FINMA issues quantum computing guidance, expecting institutions to plan quantum-safe migration
Swiss financial institutions must build quantum-safe migration into their operational-risk processes — roadmap, cryptographic inventory and crypto-agility — to keep meeting FINMA's resilience requirements
- — Chief risk officers and operational-risk teams at Swiss financial institutions must build a documented roadmap for migrating to quantum-safe encryption into their risk-management framework — FINMA considers action necessary here for institutions to continue meeting operational-risk and resilience requirements, so absence of planning is a gap against those requirements.
- — Information-security and cryptography teams at Swiss financial institutions must create a cryptographic inventory and implement protections for critical data against 'harvest now, decrypt later' attacks — data not protected now can be captured for later decryption once cryptographically relevant quantum computers become available.
- — Third-party risk and vendor-management teams at Swiss financial institutions must obtain and assess external service providers' quantum-migration readiness and crypto-agility — unaddressed provider dependencies leave the institution's migration incomplete against FINMA's expectations.
- — Chief risk officers and operational-risk teams at Swiss financial institutions
- — Information-security and cryptography teams at Swiss financial institutions
- — Third-party risk and vendor-management teams at Swiss financial institutions