US Federal Banking Agencies

U.S. | Financial services

US Federal Banking Agencies Guidance on Third Party Risk Management

The Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Company (FDIC), and the Office of the Comptroller of Currency (OCC) are referred to collectively as the “Federal Banking Agencies” or “FBAs”. The FBAs oversee financial institutions in the United States and issue guidance on third party risk management. 

Google Cloud’s contracts for financial institutions in the United States address the FBAs’ requirements. We have also created mappings for both Google Cloud and Google Workspace to help you understand how we can support you with meeting the FBAs’ requirements and assess us as an outsourced service provider. Google Cloud is committed to addressing these requirements regardless of how financial institutions choose to use our services.


US Federal Banking Agencies Compliance Offerings

Learn more about the key laws, regulations, and guidelines prescribed by the FBAs.

Learn more about the Interagency Guidance on Third-Party Relationships and how Google Cloud can help support your FBA compliance efforts.

The Federal Banking Agencies (FBAs) is the collective name for the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Company (FDIC), and the Office of the Comptroller of Currency (OCC). The Interagency Guidance addresses the FBAs’ views on sound risk management principles for banking organizations when developing and implementing risk management practices for all stages in the lifecycle of third-party relationships. The Interagency Guidance provides specific guidance on: planning, due diligence, contract negotiation, ongoing monitoring, and termination. 

The Interagency Guidance replaces each agency’s previous general guidance on third party risk management. 

Google Cloud’s contracts for financial institutions in the United States address the contractual requirements in the Interagency Guidance. We have also created mappings to the guidance for both Google Cloud and Google Workspace to assist you with understanding how we can support you with meeting the requirements and assess us as an outsourced service provider. 

Learn more about the FFIEC Outsourcing Technology Services Booklet and how Google Cloud can help support your FFIEC compliance efforts.

The Federal Financial Institutions Examination Council (FFIEC) is a United States interagency body that prescribes principles and standards for oversight of financial institutions by United States regulators. The Outsourcing Technology Services Booklet provides guidance to assist examiners in evaluating a financial institution's risk management processes to establish, manage, and monitor IT outsourcing relationships. The Outsourcing Technology Services Booklet addresses financial institutions’ responsibility to manage the risks associated with outsourced IT services, including due diligence, contract issues and ongoing monitoring. 

Google Cloud’s contracts for institutions in the United States address the contractual requirements in the Outsourcing Technology Services Booklet. We have also created mappings to the guidance for both Google Cloud and Google Workspace to assist you with understanding how we can support you with meeting the requirements and assess us as an outsourced service provider. 

Learn more about the FDIC Guidance for Managing Third Party Risk and how Google Cloud can help support your FDIC compliance efforts.

 The Federal Deposit Insurance Corporation (FDIC) is an independent agency created by the United States Congress to maintain stability and public confidence in the United State’s financial system. The FDIC examines and supervises financial institutions for safety and soundness of their third party engagements. The FDIC’s Financial Institution Letter 44-2008 on Guidance for Managing Third Party Risk provides financial institutions with information and guidance on identifying and managing risks associated with outsourced service providers. The guidance sets out a general framework for the implementation of an effective third-party risk management process, including due diligence, contract structuring and oversight. 

This guidance has since been replaced by the FBA Interagency Guidance on Third-Party Relationships.

Google Cloud’s contracts for institutions in the United States address the contractual requirements in the FDIC guidance. We have also created mappings to the guidance for both Google Cloud and Google Workspace to assist you with understanding how we can support you with meeting the requirements and assess us as an outsourced service provider. 

Learn more about the OCC Third Party Relationship: Risk Management Guidance and how Google Cloud can help support your OCC compliance efforts.

The Office of the Comptroller of the Currency (OCC) is an independent bureau of the United State Department of the Treasury that ensures that national banks and federal savings associations operate in a safe and sound manner. The OCC Bulletin 2013-29 Third Party Relationship: Risk Management Guidance provides guidance to banks for assessing and managing risks associated with outsourced service providers. The OCC guidance recommends risk management strategies for when banks outsource their banking functions, including in relation to due diligence, contract negotiation, ongoing monitoring and termination.

This guidance has since been replaced by the FBA Interagency Guidance on Third-Party Relationships.

Google Cloud’s contracts for institutions in the United States address the contractual requirements in the OCC Guidance. We have also created mappings to the guidance for both Google Cloud and Google Workspace to assist you with understanding how we can support you with meeting the requirements and assess us as an outsourced service provider.

Learn more about the previous Federal Reserve Guidance on Managing Outsourcing Risk and how Google Cloud can help support your Federal Reserve compliance efforts.

The Federal Reserve is the central bank of the United States. It promotes the safety and soundness of individual financial institutions and monitors their impact on the financial system as a whole. The Board of Governors of the Federal Reserve System previously issued Guidance on Managing Outsourcing Risk to help financial institutions conduct a risk assessment of outsourced service providers. The guidance identifies key areas in compliance and operations that institutions should consider before entering into, and while managing, relationships with outsourced service providers, including due diligence, contract provisions, oversight, monitoring, business continuity, and contingency plans. 

This guidance has since been replaced by the FBA Interagency Guidance on Third-Party Relationships.

Google Cloud’s contracts for financial institutions in the United States address the contractual requirements in the Federal Reserve guidance. We have also created mappings to the guidance for both Google Cloud and Google Workspace to assist you with understanding how we can support you with meeting the requirements and assess us as an outsourced service provider.