0001193125-23-129118.txt : 20230501 0001193125-23-129118.hdr.sgml : 20230501 20230501093800 ACCESSION NUMBER: 0001193125-23-129118 CONFORMED SUBMISSION TYPE: 497 PUBLIC DOCUMENT COUNT: 1 FILED AS OF DATE: 20230501 DATE AS OF CHANGE: 20230501 EFFECTIVENESS DATE: 20230501 FILER: COMPANY DATA: COMPANY CONFORMED NAME: WRL SERIES LIFE ACCOUNT CENTRAL INDEX KEY: 0000778209 IRS NUMBER: 000000000 STATE OF INCORPORATION: OH FISCAL YEAR END: 1231 FILING VALUES: FORM TYPE: 497 SEC ACT: 1933 Act SEC FILE NUMBER: 333-249191 FILM NUMBER: 23870736 BUSINESS ADDRESS: STREET 1: 570 CARILLON PARKWAY CITY: ST PETERSBURG STATE: FL ZIP: 33716 BUSINESS PHONE: 319-355-8366 MAIL ADDRESS: STREET 1: 570 CARILLON PARKWAY CITY: ST PETERSBURG STATE: FL ZIP: 33716 0000778209 S000006588 WRL SERIES LIFE ACCOUNT C000223660 The Equity Protector 497 1 d438225d497.htm 497 497

SUPPLEMENT DATED May 1, 2023

To the

PROSPECTUS DATED MAY 1, 2004-WRL FREEDOM ELITE ADVISORSM

PROSPECTUS DATED MAY 1, 1994-WRL FREEDOM SP PLUS ®

PROSPECTUS DATED MAY 1, 1989- THE EQUITY PROTECTOR®

Issued by

Transamerica Life Insurance Company

WRL Series Life Account

Please direct transactions, claim forms, payments and other correspondence and notices as follows:

 

Transaction    Direct or Send to
Telephonic Transaction    1-727- 299-1800 or 1-800-851-9777 (toll free)
Facsimile Transaction    1-727-299-1620
Electronic Transaction    tlic.transamerica.com
Payments made by check   

PO Box 429, Cedar Rapids IA 52406-0429 or

6400 C St. SW, Cedar Rapids IA 52499

Claims, general correspondence, and notices    Mailing Address: 6400 C St. SW, Cedar Rapids IA 52499

The following information hereby supplements or amends, and to the extent is inconsistent replaces, certain information contained in your prospectus:

INVESTMENT OPTIONS

Please note the following portfolio change:

 

   

Effective on November 1, 2022, Transamerica PIMCO Total Return VP was renamed Transamerica Aegon Bond VP. The sub-advisor changed from Pacific Investment Management Company LLC to Aegon USA Investment Management, LLC.

 

   

Effective on November 1, 2022, Transamerica JPMorgan Core Bond VP was renamed. The sub-advisor changed from J.P. Morgan Investment Management Inc. to Aegon USA Investment Management, LLC.

 

   

Effective or about May 1, 2023, Transamerica BlackRock Global Real Estate Securities VP will be renamed Transamerica BlackRock Real Estate Securities VP.

These changes will not result in any changes to the investment objective, policies, or fees of the applicable portfolios.

* * * * *

The following section has been revised in “Additional Information”:     

CYBERSECURITY RISKS

OPPORTUNITIES and CHALLENGES

The increasing digitalization of the financial services landscape has intensified the financial and reputational risk presented by cybersecurity threats. The COVID-19 pandemic, and the continuation of remote working, have further

 

1


escalated these threats. As our business becomes more technology driven and our digital reliance increases, we become a greater target for cybercriminals, and more vulnerable to threats such as ransomware attacks.

What Transamerica is doing

Transamerica maintains a well-documented information security program which is based on ISO 27000 series and incorporates aspects of COBIT, NIST, SANS, as well as other industry-recognized frameworks and best practices. The program is designed to protect the infrastructure, information systems, and the information in Transamerica’s systems from unauthorized access, use, or other malicious acts by enabling the organization to identify risks, implement the appropriate protections, and detect and respond to cybersecurity events. Transamerica has established strong security policies, procedures, guidelines, and standards that are reviewed regularly to ensure compliance with applicable laws, regulations, and alignment with industry standards. Our cybersecurity program covers every aspect of security management: data handling and classification; access controls and identity management; business continuity and disaster recovery; configuration management; asset management; risk assessment; data disposal; information security incident response; system operations; vulnerability and patch management; system, application, and network security and monitoring; systems and application development and performance; physical and environmental controls; data privacy; vendor and third- party service provider management; consistent use of multi-factor authentication; cybersecurity awareness training; and encryption.

We continue to take steps to strengthen our information security program, infrastructure, and ability to respond to cyberattacks;, for example, by further developing our dedicated Information Security teams and strengthening controls. Transamerica’s Risk Management teams also periodically assesses known potential cyber risk factors, together with the first line functions such as the Security Operations Center, with known trends or material incidents reported to Transamerica’s Management and Supervisory Boards as necessary.

OVERVIEW

Information security and privacy regulation

Transamerica’s businesses are regulated with respect to information security, data breach response, privacy, and data use at both the federal and state levels. At the federal level, various Transamerica companies are subject to the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), and the Health Insurance Portability and Accountability Act (HIPAA), among other laws. At the state level, Departments of Insurance and Financial Services typically administer a series of privacy and information security laws and regulations that impact several Transamerica businesses such as the New Year Department of Financial Services Rule 500 (NYDFS Rule 500). In addition, in recent years numerous state legislatures have passed or have attempted to pass additional, more broad-based general consumer privacy laws, such as the California Consumer Privacy Act and the California Privacy Rights Act. Those California laws, as amended, will be administered by the California Privacy Protection Agency. Additional laws and regulations with respect to these topics are also anticipated to be promulgated and to go into effect in the coming years, and they may be administered by new or different state agencies or by the offices of state Attorneys General. The White House, SEC, and other regulators have also increased their focus on companies’ cybersecurity vulnerabilities and risks, including in relation to third-party service providers.

Operational Risks

A computer system failure or security breach of Transamerica’s IT systems or that of critical third parties may disrupt Transamerica’s business, damage Transamerica’s reputation and adversely affect Transamerica’s results of operations, financial condition, and cash flows.

Transamerica relies heavily on computer and information systems and internet and network connectivity (collectively, “IT systems”) to conduct a large portion of its business operations. This includes the need to securely store, process, transmit and dispose of confidential information, including personal information, through a number of complex systems. In many cases this also includes transmission and processing to or through customers, business partners, (semi-) governmental agencies and third-party service providers. Computer system failures, cyber-crime attacks or security or data privacy breaches may materially disrupt Transamerica’s business operations, damage Transamerica’s reputation, result in regulatory and litigation exposure, investigation and remediation costs, and materially and adversely affect Transamerica’s results of operations, financial condition and cash flows.

 

2


The information security risk that Transamerica faces includes the risk of malicious outside forces using public networks and other methods, including social engineering and the exploitation of targeted offline processes, to attack Transamerica’s systems and information and potentially demand ransom. It also includes inside threats, both malicious and accidental. For example, human error, bugs and vulnerabilities that may exist in Transamerica’s systems or software, unauthorized user activity and lack of sufficiently automated processing or sufficient logging and monitoring can result in improper information exposure or failure or delayed detection of such activity in a timely manner. Transamerica also faces risk in this area due to its reliance in many cases on third-party systems, all of which may face cyber and information security risks of their own. Third-party administrators or distribution partners used by Transamerica or its subsidiaries may not adequately secure their own IT systems or may not adequately keep pace with the dynamic changes in this area. Potential bad actors that target Transamerica and applicable third parties may include, but are not limited to, criminal organizations, foreign government bodies, political factions, and others.

In recent years, information security risk has increased sharply due to a number of developments in how information systems are used, not only by companies such as Transamerica, but also by society in general. Threats have increased in frequency and magnitude, and are expected to continue to increase, as criminals and other bad actors become more organized and employ more sophisticated techniques. At the same time companies increasingly make information systems and data available through the internet, mobile devices or other network connections to customers, employees and business partners, thereby expanding the attack surface that bad actors can potentially exploit. As a result of the COVID-19 pandemic, Transamerica also faces increased cybersecurity risks due to the number of Transamerica’s and Transamerica’s service providers’ and partners’ employees who are working remotely, which creates additional opportunities for cybercriminals to launch social engineering attacks and exploit vulnerabilities in non-corporate IT environments. The White House, SEC and other regulators have also increased their focus on cybersecurity vulnerabilities and risks.

Large financial institutions such as and including Transamerica have been, and will continue to be, subject to information security attacks. The nature of these attacks will also continue to be unpredictable, and in many cases, may arise from circumstances that are beyond Transamerica’s control. Attackers are also increasingly using tools and techniques that are specifically designed to circumvent controls, to evade detection and even to remove or obfuscate forensic evidence. As a result, Transamerica may be unable to timely or effectively detect, identify, contain, investigate or remediate IT systems in response to, future cyberattacks or security breaches. Especially if and to the extent Transamerica fails to adequately invest in defensive infrastructure, timely response capabilities, technology, controls and processes, or to effectively execute against its information security strategy, it may suffer material adverse consequences.

To date the highest impact information security incidents that Transamerica has experienced are believed to have been the result of e-mail phishing attacks targeted at Transamerica’s business partners and customers. This in turn led to the unauthorized use of valid Transamerica website credentials to engage in fraudulent transactions and improper data exfiltration. Additionally, Transamerica has faced other types of attacks, including, but not limited to, other types of phishing attacks, distributed denial of service (DDoS) attacks, technology implementation and update errors, various human errors, e-mail related errors, paper-based errors, exploitations of vulnerabilities and certain limited cases of unauthorized internal user activity. Like many other companies, Transamerica could also be subject to malware, ransomware and similar types of attacks or intrusions. There is no guarantee that the measures that Transamerica takes will be sufficient to stop all types of attacks or mitigate all types of information security or data privacy risks.

Transamerica maintains cyber liability insurance to help decrease the financial impact of cyber-attacks and information security events, subject to the terms and conditions of the policy; however, such insurance may not be sufficient to cover all applicable losses that Transamerica may suffer.

A breach of data privacy or security obligations may disrupt Transamerica’s business, damage Transamerica’s reputation and adversely affect financial conditions and results of operations.

Pursuant to applicable laws, various government and semi-governmental and other administrative bodies have established numerous rules protecting the privacy and security of personal information and other confidential or sensitive information held by Transamerica. Notably, certain of Transamerica’s businesses are subject to laws and

 

3


regulations enacted by US federal and state governments and/or various regulatory organizations relating to the privacy and/or information security of the information of customers, employees or others.

The New York Department of Finance Services (NYDFS), pursuant to its cybersecurity regulation, requires financial institutions regulated by the NYDFS, including certain Transamerica subsidiaries, to, among other things, satisfy an extensive set of minimum information security requirements, including but not limited to governance, management, reporting, policy, technology and control requirements. Other states have adopted similar cybersecurity laws and regulations. NYDFS has also issued two proposed amendments to NYDFS Rule 500 that move beyond administrative and technical safeguards to granular regulations on cybersecurity governance and risk management.

Numerous other US state and federal laws also impose various information security and privacy related obligations with respect to Transamerica, including but not limited to the Gramm-Leach-Bliley Act and related state laws and implementing regulations (GLBA), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the Health Insurance Portability and Accountability Act (HIPAA), among many others. These laws generally provide for governmental investigative and enforcement authority, and in certain cases provide for private rights of action.

Numerous other legislators and regulators with jurisdiction over Transamerica’s businesses are considering or have already enacted enhanced information security risk management and privacy laws and regulations, with the overall number and scope of such laws and regulations continuing to increase every year. A number of Transamerica companies are also subject to contractual restrictions with respect to the use and handling of the sensitive information of Transamerica’s clients and business partners.

Transamerica, and numerous of its systems, employees, third-party providers and business partners have access to, and routinely process, the personal information of consumers and employees. Transamerica relies on a large number of processes and controls to protect the confidentiality, integrity and availability of personal information and other confidential information that is accessible to, or in the possession of, Transamerica, its systems, employees and business partners. It is possible that a Transamerica or a third party’s employee, contractor, business partner or system could, intentionally or unintentionally, inappropriately disclose or misuse personal or confidential information. Transamerica’s data or data in its possession could also be the subject of an unauthorized information security attack. If Transamerica fails to maintain adequate processes and controls or if Transamerica or its business partners fail to comply with relevant laws and regulations, policies and procedures, misappropriation or intentional or unintentional inappropriate disclosure or misuse of personal information or other confidential information could occur. Such control inadequacies or non-compliance could cause disrupted operations and misstated or unreliable financial data, materially damage Transamerica’s reputation or lead to increased regulatory scrutiny or civil or criminal penalties or (class action) litigation, which, in turn, could have a material adverse effect on Transamerica’s business, financial condition and results of operations.

In addition, Transamerica analyzes personal information and customer data to better manage its business, subject to applicable laws and regulations and other restrictions. It is possible that additional regulatory or other restrictions regarding the use of such information may be imposed. Additional privacy and information security obligations have been imposed by various governments with jurisdiction over Transamerica or its subsidiaries in recent years, and more similar obligations are likely to be imposed in the near future across Transamerica’s operations. Such restrictions and obligations could have material impacts on Transamerica’s business, financial conditions and results of operations.

In order to supplement the description in the prospectus, the following provides additional information about us and the policy, which may be of interest to a prospective purchaser.

* * * * *

This Supplement updates certain information in the above referenced prospectuses (the ‘‘Prospectuses’’). Except as indicated in this Supplement, all other information included in the Prospectuses remain unchanged. The

 

4


terms and section headings we use in this Supplement have the same meaning as in the Prospectuses. We will send you another copy of the applicable Prospectus or any supplement without charge upon request.

For additional information, you may contact us at our administrative office at 1-800-851-9777, from 8:30a.m. – 7:00p.m., Eastern Time or visit our website at: www.tlic.transamerica.com. TCI serves as the principal underwriter for the Policies. More information about TCI is available at www.finra.org or by calling 1-800-289-9999. You also can obtain an investor brochure from the Financial Regulatory Authority (“FINRA”) describing its Public Disclosure Program.

* * * * *

This Supplement must be accompanied or preceded by the current Prospectus.

Please read this Supplement carefully and retain it for future reference.

 

5