U.S. | Financial services

FDIC Guidance for Managing Third-Party Risk

The Federal Deposit Insurance Corporation (FDIC) is an independent agency created by the United States Congress to maintain stability and public confidence in the United State’s financial system. The FDIC examines and supervises financial institutions for safety and soundness of their third-party engagements. The FDIC’s Financial Institution Letter 44-2008 on Guidance for Managing Third-Party Risk (FDIC Guidance) provides financial institutions with information and guidance on identifying and managing risks associated with outsourced service providers.

The guidance sets out a general framework for the implementation of an effective third-party risk management process, including due diligence, contract structuring and oversight.

Google Cloud’s contracts for institutions in the United States address the contractual requirements in the FDIC Guidance. We have also created mappings to the guidance for both GCP and Google Workspace to assist you with understanding how we can support you with meeting the requirements and assess us as an outsourced service provider. Google Cloud is committed to addressing these requirements regardless of how institutions choose to use our services.


ISO/IEC 27001

Learn more