Should we be considering appraisers and title companies as "service providers" as far as vendor management is concerned in relation to vendor files, confidentiality agreements, risk assessments, etc.? In additon, same question applied to investors associated with our sale of mortgage loans on the secondary market...should be conduct the full gamet of vendor management due dilligence on them as well?

I include all of our vendors in the Vendor Management Program including Title Companies, Appraisers, Closing Attorneys, Flood Insurance Monitoring Vendor and Credit Reporting Agencies. I would not include Investors that you sell your loans to. In fact, I believe that those Investors would consider you the Vendor.

We include these also but the level of review is different than say our Core Processor.

How do you treat vendors who might have casual access to nonpublic information? I'm thinking in particular of a remodel crew. I know you don't want the full review; but, what about confidentiality in case they just see something while on location?

I also have a question on vendor management. Who would you consider a critical vendor?

Suzette -- this is from FDIC's FIL-44-2008 (Third-Party Risk Guidance for Managing Third-Party Risk):

A third-party relationship should be considered significant if the institution's relationship with the third party is a new relationship or involves implementing new bank activities; the relationship has a material effect on the institution's revenues or expenses; the third party performs critical functions; the third party stores, accesses, transmits, or performs transactions on sensitive customer information; the third party markets bank products or services; the third party provides a product or performs a service involving subprime lending or card payment transactions; or the third party poses risks that could significantly affect earnings or capital.