Prepared for Springfield R-XII School District

28

VALIC prepares and distributes all applicable tax forms required by the Internal Revenue

Service (such as Form 1099R) to any participant who has received a distribution in the given

plan year by the January 31 following the year the distribution is made. VALIC electronically

remits participants’ withholding information to the Internal Revenue Service by the March 31

following the year the distribution is made. We provide audit packages to the plan sponsor

upon request.

VALIC electronically remits participants’ state income tax withholding data to the IRS using

the IRS Federal/State Combined Filing Program.

Form 5500

VALIC offers different levels of administrative services to correspond with the plan sponsor’s

needs. We can prepare the Form 5500 and required schedules or provide reports to assist a

representative from your organization in doing so.

Financial reports for use by the plan sponsor’s Form 5500 auditors are supplied to clients

upon request.

15.Describe your processes and procedures to ensure:

a. Data integrity

Retirement Manager programs and data are isolated from main record keeping system.

Access to Retirement Manager is restricted to authorized users only. Retirement

Manager only shares client data with investment providers, including VALIC, when the

participant is a client of the provider.

Access to programs and data is monitored, controlled and audited. Audits are conducted

on an ongoing basis with both scheduled like SOX and SSAE16 and impromptu reviews.

In storing and handling information, VRSCO will comply with applicable requirements of

federal and state laws governing privacy and security.

The underlying VRSCO infrastructure, applications, and processes provide layers of

defense to prevent inappropriate use of client information. At the most basic level, there

are firewalls, network intrusion detection devices, and the servers are hardened. Next,

the applications are built with security as a basic tenet utilizing modern technology,

secure coding techniques and extensive logging and monitoring. Lastly, and most

important, is that there is a Governance process in place to ensure security practices at

these different layers are kept current to protect client information.

Employee access to client information must be explicitly granted and periodically

recertified for each VRSCO employee. Access to highly sensitive information like SSN

and DOB, has been removed or masked on internal systems unless it is absolutely

necessary to perform a transaction or exchanging information with an employer.

Extensive automated restrictions exist to limit employee ability to download, email, and

even print sensitive client data. Client data on VRSCO systems is encrypted when