Metricstream Logo
×
Blogs

Harnessing the Potential of Quantum Computing in GRC

through-grc-lens-october-2019
9 min read

Introduction

In the rapidly evolving landscape of technology, quantum computing has emerged as a disruptive force with the potential to revolutionize a range of industries. Could this technology be applied to the field of Governance, Risk and Compliance? 

What is Quantum Computing?

Quantum computing harnesses the principles of quantum mechanics to process information in ways that classical computers simply cannot achieve, performing complex calculations at speeds that were once thought impossible - more than 100 million times faster than any other computer we know today. Quantum computing's processing advantage over classical systems has advanced significantly, with Google's Willow chip, announced in December 2024, completing in minutes a computation that would take classical supercomputers an estimated 10 septillion years. This extraordinary computational power has led to quantum computing being explored across multiple sectors, from healthcare and finance to materials science and cryptography.

Industries Harnessing the Quantum Revolution

Quantum computing has found applications in a myriad of industries, ushering in new possibilities and transforming conventional practices.

In healthcare, quantum computing is accelerating drug discovery by simulating molecular interactions at a level of accuracy classical systems cannot match. IBM and pharmaceutical partners have published research demonstrating quantum-assisted molecular simulation that reduces the time required to model candidate compounds, with commercial applications expected within this decade.

In financial services, JPMorgan Chase and Goldman Sachs have reported active quantum computing research programs focused on portfolio optimization and derivatives pricing, with early hybrid quantum-classical algorithms already outperforming classical approaches on specific problem types.

In materials science, quantum simulation is enabling researchers to design materials with targeted properties, including next-generation battery chemistries and semiconductor materials, at a speed and precision not previously achievable.

Quantum computing’s impact extends to the field of cryptography, too, where it both presents challenges and offers solutions. Quantum computers have the potential to break conventional encryption methods, prompting the exploration of quantum-resistant encryption techniques to safeguard sensitive data in a post-quantum era.

Applying Quantum Computing to Governance, Risk and Compliance

The field of Governance, Risk, and Compliance (GRC) is characterized by its intricate web of regulations, data analysis, and strategic decision-making, making it a natural candidate for the application of quantum computing. 

Quantum computing’s unique computational abilities have the potential to redefine how organizations approach GRC, enabling more accurate risk assessments, enhanced compliance management, and optimized decision-making. 

Let’s consider the specific ways in which quantum computing may be harnessed within the realm of GRC:

  • Advanced risk modeling and analysis:

    Risk assessment lies at the core of effective GRC practices. Quantum computing’s remarkable processing power can accelerate risk modeling and analysis by handling a multitude of variables simultaneously. Traditional risk assessments often involve intricate simulations that demand extensive time and resources. Quantum computing’s ability to process complex mathematical equations at speeds that were once unimaginable empowers organizations to conduct real-time risk assessments, thus enabling them to identify potential vulnerabilities promptly.

  • Real-time fraud detection:

    Fraud detection is a perpetual challenge across various industries. Quantum computing’s ability to process vast datasets in parallel can significantly enhance fraud detection algorithms. By swiftly analyzing transaction patterns and identifying anomalies, quantum-powered systems can detect fraudulent activities in real-time, curbing financial losses and safeguarding organizational reputation.

  • Efficient compliance monitoring:

    The GRC landscape involves complex regulatory frameworks that demand meticulous adherence. Quantum computing can streamline compliance monitoring by analyzing intricate regulations and standards. By mapping an organization’s processes against a vast array of compliance requirements, quantum-powered systems can ensure a higher degree of accuracy in compliance management and minimize the risk of violations.

  • Optimized decision-making:

    Quantum computing’s prowess in solving complex optimization problems has profound implications for GRC decision-making. Whether it’s resource allocation, supply chain optimization, or portfolio management, quantum algorithms can identify the most efficient and compliant solutions. This enables organizations to make informed decisions that align with their strategic goals while mitigating potential risks.

  • Enhanced data security and privacy:

    Quantum computing not only presents challenges to classical encryption methods but also offers the potential to create more robust encryption techniques. As data breaches become increasingly sophisticated, quantum-ready encryption methods can fortify data security and privacy in GRC operations. This is particularly relevant in industries where data confidentiality is paramount, such as healthcare and finance.

  • Scenario analysis and contingency planning: 

    It is the responsibility (and the burden!) of GRC professionals to grapple with preparing for various contingencies. Quantum computing’s ability to perform rapid simulations and scenario analyses can assist organizations in devising robust contingency plans. By evaluating multiple variables simultaneously, quantum-powered systems can rapidly provide insights into the potential outcomes of different risk scenarios, enabling proactive risk mitigation.

Potential Applications of Quantum Computing in GRC

The massive processing power achievable with quantum computing offers our industry many benefits, and opportunities. Here are just a few examples:

  • Supply chain resilience:

    Imagine a global electronics manufacturer that relies on an intricate network of suppliers. Quantum computing can rapidly analyze diverse risk factors—such as geopolitical instability, supply chain disruptions, and regulatory changes—to help the organization develop agile supply chain strategies that mitigate potential disruptions and ensure business continuity.

  • Anti-Money Laundering (AML) compliance:

    Financial institutions grappling with AML regulations could leverage quantum computing’s processing power to enhance transaction monitoring and anomaly detection. Quantum algorithms can analyze vast transaction datasets to uncover subtle patterns indicative of money laundering, thereby strengthening AML efforts and reducing financial risks.

  • Environmental risk management: 

    In industries susceptible to environmental risks, such as energy and mining, quantum computing can assist in analyzing complex geological and environmental data. By processing intricate models and simulations, quantum-powered systems can enable more accurate predictions of potential environmental impacts, aiding organizations in adhering to regulatory standards and minimizing ecological risks.

  • Regulatory compliance in healthcare:

    The healthcare sector, laden with stringent compliance requirements, could leverage quantum computing to navigate the complexities of regulations like HIPAA (Health Insurance Portability and Accountability Act). Quantum algorithms can swiftly assess an organization’s processes, data handling practices, and privacy measures against regulatory standards, ensuring compliance and minimizing legal risks. 

    The potential applications of quantum computing in Governance, Risk, and Compliance offer the promise of transforming how organizations approach complex challenges, manage risks, and ensure ethical practices. 

    As quantum technology continues to evolve, organizations must seize the opportunity to integrate quantum computing into their GRC strategies, laying the foundation for a more resilient, compliant, and strategically adept future. In August 2024, NIST published its first finalized post-quantum cryptography standards, designated FIPS 203, 204, and 205, providing organizations with concrete migration targets for transitioning away from encryption methods that quantum computers could render vulnerable. GRC programs should treat alignment with these standards as an active planning priority rather than a future consideration.

    Although there may be hurdles and ethical considerations to overcome, the immense potential benefits of quantum computing cannot be ignored. By utilizing this emerging technology to enhance their GRC approach, organizations have the opportunity to strengthen their systems and controls, safeguard against unforeseen risks, and position themselves as pioneers in a quickly changing tech space. Ultimately, by embracing this quantum leap, organizations can unlock immense potential for growth, expansion, and long-term success.

The above blog was originally published as an article by the author on LinkedIn. Read the original version here.

Frequently Asked Questions

Quantum computing harnesses quantum mechanical principles such as superposition and entanglement to perform calculations exponentially faster than classical systems, making it relevant to GRC through its potential to transform risk modeling, fraud detection, compliance monitoring, and cryptographic security.

Quantum computing's ability to process multitudes of variables simultaneously enables organizations to run continuous, near-real-time risk assessments and model complex interdependencies that classical systems cannot accurately capture.

Quantum-powered fraud detection systems can analyze vast transaction datasets in parallel to flag suspicious activity in real time, reducing financial losses and protecting organizational reputation more effectively than classical approaches.

Quantum computing could transform compliance monitoring by simultaneously mapping organizational processes against complex regulatory frameworks, enabling more continuous and comprehensive coverage in a fraction of the time classical analysis requires.

"Harvest now, decrypt later" is a threat strategy in which adversaries collect encrypted data today to decrypt it once quantum computers can break current encryption standards, requiring GRC leaders to assess exposure and develop post-quantum transition plans now.

Healthcare, financial services, materials science, and cryptography are the most advanced sectors, applying quantum computing respectively to drug discovery, portfolio optimization, novel material design, and quantum-resistant encryption development.

Quantum computing in GRC remains in the early-application phase, though organizations should treat quantum risk as an active planning concern given that NIST finalized its post-quantum cryptography standards in 2024.

GRC professionals should inventory systems reliant on vulnerable encryption, develop a post-quantum cryptography migration plan with IT and cybersecurity teams, and monitor regulatory guidance on evolving cryptographic standards.

Quantum computing represents both a competitive opportunity in risk modeling and a systemic operational threat through its potential to compromise current encryption standards, making it a dual-horizon consideration for mature enterprise risk programs.

Quantum-resistant encryption refers to cryptographic algorithms designed to withstand quantum attacks, and migrating to these standards before quantum computing matures is a risk management imperative for GRC programs responsible for data security and regulatory compliance.

Prasad MetricStream

Prasad Sabbineni

Prasad Sabbineni served as the Co-Chief Executive Officer (2021 to 2024) at MetricStream. Prior to joining MetricStream, Prasad was a Managing Director at Citigroup. He oversaw technology for enterprise functions of Risk Management, Finance, HR, Data, Information Security, Compliance Risk, Internal Audit, Enterprise Supply Chain and Third-Party Management. He was the senior technology executive responsible for implementing regulatory initiatives, such as Basel, CCAR, CLAR, BCBS 239, Volcker, Recovery and Resolution Planning at Citigroup. He also led technology for Market Risk, Credit Risk, Prime Services Risk, Portfolio Risk Margin, and Operational Risk functions at Lehman Brothers. Preceding Lehman, Prasad rolled out derivative trading systems globally and as a Risk Manager, he was also responsible for managing market risk of fixed income and equity derivatives at Bear Stearns.