Quantum computing: How could it be regulated?
Canadian financial services regulators have the emerging technology of quantum computing on their radar, but questions remain around its potential regulation.
“Regulating quantum computing, especially in the context of the insurance industry, is complex due to the technology’s novelty and potential impact,” Biren Agnihotri, EY Canada’s emerging technologies and AI & data leader, told Canadian Underwriter.
“To ensure security, privacy, fairness and transparency, a balanced approach is necessary, that fosters innovation and development while also implementing updating existing regulations and new frameworks specifically designed for the unique aspects of quantum technology.”
Last month, the Office of the Superintendent of Financial Institutions (OSFI) encouraged federally regulated financial institutions to complete a voluntary questionnaire asking about artificial intelligence/machine learning (AI/ML) and how prepared institutions are for quantum computing. The regulator will use the feedback (due by Feb. 19) to increase understanding of institutions’ involvement in quantum computing, inform policy and supervisory work, and assess the current state of quantum-readiness.
‘Many advantages’
OSFI told CU quantum computing could bring many advantages relative to conventional computing. “Potential use cases could range from AI/ML applications to fraud detection and portfolio allocation. Adoption of this technology is expected to yield greater efficiencies in time, effort and cost.”
The Financial Services Regulatory Authority of Ontario (FSRA) is also monitoring the development of quantum computing. FSRA told CU it is an active member of the Quantum Readiness Working Group at the Canadian Forum for Digital Infrastructure Resilience, and FSRA staff meet regularly to discuss emerging technology like quantum computing.
From OSFI’s perspective, regulation of quantum computing would include developing rules, interpreting legislation and regulation and providing regulatory approvals for certain types of transactions, balancing the goals of sound with the need for institutions to operate within a competitive marketplace.
Generally speaking, considerations and approaches to regulating quantum computing should include the following, Agnihotri says.
Enhancing data protection laws: Given quantum computing’s ability to process vast amounts of data—including sensitive personal information—robust data protection regulations are essential.
Developing and mandating quantum-resistant encryption: As quantum computing poses a threat to current encryption standards, developing and mandating quantum-resistant encryption methods is necessary to safeguard data.
Establishing ethical guidelines: Regulations may need to set guidelines for the ethical use of quantum computing, ensuring it is used to benefit clients and not for unfair practices.
Mitigating bias: Rules to ensure that algorithms used in quantum computing are free from biases, particularly in underwriting and risk assessment processes.
Requiring algorithm transparency: Regulations may demand companies to disclose how their quantum computing algorithms work, especially when these algorithms are used for making significant decisions like claim approvals or policy pricing.
Mandating auditing and compliance: Regular audits and compliance checks should be mandated to ensure quantum computing applications adhere to regulatory standards.
Creating risk assessment regulations: Specific guidelines should be developed for using quantum computing in risk assessment, ensuring that assessments are accurate and do not lead to unfair practices.
Adjusting capital requirements: Regulators may adjust capital requirements for insurance companies using quantum computing in their risk models, considering the potential changes in risk profiles.
Fostering international cooperation: Since data processed by quantum computers can cross international borders, international regulatory cooperation and agreements are important.
Feature image by iStock.com/Olemedia