Dumb question I guess.....concerning the Service provider List.....which providers actually go on the list....ive seem some that were very lengthy and included everything from Flood vendor and credit report agency, to multiple title services, attorneys, appraisers etc. and some that had maybe one settlement agent and a pest inspection guy.
We maintain a list of all service providers, but we only include critical providers in our VMP.
You're probably not going to like my answer, but it is the correct one. "It depends." It depends on what you have in your policy. You are required to perform due diligence on all vendors, but you policy should the levels of risk and to what extent you perform your due diligence. Also, your policy can state that vendors that are used incidentally and do not have access to non-public customer information will be handled differently and/or excluded from the risk assessment.