The Prudential Regulation Authority (“PRA”) is a
part of the Bank of England and is responsible for
prudential regulation in the UK. The PRA supervises banks,
building societies, credit unions, insurers and major
investment firms and looks to determine whether they are
being run in a safe and sound manner.
SS2/21 Outsourcing and third party risk management
(“SS2/21”) sets out the PRA’s expectations of how
PRA-regulated firms should comply with regulatory
requirements and expectations relating to outsourcing and
third party risk management. SS2/21 provides specific
guidance on: outsourcing agreements, data security, access,
audit and information rights, sub-outsourcing, business
continuity and exit plans.
Google Cloud’s contracts for financial institutions in the
UK address the requirements in SS2/21. We have also created
mappings to the guidelines for both GCP and Google Workspace
to assist you with understanding how we can support you with
meeting the requirements and assess us as an outsourced
service provider. Google Cloud is committed to addressing
these requirements regardless of how financial institutions
choose to use our services.