Among all the Financial System Inquiry submissions calling for a lighter touch at the regulatory tiller, there stood out a call for greater intervention in the area of cyber-security.The concern is that as the financial system moves further into the digital sphere and consumers become increasingly dependent on their digital identities to conduct banking business, the risk of cyber-crime becomes much greater.KPMG's submission said cyber-security had the potential to be a systemic risk to the financial system."Technological innovation increases potential vulnerabilities, such as cyber-crime, that need to be better understood and addressed," KPMG said.It recommended that regulators should be given the power to oversee adoption of cyber-security standards by corporations that deal with, or process, large numbers of consumer-generated financial transactions."The UK government has sponsored a program of independent third-party security assessments, with the results providing guidance for corporate remediation," KPMG said."In Australia to date there has been no industry-wide exercise to validate overall cyber-security and vulnerability."Financial institutions and large companies operate differing technologies. These are often legacy systems with limited potential to enhance cyber-security provisions, which can create a 'weakest link' opportunity."Such an approach would challenge the industry's self-regulatory approach. The Australian Bankers' Association handles cyber-security issues through its Code of Banking Practice, and the card scheme operators Visa and MasterCard have EMV standards and PCI rules governing the use of cards.Commonwealth Bank called for roles, responsibilities and protocols in the event of a cyber-crisis to be formalised, and said Australia's cyber security strategy has not been revised since 2009.The Australian Payments Clearing Association endorsed a co-regulatory model. Its submission outlined a three-step approach where the regulator sets policy and objectives, the industry works out how to meet the standard and if the industry fails to achieve the agreed objectives, the regulator steps in.APCA chief executive Chris Hamilton said: "I agree that the regulator needs to have the power to set standards. The question for the inquiry is whether there is a public authority with the necessary tools."Visa chief executive Stephen Karpin said: "We would be very opposed to having that [security] removed from our accountability. It is our core business and we are very effective."We manage security end to end and by disconnecting it there would be unintended consequences. In terms of regulatory oversight, we think there is enough dialogue."