Any individual or entity appointed by VA as a fiduciary to receive VA benefit payments on behalf of a beneficiary in the fiduciary program must fulfill certain responsibilities associated with the services of a fiduciary. These responsibilities include:
(1) Fiduciaries appointed by VA to manage the VA funds of a beneficiary are also responsible for monitoring the beneficiary's well-being and using available funds to ensure that the beneficiary's needs are met. Fiduciaries owe VA and beneficiaries the duties of good faith and candor and must administer a beneficiary's funds under management in accordance with paragraph (b) of this section. In all cases, the fiduciary must disburse or otherwise manage funds according to the best interests of the beneficiary and the beneficiary's dependents and in light of the beneficiary's unique circumstances, needs, desires, beliefs, and values.
(2) The fiduciary must take all reasonable precautions to protect the beneficiary's private information contained in the fiduciary's paper and electronic records.
(i) For purposes of this section:
(A) Reasonable precautions means protecting against any unauthorized access to or use of the beneficiary's private information that may result in substantial harm or inconvenience to the beneficiary; and
(B) Private information means a beneficiary's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such beneficiary: VA claim number, Social Security number, date of birth, address, driver's license number or state-issued identification card number, or financial account number or credit card or debit card number, with or without any required security code, access code, personal identification number, or password, that would permit access to the beneficiary's account.
(ii) At a minimum, fiduciaries must place reasonable restrictions upon access to paper records containing the beneficiary's private information, including storage of such records in locked facilities, storage areas, or containers.
(iii) For electronic records containing the beneficiary's private information, the fiduciary must:
(A) Use unique identifications and passwords, which are not vendor-supplied default identifications and passwords, for computer, network, or online site access that are reasonably designed to maintain the security of the beneficiary's information and the fiduciary's financial transactions;
(B) Control access to data security passwords to ensure that such passwords are kept in a location and format that do not compromise the security of the beneficiary's private information; and
(C) For records containing private information on a computer system that is connected to the internet, keep reasonably up-to-date firewall and virus protection and operating system security patches to maintain the integrity of the beneficiary's private information and prevent unauthorized disclosure. For purposes of this section, a system is reasonably updated if the fiduciary installs software updates immediately upon release by the original equipment or software manufacturer, uses internet browser security settings suitable for transmission of private information, and maintains password-protected wireless connections or other networks.
(iv) The fiduciary must keep all paper and electronic records relating to the fiduciary's management of VA benefit funds for the beneficiary for the duration of service as fiduciary for the beneficiary and for a minimum of 2 years from the date that VA removes the fiduciary under § 13.500 or from the date that the fiduciary withdraws as fiduciary for the beneficiary under § 13.510.
(b) Financial responsibilities. The fiduciary's primary financial responsibilities include, but are not limited to:
(1) The use of the beneficiary's VA benefit funds under management only for the care, support, education, health, and welfare of the beneficiary and his or her dependents. Except as authorized under § 13.220 regarding fiduciary fees, a fiduciary may not derive a personal financial benefit from management or use of the beneficiary's funds;
(2) Protection of the beneficiary's VA benefits from loss or diversion;
(3) Except as prescribed in § 13.200 regarding fiduciary accounts, maintenance of separate financial accounts to prevent commingling of the beneficiary's funds with the fiduciary's own funds or the funds of any other beneficiary for whom the fiduciary has funds under management;
(4) Determination of the beneficiary's just debts. For purposes of this section, just debts mean the beneficiary's legitimate, legally enforceable debts;
(5) Timely payment of the beneficiary's just debts, provided that the fiduciary has VA benefit funds under management for the beneficiary to cover such debts;
(6) Providing the beneficiary with information regarding VA benefit funds under management for the beneficiary, including fund usage, upon request;
(7) Providing the beneficiary with a copy of the annual accounting approved by VA under § 13.280;
(8) Ensuring that any best-interest determination regarding the use of funds is consistent with VA policy, which recognizes that beneficiaries in the fiduciary program are entitled to the same standard of living as any other beneficiary with the same or similar financial resources, and that the fiduciary program is not primarily for the purpose of preserving funds for the beneficiary's heirs or disbursing funds according to the fiduciary's own beliefs, values, preferences, and interests; and
(9) Protecting the beneficiary's funds from the claims of creditors as described in § 13.270.
(c) Non-financial responsibilities. The fiduciary's primary non-financial responsibilities include, but are not limited to:
(1) Contacting social workers, mental health professionals, or the beneficiary's legal guardian regarding the beneficiary, when necessary;
(2) To the extent possible, ensuring the beneficiary receives appropriate medical care;
(3) Correcting any discord or uncomfortable living or other situations when possible;
(4) Acknowledging and addressing any complaints or concerns of the beneficiary to the best of the fiduciary's ability;
(5) Reporting to the appropriate authorities, including any legal guardian, any type of known or suspected abuse of the beneficiary;
(6) Maintaining contact with the beneficiary for purposes of assessing the beneficiary's capabilities, limitations, needs, and opportunities;
(7) Being responsive to the beneficiary and ensuring the beneficiary and his or her legal guardian have the fiduciary's current contact information.
(d) The fiduciary's responsibilities to VA. Any fiduciary who has VA benefit funds under management on behalf of a beneficiary in the fiduciary program must:
(1) If the fiduciary is also appointed by a court, annually provide to the fiduciary hub with jurisdiction a certified copy of the accounting(s) provided to the court or facilitate the hub's receipt of such accountings;
(2) Notify the fiduciary hub regarding any change in the beneficiary's circumstances, to include the beneficiary's relocation, the beneficiary's serious illness, or any other significant change in the beneficiary's circumstances which might adversely impact the beneficiary's well-being;
(3) Provide documentation or verification of any records concerning the beneficiary or matters relating to the fiduciary's responsibilities within 30 days of a VA request, unless otherwise directed by the Hub Manager;
(4) When necessary, appear before VA for face-to-face meetings; and
(5) Comply with the policies and procedures prescribed in this part.
(Approved by the Office of Management and Budget under control numbers 2900-0017 and 2900-0085)