Conference / Roundtable

Q-Day Is Closer Than the Financial Sector Is Ready For

20 Jun 2026 · Past Event
Posted by GFI Admin 2 min read
Q-Day Is Closer Than the Financial Sector Is Ready For

Date: 3 June 2026 

Location: Drew & Napier LLC, Singapore

Format: Closed-door panel workshop, Chatham House Rule

When the Global Fintech Institute convened the inaugural closed-door panel workshop of its Convergence of Emerging Technologies Subcommittee on 3 June 2026, the central question was not whether quantum computing will eventually break today's cryptography, which the room treated as a near-certainty, but whether institutions are prepared, and to what degree. The session was hosted at the offices of Drew & Napier LLC, with the firm providing the venue and post-discussion networking over light refreshments.

The discussion brought together custody, banking, blockchain, cryptography, and information security perspectives. Conducted under the Chatham House Rule, it moved quickly past the cryptography to the harder institutional questions of liability, duty of care, and what readiness actually requires of boards and executives today.

Key themes explored

  • Harvest now, decrypt later. Adversaries are collecting encrypted data today, anticipating the day quantum capability can defeat the cryptography protecting it. For legal, custody, financial, and healthcare data with five-to-ten year confidentiality lives, protection applied today must hold for the full life of the record.
  • Post-quantum cryptography in production. NIST's FIPS 203, 204, and 205 have moved from standards into deployment, with HQC and draft FIPS 206 (FN-DSA) widening the suite. In Singapore, SingPass, IRAS, and ActiveSG run hybrid post-quantum cryptography at the TLS key-exchange layer (classical X25519 with ML-KEM-768); the same hybrid is now default in major browsers and on Google's services, with deployments by Apple and Cloudflare. Hardware security modules are migrating, and Ethereum has published a roadmap.
  • Fiduciary duty and liability. When attackers cannot be identified, regulators and claimants look to the custodians and boards that held the assets. The standard of care turns on what an institution should have done, a standard still being formed for a foreseeable but unrealised threat.
  • Cryptographic agility over any single algorithm. Implementing a post-quantum algorithm is not the endpoint. Institutions need to inventory their cryptographic exposure and roll back rapidly if a deployed algorithm is broken.
  • Carrot and stick adoption. Regulated institutions are moving while unregulated entities lack incentive. Commercial procurement standards will need to complement regulation to extend adoption, alongside near-term layers such as trusted execution environments and quantum key distribution for the highest-assurance use cases.

Recommendations for institutions and policymakers

  1. Start the cryptographic inventory now, prioritising data with long confidentiality horizons.
  2. Treat cryptographic agility as the standard, building the ability to roll back at scale if an algorithm is broken.
  3. Migrate hardware security modules and key exchange to NIST standards, following the hybrid approach already in production in Singapore.
  4. Practise data hygiene to lower the cost of a future migration, which scales with data volume.
  5. Pair regulation with procurement pressure to reach the unregulated market, and reserve quantum key distribution for the highest-assurance use cases.

Report
The full insights report is available to GFI members on the GFI portal. [Access the Full Insights Report on GFI Portal]

About the Convergence of Emerging Technologies Subcommittee
The Convergence of Emerging Technologies Subcommittee convenes closed-door dialogues that move frontier technology questions from theory toward institutional readiness. This panel workshop was its first convening of that mandate. For participation or partnership enquiries, contact the Global Fintech Institute at [email protected].