You are the Chief Information Security Officer (CISO) of a major bank. Draft a strategic roadmap for migrating the institution's PKI infrastructure to post-quantum cryptography (PQC) standards (e.g., CRYSTALS-Kyber, CRYSTALS-Dilithium). The roadmap must include: 1. A risk assessment of 'harvest now, decrypt later' attacks. 2. Phased approach (inventory, hybrid deployment, full transition). 3. Crypto-agility requirements for the hardware security modules (HSMs). 4. Regulatory compliance considerations. 5. A timeline spanning the next 5 years.