FStech news editor Alexandra Leonards speaks to Phil Intallura, head of quantum technologies at HSBC, to explore how the bank is prioritising its quantum strategy in anticipation of the future threats and opportunities that await the banking industry when the technology is powerful enough to both crack cryptographic systems and revolutionise financial services.

The development of quantum computing has accelerated significantly in recent years, with the need to prepare for the technology’s inevitable risks and rewards edging closer to the top of the priority list for many of the world’s financial services decision-makers.

The future opportunities for the sector are vast. From speeding up processes and improving trading strategies, to optimising financial portfolios and enhanced risk and pricing management, the technology promises to transform the market in a similar vein to AI.

However, it also poses a huge risk to the financial system. In the wrong hands, quantum threatens the cryptographic systems which sit behind today’s online banking services, financial transactions, and data communications.

Since completing a PhD in quantum key distribution at Cambridge University 15 years ago, Phil Intallura, head of quantum technologies at HSBC has been keeping a close eye on how the technology has been progressing.

“About three years ago, there felt like there was an inflection point,” he tells FStech.
Intallura explains that investment has grown to a point where the technology is mature enough for banks to really start thinking about it.

Banks and other financial institutions rely on the computational complexity of effectively factoring large numbers and almost-unbreakable algorithms to protect their vital services. The problem is, in the future quantum computers will be able to perform Shor’s Algorithm – named after mathematician Peter Shor – which is able to efficiently factor the large numbers so crucial to the security of financial services.

While it isn’t yet mature enough to break real-world encryption, this ability means quantum technology will someday be able to crack the widely-used cryptographic systems that are so critical to banks and other financial institutions at a much faster rate than classical computers. With these capabilities, quantum-enabled adversaries – including state actors – would be able to intercept and encrypt sensitive financial data.

Talking about how quantum computing isn’t yet ready to crack RSA – one of the most popular public-key cryptographic systems for data transmissions – Intallura says: “The theoretical proof is there, and the question is: how do we start protecting against that before a machine is developed that is powerful enough to break it?”

When speaking to financial services institutions and regulators, the head of quantum technologies has found that the number one challenge brought up in conversations is how to transform cybersecurity to ensure it is resistant to these potential quantum computing attacks in the future.

“The right way to get ahead of it is by understanding to apply new techniques, and some are going to be new algorithms,” he explains.

In 2023, for example, the National Institute of Standards and Technology (NIST) announced that it had selected four new algorithms which don’t depend on factoring and are resistant to these kind of future attacks.

In August, the Institute revealed that it had started to standardise these algorithms, explaining that it has plans to make them available to organisations so that they can integrate them into their encryption infrastructure.

A further challenge for banks and other financial services providers will be successfully swapping their existing algorithms out in time, a process HSBC has been exploring for several years.

Intallura says that as long as banks can get ahead of this process and deploy these new algorithms before quantum computation is powerful enough to break RSA, they can mitigate the threat of the technology.

HSBC is looking at both post-quantum cryptography –cryptographic systems that are secure against quantum and classical computers whilst interoperating with existing communications protocols and networks, like NIST’s latest algorithms – and quantum key distribution (QKD).

“So, we're looking at both types of new defence technology against common attacks,” he says.

QKD is a quantum-driven communication method that can help to protect networks and data from cyber-attacks. It works by using particles of light and the fundamental properties of quantum physics to facilitate secret keys between parties. These keys can then be harnessed to both encrypt and decrypt sensitive data and are safe from “eavesdroppers” or cyber-attacks by quantum computers.

Last year, HSBC became the first bank to join BT and Toshiba’s quantum network. At the time the bank, which is still working with the network, connected two UK sites using QKD to prepare its global operations against future cyber threats.

The technology is being trialled in multiple scenarios, including financial transactions, secure video communications, and one-time-pad encryption.

HSBC has also in recent months joined Singapore’s central bank in signing a Memorandum of Understanding (MoU) to collaborate on quantum security.

The move will see the two organisations, alongside several other banks and technology firms, study the application of QKD to help address quantum computing cyber threats by protecting the exchange of cryptographic keys.

“We're seeing more and more outputs from regulators and organisations talking about these risks and things to think about when needing to modernise cryptography, and I think the release of the NIST algorithms has reemphasised or reenergised this debate because it's now starting to release tactical algorithms that can be implemented into architecture,” the head of quantum technologies tells FStech, explaining that the firm is currently involved in many conversations at the government, central bank, and regulator level.

He says that what stands out particularly about Singapore is that the Monetary Authority of Singapore (MAS) is forward-thinking on the topic of emerging technologies. The central bank for example has released an advisory calling on banks to pay attention to how the technology is developing.

“But they've also gone further and released several funding tracks and grant initiatives where organisations can co-invest within Singapore to really drive the exploration of these new technologies,” he says. “So, I think there's a very strong convergence between the aims of HSBC quantum and the aims of MAS when it comes to this particular technology. And so [signing the MoU] felt like a very sensible way to progress the work we’re doing in the market.”

Challenges and opportunities beyond security

Quantum computing is of course more than just a threat to financial services; it is a huge opportunity. But this means further pressure for firms to stay ahead of the game when it comes to harnessing the technology for its many advantages.

“There are some secondary risks associated with the computation itself, so these are models which are designed to drive better customer experience and commercial advantage,” says Intallura. “But those are more to do with: are you ready for when that technology is powerful enough to take advantage of these opportunities?”

He says that HSBC is focusing on how to capitalise on benefits such as better optimisation without losing out due to competition from other financial institutions. All-in-all the bank is focusing on roughly 10 different types of use cases.

“We’ve explored use cases around optimisation on machine learning or fraud detection and post-quantum cryptography; we’ve looked at both offense and defence,” continues Intallura.

The bank has been working with Quantinuum since last June to push the boundaries on how it can apply quantum technology and post-quantum cryptography to real world uses cases. In September, it announced that it had successfully trialled the first application of quantum-secure technology for buying and selling tokenised physical gold.

HSBC is also looking at how to improve transactional fraud detection.

“We have robust machine learning models in place which allows us to differentiate between a genuine transaction and a fraudulent one,” explains Intallura. “There is some trade-off between stopping forward and initiating too many false positives which then disrupt customer journeys, such as if you’re trying to buy a cappuccino or gelato in Italy and you get blocked because the payment is tagged as fraud.”

He says that the bank is looking at any way to boost the precision of these models, as even a marginal improvement will have a big impact.

“So, we're doing a lot of work around that at the moment to see if we can get margin improvements using quantum inspired technologies,” explains Intallura.

The other big area the bank is looking broadly at is optimisation – including use cases such as optimising the portfolio of trade customers that are trying to maximise returns and minimise risk under cost restraints. Ultimately it wants to see whether quantum could help to improve accuracy and reduce run times in a way that a classical computer cannot.

Additionally, HSBC has been looking at whether the technology could be applied to improving the speed and precision of financial simulation models – sometimes known as a Monte Carlo method – where a computer can run many, many thousands of iterations to figure out different scenarios like the impact of climate change or stress testing.

“And that also includes things like can we use better randomness as an input source to those models,” he says. “Because Monte Carlo requires random input, most models use pseudo random numbers, but actually there are some quantum technologies devices called quantum random number generators where we can see by using that increased randomness whether we can get better outputs.”

There is currently no consensus from quantum experts about when the technology could become powerful enough to break RSA – with predictions ranging from three to hundreds of years. However, according to a report published by the South China Morning Post this week, Chinese researchers from Shanghai University have already launched what they describe as the “world’s first” hack of a widely-used encryption method using quantum.

While this development doesn’t mean that RSA is under threat at this stage, the researchers have warned that the milestone could pose a “real and substantial threat” to important industries like banking and the military.

It’s not often that financial institutions have the opportunity to prepare for the future threats and advantages of an emerging technology well in advance of its launch; and it is one that all firms operating in the financial services market should prioritise as HSBC has done in recent years.

Those that fail to give quantum precedence could at best lose out on vast improvements to everything from optimisation to speed and at worst see their entire systems at risk of attacks that could have a long-lasting and detrimental impact on their operations, customers, and wider financial stability.

---