Prospectus by Investment Company - Form 497

497

TRANSAMERICA JOURNEYPSM Issued by Transamerica Life Insurance Company Separate Account VUL-3		and		TRANSAMERICA JOURNEYSM NY Issued by Transamerica Financial Life Insurance Company TFLIC Series Life Account

SUPPLEMENT DATED MAY 1, 2024

To the

PROSPECTUSES DATED MAY 1, 2017

Please direct transactions, claim forms, payments and other correspondence and notices as follows:

Transaction		Direct or Send to
Telephonic Transaction		1-727-299-1800 or 1-800-322-7164 (toll free)
Facsimile Transaction		1-727-299-1620
Payments made by check		PO Box 429, Cedar Rapids IA 52406-0429 or 6400 C St. SW, Cedar Rapids IA 52499
Claims, general correspondence, and notices		Mailing Address: 6400 C St. SW, Cedar Rapids IA 52499

The following information hereby supplements or amends, and to the extent is inconsistent replaces, certain information contained in your prospectus:

INVESTMENT OPTIONS

Please note the following portfolio changes:

On or about May 1, 2024, the funds listed below were renamed. The sub-advisor changed from Pacific Investment Management Company LLC ("PIMCO") to BlackRock Investment Management, LLC. The objective for the funds is to seek a combination of capital appreciation and income.

Old Portfolio Name		New Portfolio Name
Transamerica PIMCO Tactical - Balanced VP		Transamerica BlackRock iShares Tactical - Balanced VP
Transamerica PIMCO Tactical - Conservative VP		Transamerica BlackRock iShares Tactical - Conservative VP
Transamerica PIMCO Tactical - Growth VP		Transamerica BlackRock iShares Tactical - Growth VP

* * * * *

The following section has been revised in "Additional Information":

CYBERSECURITY RISKS

OPPORTUNITIES and CHALLENGES

The increasing digitalization of the financial services landscape has intensified the financial and reputational risk presented by cybersecurity threats. The COVID-19 pandemic, and the rise in remote working, have further escalated these threats. As our business becomes more technology driven and our digital reliance increases, we become a greater target for cybercriminals, and more vulnerable to threats such as ransomware attacks.

What Transamerica is doing

Transamerica maintains a well-documented information security program which is based on ISO 27000 series and incorporates aspects of COBIT, NIST, SANS, as well as other industry-recognized frameworks and best

1

practices. The program is designed to protect the infrastructure, information systems, and the information in Transamerica's systems from unauthorized access, use, or other malicious acts by enabling the organization to identify risks, implement the appropriate protections, and detect and respond to cybersecurity events. Transamerica has established strong security policies, procedures, guidelines, and standards that are reviewed regularly to ensure compliance with applicable laws, regulations, and alignment with industry standards. Our cybersecurity program covers every aspect of security management: data handling and classification; access controls and identity management; business continuity and disaster recovery; configuration management; asset management; risk assessment; data disposal; information security incident response; system operations; vulnerability and patch management; system, application, and network security and monitoring; systems and application development and performance; physical and environmental controls; data privacy; vendor and third- party service provider management; consistent use of multi-factor authentication; cybersecurity awareness training; and encryption.

We continue to take steps to strengthen our information security program, infrastructure, and ability to respond to cyberattacks, for example, by further developing our dedicated Information Security teams and strengthening controls. Transamerica's Risk Management teams also periodically assesses known potential cyber risk factors, together with the first line functions such as the Security Operations Center, with known trends or material incidents reported to Transamerica's Management and Supervisory Boards as necessary.

OVERVIEW

Information security and privacy regulation

Transamerica's businesses are regulated with respect to information security, data breach response, privacy, and data use at both the federal and state levels. At the federal level, various Transamerica companies are subject to the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), and the Health Insurance Portability and Accountability Act (HIPAA), among other laws. At the state level, Departments of Insurance and Financial Services typically administer a series of privacy and information security laws and regulations that impact several Transamerica businesses such as the New York Department of Financial Services Rule 500 (NYDFS Rule 500). NYDFS amended its Part 500 Cybersecurity Rules to adopt heightened information security requirements in relation to areas such as cybersecurity governance, cybersecurity risk assessments, and incident reporting. In addition, in recent years numerous state legislatures have passed or have attempted to pass additional, more broad-based general consumer privacy laws, such as the California Consumer Privacy Act and the California Privacy Rights Act. Additional laws and regulations with respect to these topics are also anticipated to be promulgated and to go into effect in the coming years, and they may be administered by new or different state agencies or by the offices of state Attorneys General. The White House, SEC, and other regulators have also increased their focus on companies' cybersecurity vulnerabilities and risks, including in relation to third-party service providers. The SEC has recently adopted the Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies on July 26, 2023 (the "Rule"). The Rule enhances and standardizes disclosures for public companies with regards to their cybersecurity risk strategy, management, and governance. The Rule also requires the reporting of a cybersecurity incident within four business days of determining that an incident is deemed material.

Operational Risks

A computer system failure or security breach of Transamerica's IT systems or that of critical third parties may disrupt Transamerica's business, damage Transamerica's reputation and adversely affect Transamerica's results of operations, financial condition, and cash flows.

Transamerica relies heavily on computer and information systems and internet and network connectivity (collectively, "IT systems") to conduct a large portion of its business operations. This includes the need to securely store, process, transmit and dispose of confidential information, including personal information, through a number of complex systems. In many cases this also includes transmission and processing to or through customers, business partners, (semi-) governmental agencies and third-party service providers. Computer system failures, cyber-crime attacks or security or data privacy breaches may materially disrupt Transamerica's business operations, damage Transamerica's reputation, result in regulatory and litigation exposure, investigation and remediation costs, and materially and adversely affect Transamerica's results of operations, financial condition and cash flows.

2

The information security risk that Transamerica faces includes the risk of malicious outside forces using public networks and other methods, including social engineering and the exploitation of targeted offline processes, to attack Transamerica's systems and information and potentially demand ransom. It also includes inside threats, both malicious and accidental. For example, human error, bugs and vulnerabilities that may exist in Transamerica's systems or software, unauthorized user activity and lack of sufficiently automated processing or sufficient logging and monitoring can result in improper information exposure or failure or delayed detection of such activity in a timely manner. Transamerica also faces risk in this area due to its reliance in many cases on third-party systems, all of which may face cyber and information security risks of their own. Third-party administrators or distribution partners used by Transamerica or its subsidiaries may not adequately secure their own IT systems or may not adequately keep pace with the dynamic changes in this area. Potential bad actors that target Transamerica and applicable third parties may include, but are not limited to, criminal organizations, foreign government bodies, political factions, and others.

In recent years, information security risk has increased sharply due to a number of developments in how information systems are used, not only by companies such as Transamerica, but also by society in general. Threats have increased in frequency and magnitude, and are expected to continue to increase, as criminals and other bad actors become more organized and employ more sophisticated techniques. At the same time companies increasingly make information systems and data available through the internet, mobile devices or other network connections to customers, employees and business partners, thereby expanding the attack surface that bad actors can potentially exploit. As a result of the COVID-19 pandemic, Transamerica also faces increased cybersecurity risks due to the number of Transamerica's and Transamerica's service providers' and partners' employees who are working remotely, which creates additional opportunities for cybercriminals to launch social engineering attacks and exploit vulnerabilities in non-corporate IT environments. The White House, SEC and other regulators have also increased their focus on cybersecurity vulnerabilities and risks.

Large financial institutions such as and including Transamerica have been, and will continue to be, subject to information security attacks. The nature of these attacks will also continue to be unpredictable, and in many cases, may arise from circumstances that are beyond Transamerica's control. Attackers are also increasingly using tools and techniques that are specifically designed to circumvent controls, to evade detection and even to remove or obfuscate forensic evidence. As a result, Transamerica may be unable to timely or effectively detect, identify, contain, investigate or remediate IT systems in response to, future cyberattacks or security breaches. Especially if and to the extent Transamerica fails to adequately invest in defensive infrastructure, timely response capabilities, technology, controls and processes, or to effectively execute against its information security strategy, it may suffer material adverse consequences.

Transamerica maintains cyber liability insurance to help decrease the financial impact of cyber-attacks and information security events, subject to the terms and conditions of the policy; however, such insurance may not be sufficient to cover all applicable losses that Transamerica may suffer.

A breach of data privacy or security obligations may disrupt Transamerica's business, damage Transamerica's reputation and adversely affect financial conditions and results of operations. Pursuant to applicable laws, various government and semi-governmental and other administrative bodies have established numerous rules protecting the privacy and security of personal information and other confidential or sensitive information held by Transamerica. Notably, certain of Transamerica's businesses are subject to laws and regulations enacted by US federal and state governments and/or various regulatory organizations relating to the privacy and/or information security of the information of customers, employees or others.

The New York Department of Finance Services (NYDFS), pursuant to its cybersecurity regulation, requires financial institutions regulated by the NYDFS, including certain Transamerica subsidiaries, to, among other things, satisfy an extensive set of minimum information security requirements, including but not limited to governance, management, reporting, policy, technology and control requirements. Other states have adopted similar cybersecurity laws and regulations.

Numerous other US state and federal laws also impose various information security and privacy related obligations with respect to Transamerica, including but not limited to the Gramm-Leach-Bliley Act and related state laws and implementing regulations (GLBA), the California Consumer Privacy Act (CCPA), the California Privacy

3

Rights Act (CPRA), and the Health Insurance Portability and Accountability Act (HIPAA), among many others. These laws generally provide for governmental investigative and enforcement authority, and in certain cases provide for private rights of action.

Numerous other legislators and regulators with jurisdiction over Transamerica's businesses are considering or have already enacted enhanced information security risk management and privacy laws and regulations, with the overall number and scope of such laws and regulations continuing to increase every year. A number of Transamerica companies are also subject to contractual restrictions with respect to the use and handling of the sensitive information of Transamerica's clients and business partners.

Transamerica, and numerous of its systems, employees, third-party providers and business partners have access to, and routinely process, the personal information of consumers and employees. Transamerica relies on a large number of processes and controls to protect the confidentiality, integrity and availability of personal information and other confidential information that is accessible to, or in the possession of, Transamerica, its systems, employees and business partners. It is possible that a Transamerica or a third party's employee, contractor, business partner or system could, intentionally or unintentionally, inappropriately disclose or misuse personal or confidential information. Transamerica's data or data in its possession could also be the subject of an unauthorized information security attack. If Transamerica fails to maintain adequate processes and controls or if Transamerica or its business partners fail to comply with relevant laws and regulations, policies and procedures, misappropriation or intentional or unintentional inappropriate disclosure or misuse of personal information or other confidential information could occur. Such control inadequacies or non-compliance could cause disrupted operations and misstated or unreliable financial data, materially damage Transamerica's reputation or lead to increased regulatory scrutiny or civil or criminal penalties or (class action) litigation, which, in turn, could have a material adverse effect on Transamerica's business, financial condition and results of operations.

In addition, Transamerica analyzes personal information and customer data to better manage its business, subject to applicable laws and regulations and other restrictions. It is possible that additional regulatory or other restrictions regarding the use of such information may be imposed. Additional privacy and information security obligations have been imposed by various governments with jurisdiction over Transamerica or its subsidiaries in recent years, and more similar obligations are likely to be imposed in the near future across Transamerica's operations. Such restrictions and obligations could have material impacts on Transamerica's business, financial conditions and results of operations.

* * * * *

This Supplement updates certain information in the above referenced prospectuses (the ''Prospectuses''). Except as indicated in this Supplement, all other information included in the Prospectuses remain unchanged. The terms and section headings we use in this Supplement have the same meaning as in the Prospectuses. We will send you another copy of the applicable Prospectus or any supplement without charge upon request.

For additional information, you may contact us at our administrative office at 1-800-851-9777 from 8:30a.m. - 7:00p.m., Eastern Time. TCI serves as principal underwriter for the Policies. More information about TCI is available at www.finra.org or by calling 1-800-289-9999. You also can obtain an investor brochure from the Financial Regulatory Authority ("FINRA") describing its Public Disclosure Program.

* * * * *

This Supplement must be accompanied or preceded by the current Prospectus.

Please read this Supplement carefully and retain it for future reference.

4

Public link

Please use the above public link if you want to share this noodl on another website.