Clearing houses and payment systems must show by June 2017 how their core operations would recover from a cyber attack within two hours, regulators said on Wednesday in their first global financial sector guidelines for tackling hackers.
Central banks and other regulators worry that hackers could freeze often interlinked payment and clearing systems to undermine financial stability.
Mary Jo White, chair of the US Securities and Exchange Commission - one of the watchdogs behind the new guidelines - told Reuters in May that cyber security is the biggest risk facing the financial system.
The Committee on Payments and Market Infrastructures (CPMI) published its final guidelines this week in what chairman Benoit Coeure called "a landmark report for the financial industry".
"Financial market infrastructures (FMI) should take action immediately to implement its recommendations," he said.
The aim is to make sure that responsibility for cyber defence rests in the board room and not in the IT department.
The guidelines from CPMI, a global central bank panel, and IOSCO, an umbrella group for securities regulators, say core functions of payment systems, trade repositories, and clearing and settlement houses must be able to recover quickly from a cyber attack.
The guidelines, based on proposals made in 2014, will also be implemented by SWIFT, the global messaging network used by banks even though it is not formally an FMI.
FMIs are the "plumbing" of the financial system, linking major players like exchanges, banks and brokers.
"An FMI should design and test its systems and processes to enable the safe resumption of critical operations within two hours of a disruption," the guidelines say.
"FMIs should also plan for scenarios in which the resumption objective is not achieved," the guidelines stipulate.
FMIs must have concrete plans to meet the two-hour time limit in place for regulators by June 2017.
Draft proposals in 2014 had implied this two-hour requirement would come into effect when the final guidelines are published. All other aspects of the guidelines come into effect immediately.
FMIs must also be able to identify the status of all transactions and positions of members at the time of a disruption in a timely manner.
Aware that defences are only as strong as the weakest link, the guidelines also emphasise the need for building up resilience to hackers collectively.