.svg)
The G7 Cyber Expert Group (CEG) anticipates a secure transition to post-quantum cryptography beginning as early as 2027, reshaping future compliance, operational resilience and supervisory expectations for payments providers.
In mid-January 2026, the group, which advises G7 finance ministers and central bank governors on cyber risks to financial stability, published a coordination roadmap and urged G7 authorities to move from awareness-raising to concrete implementation.
This follows a September 2024 statement highlighting the benefits and risks associated with quantum computing.
Quantum computing uses the laws of quantum mechanics to perform computations in quantum bits (qubits), allowing it to examine multiple possibilities simultaneously, compared to classical computing which processes problems sequentially. This allows quantum computers to process highly complex problems by considering vast numbers of possibilities at once.
The roadmap builds on a September 2024 statement that acknowledged both the long-term benefits of quantum computing and the near-term risks it poses to financial system security.
Regulators across major jurisdictions are increasingly assessing the risks quantum computing poses to financial system resilience, with several authorities signalling the need for an eventual transition to post-quantum security environments, particularly for payment-related data.
Other authorities, including the Bank of England, have emphasised the need to balance defensive planning with an assessment of the longer-term opportunities quantum computing may offer, such as computational efficiencies and new financial products.
Outside the G7, the Monetary Authority of Singapore’s Cyber and Technology Resilience Experts (CTREX) panel has recommended that institutions begin cataloguing cryptographic assets and prioritising the replacement of those most vulnerable to quantum attack
At an industry level, the European Payments Council’s (EPC) annual update of its Guidelines on Cryptographic Algorithms Usage and Key Management provides insights for payment service providers (PSPs) on security protocols, data integrity and encryption best practices.
Quantum computing: opportunities
Quantum computing could usher in the next major technological leap in financial services in the coming decade.
Payments and settlements
High-value payment systems are typically liquidity-intensive because transactions are settled on a gross basis. Quantum computing may help address these liquidity demands by using algorithms that identify optimal netting sets and enable ad hoc reordering of submitted payments.
In 2022, the Bank of Canada tested this approach using a 30-day sample of transactions from a Canadian payment system, applying quantum processing technology to achieve improvements in potential daily liquidity.
The results were encouraging, with estimated average daily liquidity savings of CAD240m ($174m), reaching up to CAD1bn (c.$725m).
Although these applications remain largely experimental, they illustrate why some central banks view quantum computing not only as a threat to be mitigated, but as a technology that could eventually reshape payment system design.
Improving fraud detection and prevention
As financial crime becomes more sophisticated, quantum computing offers new tools for strengthening detection capabilities.
Its ability to process multiple states simultaneously enables security teams to identify complex or subtle patterns of suspicious behaviour that traditional systems may overlook, helping firms stay ahead of evolving threats.
Hybrid quantum-classical models, such as Quantum Restricted Boltzmann Machines (QRBMs), are already being developed to enhance anomaly detection in credit card and digital payment transactions.
Tellingly, many financial services and quantum computing firms have already begun partnerships to develop further use cases in this space. These initiatives include Mastercard and D-Wave, HSBC and Quantinium and Paysafe, Unisys and the National Quantum Computing Centre.
By using quantum modelling to analyse complex data patterns across large solution spaces, these approaches can identify subtle indicators of fraud more effectively.
Although they are still at the experimental stage, early results suggest faster training times and improved classification accuracy compared with traditional methods.
Risk management through financial modelling
Incorporating quantum computing into risk management has the potential to fundamentally change how firms assess and manage risk.
By enabling complex calculations to be performed at unprecedented speed, quantum algorithms could significantly enhance existing risk estimation processes.
Research by the BIS conducted in 2024 found that quantum computing could dramatically accelerate portfolio risk calculations, with estimates indicating that a quantum system could perform Value at Risk (VaR) calculations for a portfolio of 1m assets in around 30 minutes.
Financial risk is commonly assessed using computationally intensive techniques such as Monte Carlo simulations. Quantum computing offers the potential to enhance these models by exploring a much larger range of scenarios more efficiently, improving both processing speed and predictive accuracy.
As a result, quantum-enabled risk models could provide more timely and granular insights, supporting better-informed risk management decisions.
Quantum computing: risks
Rendering current cryptography obsolete
The stability of the financial system is fundamentally dependent on cryptographic security. Currently, Rivest–Shamir–Adleman (RSA) and other asymmetric and symmetric encryption methods are widely used to secure payment systems and financial communications.
However, the emergence of quantum computing poses a significant challenge, as quantum computers are able to perform certain cryptographic computations much faster than classical systems, potentially rendering existing encryption standards ineffective.
The BIS’ 2024 research identified several areas of particular vulnerability, including online and mobile banking, payment transactions (such as card payments and cash withdrawals) and business-to-business (B2B) communications.
In online and mobile banking, a quantum-enabled attacker could potentially intercept or compromise communications during authentication and authorisation processes.
Similar risks could arise during payment transactions or ATM withdrawals, where sensitive data exchanges could be intercepted if cryptographic protections are no longer secure.
Exacerbating third-party and operational resilience risks
Inconsistent adoption of quantum-resilient cryptography across firms and service providers could create systemic vulnerabilities, potentially requiring post-quantum cryptography to be implemented across entire supply chains to remain effective.
This presents particular challenges in environments where speed, latency and efficiency are critical, such as payment and settlement systems. Many post-quantum cryptographic methods are computationally intensive and may affect performance if not carefully implemented.
Quantum computing may also amplify risks associated with other emerging technologies. By significantly increasing the speed and scale of computation and execution, quantum capabilities could intensify existing financial stability risks linked to technologies such as artificial intelligence (AI), including more sophisticated fraud techniques and heightened cyber threats.
This interaction effect underscores the need for coordinated risk management, forward-looking security planning and regulatory engagement to ensure that technological innovation does not outpace firms’ ability to manage associated risks.
Proposed roadmap and key activities
Source: G7 CEG
The CEG’s proposed roadmap sets out a phased approach to post-quantum cryptography migration, progressing from early awareness and asset discovery through planning, execution and long-term monitoring.
It also clarifies the division of responsibilities between financial entities and public authorities.
Financial entities would be responsible for identifying cryptographic risks, planning and deploying quantum-resistant solutions, and continuously testing and improving them.
Public authorities, meanwhile, would support this process by setting expectations, providing guidance and oversight, coordinating stakeholders and adapting regulatory and policy frameworks as the quantum threat evolves.
Payments firms should proactively assess both the risks and longer-term opportunities associated with quantum computing and align internal planning with the phased activities set out in the G7 roadmap, including preparing for migration timelines from 2027.
Early engagement in activities such as discovery, risk assessment, migration execution, testing, and ongoing validation can build resilience ahead of emerging threats, even where formal regulation has yet to be introduced.
Firms should also monitor relevant standards and guidelines in their operating jurisdictions, where available. These include the National Institute of Standards and Technology (NIST)-Post-Quantum Encryption Standards in the US, the National Quantum Readiness Best Practices in Canada and Italy’s Strategy for Quantum Technologies.
By beginning work now, firms can prepare for eventual regulatory expectations and support a coordinated, secure transition to quantum-resilient cryptography throughout the financial ecosystem.
A preemptive approach will be useful in acting before any eventual regulations by financial services authorities, which will likely refer to the roadmap as a guideline from both a timing and prescriptive lens.
