U.S. | Financial services
US Federal Banking Agencies Guidance on Third Party Risk Management
The Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Company (FDIC), and the Office of the Comptroller of Currency (OCC) are referred to collectively as the “Federal Banking Agencies” or “FBAs”. The FBAs oversee financial institutions in the United States and issue guidance on third party risk management.
Google Cloud’s contracts for financial institutions in the United States address the FBAs’ requirements. We have also created mappings for both Google Cloud and Google Workspace to help you understand how we can support you with meeting the FBAs’ requirements and assess us as an outsourced service provider. Google Cloud is committed to addressing these requirements regardless of how financial institutions choose to use our services.
US Federal Banking Agencies Compliance Offerings
Learn more about the key laws, regulations, and guidelines prescribed by the FBAs.
Learn more about the Interagency Guidance on
Third-Party Relationships and how Google Cloud can
help support your FBA compliance efforts. The Federal Banking Agencies (FBAs) is the
collective name for the Board of Governors of the
Federal Reserve System, the Federal Deposit
Insurance Company (FDIC), and the Office of the
Comptroller of Currency (OCC). The Interagency
Guidance addresses the FBAs’ views on sound risk
management principles for banking organizations when
developing and implementing risk management
practices for all stages in the lifecycle of
third-party relationships. The Interagency Guidance
provides specific guidance on: planning, due
diligence, contract negotiation, ongoing monitoring,
and termination. The Interagency Guidance replaces each agency’s
previous general guidance on third party risk
management. Google Cloud’s contracts for financial institutions
in the United States address the contractual
requirements in the Interagency Guidance. We have
also created mappings to the guidance for both
Google Cloud
and
Google Workspace
to assist you with understanding how we can support
you with meeting the requirements and assess us as
an outsourced service provider.
Learn more about the FFIEC Outsourcing Technology
Services Booklet and how Google Cloud can help
support your FFIEC compliance efforts. The Federal Financial Institutions Examination
Council (FFIEC) is a United States interagency body
that prescribes principles and standards for
oversight of financial institutions by United States
regulators. The
Outsourcing Technology Services Booklet
provides guidance to assist examiners in evaluating
a financial institution's risk management processes
to establish, manage, and monitor IT outsourcing
relationships. The Outsourcing Technology Services
Booklet addresses financial institutions’
responsibility to manage the risks associated with
outsourced IT services, including due diligence,
contract issues and ongoing monitoring. Google Cloud’s contracts for institutions in the
United States address the contractual requirements
in the Outsourcing Technology Services Booklet. We
have also created mappings to the guidance for both
Google Cloud
and
Google Workspace
to assist you with understanding how we can support
you with meeting the requirements and assess us as
an outsourced service provider.
Learn more about the FDIC Guidance for Managing
Third Party Risk and how Google Cloud can help
support your FDIC compliance efforts. The Federal Deposit Insurance Corporation
(FDIC) is an independent agency created by the
United States Congress to maintain stability and
public confidence in the United State’s financial
system. The FDIC examines and supervises financial
institutions for safety and soundness of their third
party engagements. The FDIC’s Financial Institution
Letter 44-2008 on Guidance for Managing Third Party
Risk provides financial institutions with
information and guidance on identifying and managing
risks associated with outsourced service providers.
The guidance sets out a general framework for the
implementation of an effective third-party risk
management process, including due diligence,
contract structuring and oversight. This guidance has since been
replaced
by the FBA Interagency Guidance on Third-Party
Relationships. Google Cloud’s contracts for institutions in the
United States address the contractual requirements
in the FDIC guidance. We have also created mappings
to the guidance for both
Google Cloud
and
Google Workspace
to assist you with understanding how we can support
you with meeting the requirements and assess us as
an outsourced service provider.
Learn more about the OCC Third Party Relationship:
Risk Management Guidance and how Google Cloud can
help support your OCC compliance efforts. The Office of the Comptroller of the Currency (OCC)
is an independent bureau of the United State
Department of the Treasury that ensures that
national banks and federal savings associations
operate in a safe and sound manner. The OCC Bulletin
2013-29 Third Party Relationship: Risk Management
Guidance provides guidance to banks for assessing
and managing risks associated with outsourced
service providers. The OCC guidance recommends risk
management strategies for when banks outsource their
banking functions, including in relation to due
diligence, contract negotiation, ongoing monitoring
and termination. This guidance has since been
replaced
by the FBA Interagency Guidance on Third-Party
Relationships. Google Cloud’s contracts for institutions in the
United States address the contractual requirements
in the OCC Guidance. We have also created mappings
to the guidance for both
Google Cloud
and
Google Workspace
to assist you with understanding how we can support
you with meeting the requirements and assess us as
an outsourced service provider.
Learn more about the previous Federal Reserve
Guidance on Managing Outsourcing Risk and how Google
Cloud can help support your Federal Reserve
compliance efforts. The Federal Reserve is the central bank of the
United States. It promotes the safety and soundness
of individual financial institutions and monitors
their impact on the financial system as a whole. The
Board of Governors of the Federal Reserve System
previously issued Guidance on Managing Outsourcing
Risk to help financial institutions conduct a risk
assessment of outsourced service providers. The
guidance identifies key areas in compliance and
operations that institutions should consider before
entering into, and while managing, relationships
with outsourced service providers, including due
diligence, contract provisions, oversight,
monitoring, business continuity, and contingency
plans. This guidance has since been
replaced
by the FBA Interagency Guidance on Third-Party
Relationships. Google Cloud’s contracts for financial institutions
in the United States address the contractual
requirements in the Federal Reserve guidance. We
have also created mappings to the guidance for both
Google Cloud
and
Google Workspace
to assist you with understanding how we can support
you with meeting the requirements and assess us as
an outsourced service provider.