BREIT 2017 Annual Report

14 Additionally, the partnership agreement expressly limits our liability by providing that we and our officers, directors, agents and employees will not be liable or accountable to our Operating Partnership for losses sustained, liabilities incurred or benefits not derived if we or our officers, directors, agents or employees acted in good faith. In addition, our Operating Partnership is required to indemnify us and our officers, directors, employees, agents and designees to the extent permitted by applicable law from and against any and all claims arising from operations of our Operating Partnership, unless it is established that: (1) the act or omission was material to the matter giving rise to the proceeding and either was committed in bad faith or was the result of active and deliberate dishonesty; (2) the indemnified party received an improper personal benefit in money, property or services; or (3) in the case of a criminal proceeding, the indemnified person had reasonable cause to believe that the act or omission was unlawful. The provisions of Delaware law that allow the fiduciary duties of a general partner to be modified by a partnership agreement have not been tested in a court of law, and we have not obtained an opinion of counsel covering the provisions set forth in the partnership agreement that purport to waive or restrict our fiduciary duties. Your investment return may be reduced if we are required to register as an investment company under the Investment Company Act. We intend to continue to conduct our operations so that neither we, nor our Operating Partnership nor the subsidiaries of our Operating Partnership are investment companies under the Investment Company Act of 1940, as amended (the “Investment Company Act”). However, there can be no assurance that we and our subsidiaries will be able to successfully avoid operating as an investment company. A change in the value of any of our assets could negatively affect our ability to maintain our exemption from regulation under the Investment Company Act. To maintain compliance with the applicable exemption under the Investment Company Act, we may be unable to sell assets we would otherwise want to sell and may need to sell assets we would otherwise wish to retain. In addition, we may have to acquire additional assets that we might not otherwise have acquired or may have to forego opportunities to acquire assets that we would otherwise want to acquire and would be important to our investment strategy. If we were required to register as an investment company but failed to do so, we would become subject to substantial regulation with respect to our capital structure (including our ability to use borrowings), management, operations, transactions with affiliated persons (as defined in the Investment Company Act), and portfolio composition, including disclosure requirements and restrictions with respect to diversification and industry concentration, and other matters. Compliance with the Investment Company Act would, accordingly, limit our ability to make certain investments and require us to significantly restructure our business plan, which could materially adversely affect our NAV and our ability to pay distributions to our stockholders. Operational risks, including the risk of cyberattacks, may disrupt our businesses, result in losses or limit our growth. We rely heavily on our and Blackstone’s financial, accounting, treasury, communications and other data processing systems. Such systems may fail to operate properly or become disabled as a result of tampering or a breach of the network security systems or otherwise. In addition, such systems are from time to time subject to cyberattacks which may continue to increase in sophistication and frequency in the future. Attacks on Blackstone and its affiliates and their portfolio companies’ and service providers’ systems could involve, and in some instances have in the past involved, attempts that are intended to obtain unauthorized access to our proprietary information or personal identifying information of our stockholders, destroy data or disable, degrade or sabotage our systems, including through the introduction of computer viruses and other malicious code. Cyberattacks and other security threats could originate from a wide variety of sources, including cyber criminals, nation state hackers, hacktivists and other outside parties. There has been an increase in the frequency and sophistication of the cyber and security threats Blackstone faces, with attacks ranging from those common to businesses generally to those that are more advanced and persistent, which may target Blackstone because, as an alternative asset management firm, it holds a significant amount of confidential and sensitive information about its and our investors, its portfolio companies and potential investments. As a result, we and Blackstone may face a heightened risk of a security breach or disruption with respect to this information. If successful, these types of attacks on our or Blackstone’s network or other systems could have a material adverse effect on our business and results of operations, due to, among other things, the loss of investor or proprietary data, interruptions or delays in our business and damage to our reputation. There can be no assurance that the measures Blackstone takes to ensure the integrity of such systems will provide protection, especially because cyberattack techniques used change frequently or are not recognized until successful. In addition, we are highly dependent on information systems and technology. The costs related to cyber or other security threats or disruptions may not be fully insured or indemnified by other means. In addition, cybersecurity has become a top priority for regulators around the world. Many jurisdictions in which Blackstone operates have laws and regulations relating to data privacy, cybersecurity