CFOtech US - Technology news for CFOs & financial decision-makers
United States
QuSecure banking trial cited in US post-quantum plan
Data Protection Encryption Crypto

QuSecure banking trial cited in US post-quantum plan

Fri, 20th Mar 2026
Karen Joy Bacudo
KAREN JOY BACUDO Finance Editor

QuSecure's banking deployment with Banco Sabadell and Accenture has been cited in a proposed post-quantum security framework submitted to the US Securities and Exchange Commission's Crypto Assets Task Force. The framework names the project as its only real-world implementation precedent.

Called the Post-Quantum Financial Infrastructure Framework, the submission points to the four-month deployment as evidence that migration to post-quantum cryptography can be carried out at a large financial institution. It presents the work as showing that such a shift is both technically possible and operationally practical in banking.

The reference puts a commercial deployment at the centre of a wider policy debate over how financial firms should prepare for the risk that quantum computers could break today's cryptographic systems. The framework argues that digital asset markets built on current cryptographic standards face severe risk if quantum computing advances quickly enough to undermine the mathematical foundations protecting transactions, wallets and infrastructure.

Sections of the framework describe the Banco Sabadell project as the sole "Real-World Implementation Precedent". They also cite the use of QuSecure's QuProtect system in an existing banking environment rather than in a lab setting or a pilot detached from day-to-day operations.

The text states that QuProtect's "PQC implementation proved feasible within existing infrastructure frameworks, [its] network-layer encryption solutions enabled quantum-safe standards without complete system overhaul, [and its] crypto-agility approaches demonstrated practical viability for complex banking environments."

Banking example

The case is likely to draw attention because financial institutions have been grappling with how to update cryptographic systems without disrupting critical operations. Core banking infrastructure, payments networks and digital asset platforms often rely on layers of older technology that are difficult to replace quickly.

By highlighting a deployment completed over four months in a live banking setting, the framework offers a more immediate model for migration than the long planning cycles often associated with security modernisation. It argues that this supports industry-wide adoption strategies, particularly where institutions need to make changes in phases rather than through wholesale system replacement.

The document also presents the issue as urgent. It cites pressure on timelines and refers to a Europol report suggesting the quantum threat could materialise as early as 2028. That estimate forms part of a broader debate across cyber security and financial services over when quantum computing could become strong enough to compromise widely used public-key cryptography.

If that point is reached, systems built on current standards could become vulnerable to decryption, impersonation and transaction tampering. In financial markets, that raises concerns about investor protection, custody, market infrastructure and systemic stability.

Regulatory focus

The submission comes as regulators, standard-setters and major technology suppliers consider how quickly post-quantum migration should proceed. The US National Institute of Standards and Technology has already been standardising post-quantum algorithms, giving organisations a basis for planning transitions away from older methods that may be exposed to future quantum attacks.

The framework says financial institutions need a structured approach to assess vulnerabilities, prioritise risk and implement new cryptographic standards without interrupting market operations. By citing a named banking deployment, it adds practical detail to what is often still a largely theoretical policy discussion.

For QuSecure, the citation provides outside recognition for a project it says was already carried out in production. For Banco Sabadell and Accenture, it also underscores the role of banks and consulting firms in turning post-quantum planning into operational work.

Accenture's role in the engagement was described as helping a regulated institution move from strategy to implementation. The announcement did not disclose financial terms.

Industry pressure

The issue extends beyond digital assets. Although the framework was submitted to an SEC task force focused on crypto assets, the migration challenge applies to any organisation that depends on long-lived sensitive data, secure communications and digital identity systems. Banks, healthcare providers, pharmaceutical groups and energy companies all face questions over how long current encryption will remain safe and how quickly replacement needs to happen.

Rebecca Krauthamer, Co-founder and CEO of QuSecure, said the framework put practical implementation ahead of abstract planning.

"The SEC framework goes beyond theory to real-world execution," Krauthamer said.

She added that the document set out what she viewed as an urgent timetable for action across regulated sectors.

"The PQFIF represents groundbreaking guidance that both recognises the immediacy of the threat and gives financial sector practitioners a clear set of actions to take to move beyond strategy and crypto inventory before the clock runs out. I expect other highly regulated sectors - pharma, healthcare, and energy - to adopt the path laid out in the PQFIF as they formalise their own migration guidance. QuSecure is proud to continue our pioneering legacy, giving security leaders peer precedent and board-ready examples that quantum-safe progress can start now, pragmatically, in phases, and without operational disruption, alongside innovative and security-first organisations like Banco Sabadell and Accenture," Krauthamer said.

The framework states: "The U.S. digital asset ecosystem, built upon current cryptographic standards, faces an existential threat from the rapid advancement of quantum computing. A cryptographically relevant quantum computer (CRQC) could break the fundamental security that protects trillions of dollars in assets, leading to systemic risk, catastrophic investor losses, and a complete erosion of market confidence. The framework provides a structured methodology for assessing vulnerabilities, planning a risk-based migration, and implementing NIST-standardised cryptographic solutions without disrupting market operations. Action today is needed to secure investor assets and ensure the long-term integrity of U.S. capital markets in the quantum era."

Related stories
Entrust & IBM Consulting team up on quantum-safe security
MHP survey finds firms racing to prepare for Q-Day
Rebuilding trust: preparing for the post-quantum internet
apexanalytix launches Qubiton for AI-powered supplier checks
Rippling launches SOC 2 compliance tool for IT teams
Top stories
RL Jones partners with Amberd.ai on tariff refunds
DTCC backs tokenised collateral to cut funding costs
CaptivateIQ launches AI agents for compensation planning
RegScale raises USD $30 million in oversubscribed Series B
US trade groups call for AI cyber risk coordination