Prepared for Springfield R-XII School District
28
VALIC prepares and distributes all applicable tax forms required by the Internal Revenue
Service (such as Form 1099R) to any participant who has received a distribution in the given
plan year by the January 31 following the year the distribution is made. VALIC electronically
remits participants’ withholding information to the Internal Revenue Service by the March 31
following the year the distribution is made. We provide audit packages to the plan sponsor
upon request.
VALIC electronically remits participants’ state income tax withholding data to the IRS using
the IRS Federal/State Combined Filing Program.
Form 5500
VALIC offers different levels of administrative services to correspond with the plan sponsor’s
needs. We can prepare the Form 5500 and required schedules or provide reports to assist a
representative from your organization in doing so.
Financial reports for use by the plan sponsor’s Form 5500 auditors are supplied to clients
upon request.
15.Describe your processes and procedures to ensure:
a. Data integrity
Retirement Manager programs and data are isolated from main record keeping system.
Access to Retirement Manager is restricted to authorized users only. Retirement
Manager only shares client data with investment providers, including VALIC, when the
participant is a client of the provider.
Access to programs and data is monitored, controlled and audited. Audits are conducted
on an ongoing basis with both scheduled like SOX and SSAE16 and impromptu reviews.
In storing and handling information, VRSCO will comply with applicable requirements of
federal and state laws governing privacy and security.
The underlying VRSCO infrastructure, applications, and processes provide layers of
defense to prevent inappropriate use of client information. At the most basic level, there
are firewalls, network intrusion detection devices, and the servers are hardened. Next,
the applications are built with security as a basic tenet utilizing modern technology,
secure coding techniques and extensive logging and monitoring. Lastly, and most
important, is that there is a Governance process in place to ensure security practices at
these different layers are kept current to protect client information.
Employee access to client information must be explicitly granted and periodically
recertified for each VRSCO employee. Access to highly sensitive information like SSN
and DOB, has been removed or masked on internal systems unless it is absolutely
necessary to perform a transaction or exchanging information with an employer.
Extensive automated restrictions exist to limit employee ability to download, email, and
even print sensitive client data. Client data on VRSCO systems is encrypted when