The Swiss Financial Market Supervisory Authority (FINMA) on Thursday issued a supervisory communication on quantum computing, directing supervised financial institutions to assess their preparedness for emerging cryptographic and operational risks.

The communication focuses on infrastructure readiness, governance frameworks and risk management for threats tied to future quantum capabilities. Firms are expected to inventory their cryptographic dependencies, evaluate affected technology components, and plan migration toward quantum-safe cryptography.

The urgency stems from so-called ‘harvest now, decrypt later’ attacks, where adversaries collect encrypted data today with the expectation of decrypting it once quantum hardware matures. Asymmetric encryption methods such as RSA and ECC are considered vulnerable. A Swiss Financial Innovation Desk paper describes potential breakthroughs arriving as early as 2028.

Switzerland has no dedicated quantum-safe legal framework. FINMA instead relies on principle-based, technology-neutral supervisory expectations, the same approach it applied in its December 2024 guidance on AI, which required firms to identify how emerging technology affects their risk profile and to align controls accordingly. The quantum communication extends that pattern into cryptographic and infrastructure planning.