Banco de México released new measures governing financial institutions that have operations in the central bank's payment system, known as SPEI, following a cyberattack in which hackers reportedly stole up to about 400 million pesos from several banks.

The central bank published two circulars, one of which requires financial institutions that receive fund transfers equal to or greater than 50,000 pesos to deliver the money to clients within a fixed one-day term only through cash or cashier's check.

As an exception, receiving institutions can deliver the payment on the same day if they are authorized to do so by the client.

Another circular states that financial institutions using the SPEI and receiving fund transfers may be authorized to carry out validations of the transfers in time periods greater than five or 30 seconds, to provide more time to review the operations.

According to the central bank, it has "considered it necessary to foresee the execution of risk control mechanisms that can be carried out by participants in the SPEI, before the realization of contingency events that will reduce the probability of resources derived from fund transfers being credited to beneficiary accounts not legitimately authorized."

Several Mexican financial institutions were reported earlier in May to have been exposed to a hacking attempt, in which money was illegally siphoned using fake accounts. According to central bank Governor Alejandro Díaz de León, three banks, a broker and a credit union were affected by the cyberattack.