By Ryan Jackson
Pages could be devoted to the theory, characteristics and technical components that make up quantum computing. At the highest level, quantum computing employs the principles of quantum mechanics (superposition, entanglement, decoherence — don’t worry if that doesn’t make sense) to solve complex problems faster than traditional computers. This multidisciplinary field — comprising computer science, physics and mathematics — has the potential to disrupt, and advance, many computer-based processes, including financial modeling, artificial intelligence and cybersecurity.
While it’s not critical for most people to understand how quantum computing works, it is a concept of growing importance for industries that use encryption and algorithms, including banking.
How does quantum computing fit into banking?
One way to think about how to prioritize emerging technologies is with McKinsey’s “Three Horizons” model, which buckets technologies and business concepts into “horizons” based on their approach to “manage for current performance while maximizing future opportunities for growth”.
Within the Three Horizons model, “Horizon 3 contains the seeds of tomorrow’s business – options on future opportunities.” Quantum computing, which is part of the broader field of emerging quantum technologies, resides with Horizon 3, though with current advancements it may soon find itself in Horizon 2 or 1.
According to Amazon Web Services, “no quantum computer can [currently] perform a useful task faster, cheaper, or more efficiently than a classical computer. Quantum advantage is the threshold where we have built a quantum system that can perform operations that the best possible classical computer cannot simulate in any kind of reasonable time.” That said, a number of the largest technology players (for example, Amazon, Microsoft, Google) are exploring and developing quantum computing services.
Not to be outdone by the large technology companies, many large financial services companies (including JPMorgan, Bank of America, Wells Fargo, BlackRock and Mastercard) have been exploring quantum computing over the past few years, and several have made direct investments into quantum computing startups. According to a recent World Economic Forum report, government and business investment in quantum technologies reached nearly $36 billion worldwide as of 2022.
Despite increasing investment in quantum technologies, one of the issues inhibiting quantum computing from advancing more quickly is the lack of quantum technology talent. Until the industry matures, and more opportunities emerge for less technical talent, startups and established companies will be vying for the same limited resources.
Opportunity — and threat
Data is the lifeblood of many industries, and financial services is no exception. Quantum computing is all about analyzing more data more quickly. And when we think about all the areas of banking that rely on turning data into insights, the potential for quantum computing to generate value becomes clear. Consider, for example, the following lifecycle of a bank customer and how data models are leveraged:
- Marketing to potential customers: marketing models determine ad campaigns
- Making a loan: underwriting models support pricing
- Servicing the loan: risk modeling estimates prepayments and defaults
- Securitizing the loan: portfolio optimization and risk modeling creates tradeable securities
- Offering new products and services: data models offer insights into customer needs
Using quantum computing has the potential to include more data points, run models more quickly and produce more accurate analytics. McKinsey estimates that finance is one of four of the main industries that has the potential to capture nearly $700 billion in value as early as 2035 leveraging quantum technologies.
While quantum computing may eventually offer significant benefits especially in predictive analytics and simulations, the risk it could introduce to financial institutions (and other industries) can’t be overstated. By far, the biggest emerging threat is nefarious actors (for example, criminals, terrorists, and rogue governments) using quantum computers to break public key encryption, which is the backbone of secure data transmission. Banks are safekeepers of investments, public assets, pensions, retirement accounts, and personally identifiable information and rely on public key encryption to maintain the security and privacy of this type of information. Should quantum computing allow for encryption algorithms to be cracked, the impact could be significant. Even the threat of such bad actors leveraging quantum computing may undermine public confidence in commonly used encryption methods, creating problems for the institutions, including banks, responsible for safeguarding data.
The U.S. government has launched a multi-pronged strategy to address the risk, develop standards and ensure that government agencies are prepared. While the federal banking agencies have not issued any specific guidance yet, they can rely on existing regulations and supervisory guidance and the ongoing examination process.
What should banks do?
Quantum computing is not yet at the stage where it surpasses “classic” computing, though the ecosystem is developing rapidly. Some estimate quantum computing will become mainstream in 10 to 15 years, but recently we’ve seen claims indicating the technology may be available much sooner than that. Despite quantum computing not being an imminent threat, there are several steps banks should take to monitor developments in the technology and increase awareness of the risks:
- Begin to inventory computer and data intensive processes that could use quantum computers.
- Review current cybersecurity measures and consider developing plans to embrace “cryptographic agility” so that, when needed, new encryption algorithms can be integrated into bank systems with limited disruption.
- Monitor National Institute of Standards and Technology and Cybersecurity and Infrastructure Security Agency efforts to develop the next generation of encryption algorithms and risk mitigation plans, respectively.
- Engage information security, vendor management and business continuity professionals to assess risks and coordinate internally.
- Reach out to core service providers and other significant technology service providers to ask about their plans.
