their own. Third-party administrators or distribution partners used by Transamerica or its subsidiaries may not adequately secure their own IT systems or may not adequately keep pace with the dynamic changes in this area. Potential bad actors that target Transamerica and applicable third parties may include, but are not limited to, criminal organizations, foreign government bodies, political factions, and others.

In recent years, information security risk has increased sharply due to a number of developments in how information systems are used, not only by companies such as Transamerica, but also by society in general. Threats have increased in frequency and magnitude, and are expected to continue to increase, as criminals and other bad actors become more organized and employ more sophisticated techniques. At the same time companies increasingly make information systems and data available through the internet, mobile devices or other network connections to customers, employees and business partners, thereby expanding the attack surface that bad actors can potentially exploit. As a result of the COVID-19 pandemic, Transamerica also faces increased cybersecurity risks due to the number of Transamerica’s and Transamerica’s service providers’ and partners’ employees who are (and may continue to be) working remotely, which creates additional opportunities for cybercriminals to launch social

 

2

engineering attacks and exploit vulnerabilities in non-corporate IT environments. The White House, SEC and other regulators have also increased their focus on cybersecurity vulnerabilities and risks.

Large financial institutions such as and including Transamerica have been, and will continue to be, subject to information security attacks for the foreseeable future. The nature of these attacks will also continue to be unpredictable, and in many cases may arise from circumstances that are beyond Transamerica’s control. Attackers are also increasingly using tools and techniques that are specifically designed to circumvent controls, to evade detection and even to remove or obfuscate forensic evidence. As a result, Transamerica may be unable to timely or effectively detect, identify, contain, investigate or remediate IT systems in response to, future cyberattacks or security breaches. Especially if and to the extent Transamerica fails to adequately invest in defensive infrastructure, timely response capabilities, technology, controls and processes or to effectively execute against its information security strategy, it may suffer material adverse consequences.

To date the highest impact information security incidents that Transamerica has experienced are believed to have been the result of e-mail phishing attacks targeted at Transamerica’s business partners and customers. This in turn led to the unauthorized use of valid Transamerica website credentials to engage in fraudulent transactions and improper data exfiltration. Additionally, Transamerica has faced other types of attacks, including, but not limited to, other types of phishing attacks, distributed denial of service (DDoS) attacks, technology implementation and update errors, various human errors, e-mail related errors, paper-based errors, exploitations of vulnerabilities and certain limited cases of unauthorized internal user activity. Like many other companies, Transamerica could also be subject to malware, ransomware and similar types of attacks or intrusions. There is no guarantee that the measures that Transamerica takes will be sufficient to stop all types of attacks or mitigate all types of information security or data privacy risks.

Transamerica maintains cyber liability insurance to help decrease the financial impact of cyber-attacks and information security events, subject to the terms and conditions of the policy; however, such insurance may not be sufficient to cover all applicable losses that Transamerica may suffer.

A breach of data privacy or security obligations may disrupt Transamerica’s business, damage Transamerica’s reputation and adversely affect financial conditions and results of operations. Pursuant to applicable laws, various government and semi-governmental and other administrative bodies have established numerous rules protecting the privacy and security of personal information and other confidential or sensitive information held by Transamerica. Notably, certain of Transamerica’s businesses are subject to laws and regulations enacted by US federal and state governments and/or various regulatory organizations relating to the privacy and/or information security of the information of customers, employees or others.

The New York Department of Finance Services (NYDFS), pursuant to its cybersecurity regulation, requires financial institutions regulated by the NYDFS, including certain Transamerica subsidiaries, to, among other things, satisfy an extensive set of minimum information security requirements, including but not limited to governance, management, reporting, policy, technology and control requirements. Other states have adopted similar cybersecurity laws and regulations.

Numerous other US state and federal laws also impose various information security and privacy related obligations with respect to Transamerica, including but not limited to the Gramm-Leach-Bliley Act and related state laws and implementing regulations (GLBA), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the Health Insurance Portability and Accountability Act (HIPAA), among many others. These laws generally provide for governmental investigative and enforcement authority, and in certain cases provide for private rights of action.

Numerous other legislators and regulators with jurisdiction over Transamerica’s businesses are considering or have already enacted enhanced information security risk management and privacy laws and regulations, with the overall number and scope of such laws and regulations continuing to increase every year. A number of Transamerica companies are also subject to contractual restrictions with respect to the use and handling of the sensitive information of Transamerica’s clients and business partners.

 

3

Transamerica, and numerous of its systems, employees, third-party providers and business partners have access to, and routinely process, the personal information of consumers and employees. Transamerica relies on a large number of processes and controls to protect the confidentiality, integrity and availability of personal information and other confidential information that is accessible to, or in the possession of, Transamerica, its systems, employees and business partners. It is possible that a Transamerica or a third party’s employee, contractor, business partner or system could, intentionally or unintentionally, inappropriately disclose or misuse personal or confidential information. Transamerica’s data or data in its possession could also be the subject of an unauthorized information security attack. If Transamerica fails to maintain adequate processes and controls or if Transamerica or its business partners fail to comply with relevant laws and regulations, policies and procedures, misappropriation or intentional or unintentional inappropriate disclosure or misuse of personal information or other confidential information could occur. Such control inadequacies or non-compliance could cause disrupted operations and misstated or unreliable financial data, materially damage Transamerica’s reputation or lead to increased regulatory scrutiny or civil or criminal penalties or (class action) litigation, which, in turn, could have a material adverse effect on Transamerica’s business, financial condition and results of operations.

In addition, Transamerica analyzes personal information and customer data to better manage its business, subject to applicable laws and regulations and other restrictions. It is possible that additional regulatory or other restrictions regarding the use of such information may be imposed. Additional privacy and information security obligations have been imposed by various governments with jurisdiction over Transamerica or its subsidiaries in recent years, and more similar obligations are likely to be imposed in the near future across Transamerica’s operations. Such restrictions and obligations could have material impacts on Transamerica’s business, financial conditions and results of operations.

Business Continuity

Our business operations may be adversely affected by volatile natural and man-made disasters, including (but not limited to) hurricanes, earthquakes, terrorism, civil unrest, geopolitical disputes, military action, fires and explosions, pandemic diseases, and other catastrophes (“Catastrophic Events”). Over the past several years, changing weather patterns and climatic conditions have added to the unpredictability and frequency of natural disasters in certain parts of the world. To date, the COVID-19 pandemic has caused significant uncertainty and disruption to governments, business operations, and consumer behavior on a global scale. Such uncertainty as to future trends and exposure may lead to financial losses to our businesses. Furthermore, Catastrophic Events may disrupt our operations and result in the loss of, or restricted access to, property and information about Transamerica and its clients. Such events may also impact the availability and capacity of our key personnel. If our business continuity plans do not include effective contingencies for Catastrophic Events, we may experience business disruption, damage to corporate reputation, and damage to financial condition for a prolonged period of time.

* * * * *

This Supplement updates certain information in the above referenced prospectuses (the ‘‘Prospectuses’’). Except as indicated in this Supplement, all other information included in the Prospectuses remain unchanged. The terms and section headings we use in this Supplement have the same meaning as in the Prospectuses. We will send you another copy of the applicable Prospectus or any supplement without charge upon request.

For additional information, you may contact us at our administrative office at 1-800-851-9777, from 8:30a.m. – 7:00p.m., Eastern Time or visit our website at: www.tlic.transamerica.com. TCI serves as the principal underwriter for the Policies. More information about TCI is available at www.finra.org or by calling 1-800-289-9999. You also can obtain an investor brochure from the Financial Regulatory Authority (“FINRA”) describing its Public Disclosure Program.

* * * * *

This Supplement must be accompanied or preceded by the current Prospectus.

Please read this Supplement carefully and retain it for future reference.

 

4