H.R. 5166 is an FY2026 appropriations bill that funds Department of the Treasury programs, the Internal Revenue Service, the Judiciary, the Executive Office of the President, independent agencies, and District of Columbia federal payments. It sets specific dollar levels (for example: Treasury departmental offices $239.4M; Office of Terrorism and Financial Intelligence $230.5M; Cybersecurity Enhancement Account $99M; IRS taxpayer services $2.78B, enforcement $3.0B, and technology & operations support $3.75B) and authorizes multiyear availability for many cybersecurity and capital initiatives.
Alongside the spending lines the bill contains a long set of policy riders and programmatic directions: prohibitions on work toward a U.S. Central Bank Digital Currency; constraints on FinCEN beneficial‑ownership rule enforcement in certain circumstances and a 90‑day Treasury report on existing BO data; multiple IRS-specific rules (including a ban on developing a free, public e‑file without committee approval and enhanced quarterly IT reporting requirements); detailed CDFI Fund priorities and set‑asides; and procedural limits on several consumer‑safety and financial regulatory rulemakings. For practitioners this is both a funding bill and a package of operational directives that shape enforcement capacity, regulatory timelines, and grant priorities across the financial, tax, cybersecurity, and consumer protection landscapes.
At a Glance
What It Does
Provides FY2026 appropriations across Treasury ($hundreds of millions for offices, cyber, and CFIUS), IRS (separate accounts for taxpayer services, enforcement, and IT), Judiciary, EOP, independent agencies, and District of Columbia federal payments; establishes multi-year availability for selected cyber and capital funds and more than a dozen statutory riders restricting agency rulemaking or directing reports and studies.
Who It Affects
Financial regulators and supervised firms (Treasury, FinCEN, CFIUS, CDFI recipients, FDIC‑related functions); taxpayers and tax practitioners (IRS enforcement and tech investments); cybersecurity and IT contractors (multi‑year cyber accounts and strict IT reporting); consumer product and vehicle manufacturers (CPSC rule limitations); and the District of Columbia (federal payments and spending conditions).
Why It Matters
Beyond budget numbers, this bill materially shapes agency behavior: it increases enforcement and modernization funding (notably for IRS and Treasury cybersecurity) while placing explicit statutory limits on rulemaking, directing new reporting obligations (especially IT and digital‑assets custody work), and carving programmatic set‑asides that reallocate discretionary funding toward prioritized communities.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
This is a standard 302(b) appropriations measure that groups the financial services and general government portfolio into Titles funding Treasury, IRS, the Judiciary, the Executive Office of the President, independent agencies, and District of Columbia federal payments. For Treasury the bill funds core departmental offices and creates multiyear pools: a Cybersecurity Enhancement Account ($99M, available through 2028) and small departmental IT/capital allotments; it also funds the Committee on Foreign Investment in the U.S. ($21M) and the Office of Terrorism and Financial Intelligence ($230.5M) with explicit line items for AI testing and human‑rights activity.
The CDFI Fund gets $276.6M, with clear statutory priorities and multi‑year availability for many award types and targeted set‑asides (Native communities, persistent poverty counties, disability‑focused investments). The bill also retains detailed transfer authorities among Treasury accounts with committee notice requirements.
The IRS is funded across three separate buckets: Taxpayer Services ($2.78B), Enforcement ($3.0B), and Technology & Operations Support ($3.75B). The legislation pairs those dollar amounts with binding administrative directions: the IRS must submit quarterly, detailed IT investment reports to appropriations committees and the Comptroller General; transfer caps and internal transfer restrictions apply; and several riders constrain IRS activity, including prohibitions on targeting First Amendment activity and a precondition that the IRS cannot create a free public e‑file service without congressional committee approval.
There are also caps on firearms purchases and conference rules tied to prior inspector general recommendations.Independent agencies and safety regulators receive funding but with programmatic limits. The Consumer Product Safety Commission receives funds but the bill blocks implementation of certain rules (e.g., specific Recreational Off‑Highway Vehicle and gas‑stove related actions) until National Academy of Sciences studies or forbids some steps outright.
The Federal Trade Commission and Securities and Exchange Commission receive substantial appropriations but face riders restricting certain rulemakings, international coordination on merger reviews, and review/approval of standard-setter budgets. The Federal Communications Commission appropriation is offset by collections and the bill narrows certain universal service changes and other rulemakings.Title IV contains District of Columbia federal payments: tuition support ($20M), emergency planning and security ($70M), federal payments for courts, defender services, the Public Defender Service, and other DC‑specific transfers with requirements for quarterly reporting and caps on local spending authority.
The Judiciary and Judicial Security receive multi‑year and large appropriations focused on court operations, defender services, and courthouse security. Across the Act numerous government‑wide general provisions impose restrictions on agency travel and conference spending, prohibit certain types of training or diversity programs with specified exceptions, and require agencies to follow new or reinforced IT and reprogramming reporting regimens.Mechanically, the Act is a mixture of line‑item budgets, multi‑year cybersecurity/capital funds, statutory earmarks, and policy riders that together increase some agencies’ operational capacity while legally constraining what those agencies may do — especially on rulemaking, digital currency policy, beneficial‑ownership enforcement, and a range of agency actions identified by name or subject matter within the text.
Several provisions also create directed reports (for example, Treasury reports on the feasibility of a Strategic Bitcoin Reserve, and custody plans for government‑held digital assets) with 90‑day deadlines, which will generate future implementation work even where the bill forbids other action (e.g., no CBDC work).
The Five Things You Need to Know
The IRS receives separate funding lines—Taxpayer Services $2.7806B, Enforcement $3.000B, and Technology & Operations Support $3.7508B—and the bill requires quarterly, detailed IT investment reports to appropriations committees and the Comptroller General within 30 days after each quarter.
Treasury’s Cybersecurity Enhancement Account is funded at $99,000,000 (available through Sept 30, 2028) and the bill designates $7,000,000 of that amount for CIO oversight of those investments.
The Community Development Financial Institutions Fund is appropriated $276,600,000 with statutory priorities: at least $170,000,000 for financial/technical assistance (available through Sept 30, 2027), not less than $35,000,000 for Native American/NH/Alaska Native programs, $35,000,000 for the Bank Enterprise Award program, and at least 10% of awards for persistent‑poverty counties.
The bill bars use of funds by Treasury/FinCEN to implement or enforce beneficial ownership reporting rules that a federal court has found unconstitutional or not reflective of Congressional intent and requires a 90‑day Treasury report describing status and use of BO information submitted after Jan 1, 2024.
Multiple policy riders prohibit or delay agency rulemaking and programs: a statutory ban on Treasury participation in designing a U.S. CBDC; a prohibition on the IRS developing a free public e‑file option without committee approval; and limitations blocking CPSC implementation of certain vehicle and appliance rules pending NAS studies or outright prohibition of a gas‑stove ban.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Departmental funding, CFIUS, OFAC/TFI, cybersecurity and IT capital
The bill appropriates the normal suite of Treasury offices with detailed line items and multi‑year availabilities. Of note: the Cybersecurity Enhancement Account ($99M) is a stand‑alone, multi‑year account meant to supplement bureau cyber budgets and includes a $7M allocation for CIO administrative oversight. The Committee on Foreign Investment in the U.S. (CFIUS) receives $21M and is authorized to transfer funds to member agencies for section 721 work, with fees credited to offset the appropriation. The Office of Terrorism and Financial Intelligence is funded at $230.5M with specific carve‑outs (not less than $3M for human rights work and $500K for AI/machine‑learning testing). The text creates transfer authorities and reporting requirements and keeps certain Treasury funds available into FY2027 for oversight, audits, and international operations.
Big increases in taxpayer services, enforcement, and IT with new compliance and reporting rules
The IRS receives multi‑billion allocations across three accounts. The bill conditions those dollars with operational directives: a prohibition on transfers into Enforcement; limits on personnel/hiring/bonuses tied to tax compliance; and a ban on creating a free, public electronic return‑filing service without prior committee approvals. Critically, Technology & Operations Support is paired with a hard quarterly reporting regimen to Appropriations and the Comptroller General that must include program status, lifecycle costs, risks, and prior quarter performance—language designed to force transparency on large IT investments. Several administrative provisions restrict use of funds for targeted political activity, require taxpayer address‑change confirmations, and limit certain conference spending and rehiring bonuses.
Program funding with explicit set‑asides and prioritization rules
The bill provides $276.6M for the CDFI Fund and breaks down allowable uses in statute: at least $170M for financial and technical assistance (multi‑year availability), set‑asides for Native communities ($35M), Bank Enterprise Awards ($35M), small‑dollar loan programs ($3M), and explicit prioritization for high‑poverty and persistent‑poverty counties. The text also creates caps and rules around direct loans, guarantee commitments, and requires the Fund to prioritize awards to organizations serving high‑poverty areas—mechanics that push the Fund toward targeted geographic and demographic outcomes.
Targeted restrictions on CPSC rulemaking and requirements for external studies
Although funded, the CPSC faces multiple rider constraints: the Act blocks use of funds to finalize or implement the ROV stability standard and debris penetration rules until the National Academy of Sciences completes technical studies (repeatability/reproducibility, injury prevention estimates, military effects) and delivers reports to specified committees. The bill also prohibits use of funds to finalize or implement blade‑contact/table saw and gas‑stove bans or related rules. Practically, CPSC’s regulatory timeline is delayed and the agency must await external technical validation on certain high‑profile standards.
FTC, SEC, FCC, and election assistance funding paired with narrow policy limits
The SEC and FTC receive significant appropriations (SEC with fee offsets), but both are subject to riders that prohibit or restrict particular rulemakings (SEC climate disclosure rule; FTC unfair methods of competition rule changes) and international coordination in some merger matters. The FCC appropriation is tied to offsetting collections and blocks certain universal service rule changes and a digital discrimination rule. Election Assistance receives funds earmarked for states and requires quarterly financial and annual progress reporting for the election security grants. These riders change future rule‑making pathways and interagency collaboration norms.
Courts, defender services, and court security funding
The Judiciary receives appropriations for Supreme Court operations, Courts of Appeals, district courts, defender services ($1.57B, available until expended), and a large Judicial Facility Security Program ($892M) to be administered by the U.S. Marshals Service. The bill funds multi‑year cybersecurity and IT modernization activities for the courts and allows certain cross‑agency security arrangements as a pilot, formalizing cost‑reimbursement mechanisms that will affect courthouse security services and budgets.
Federal payments to DC and local‑spending constraints
The Act provides federal payments to the District of Columbia for resident tuition support ($20M), emergency planning and security ($70M), federal payments to DC courts and related entities (including capital funds), and detailed conditions for local funds. It requires district financial reporting, sets limitations on local budgeting authority absent statutory exceptions, and includes riders blocking certain DC laws (e.g., on drug decriminalization, assisted‑suicide changes, and aspects of local governance) and forbidding use of federal funds to enroll non‑citizens into voter rolls for local elections.
This bill is one of many.
Codify tracks hundreds of bills on Finance across all five countries.
Explore Finance in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Internal Revenue Service — Gains multibillion funding for taxpayer services, enforcement, and IT; however, the funds come with strict reporting requirements and operational constraints that will shape procurement and project timelines.
- Department of the Treasury bureaus — Receive explicit cyber and modernization funding (including a $99M cybersecurity account) and targeted support (CFIUS, terrorism & financial intelligence), increasing capabilities to oversee financial‑national security risks.
- Community Development Financial Institutions (and target communities) — CDFIs, Native and persistent‑poverty area lenders, and small dollar loan programs receive statutory set‑asides and multi‑year money that prioritizes investment into high‑poverty and tribal areas.
- Federal courts and judicial security providers — The judiciary sees sizable appropriations for court operations, defender services, and a large court security program that funds protective services and security system upgrades.
- Cybersecurity and IT vendors — Multi‑year capital buckets and CIO oversight funding create procurement opportunities for modernization and cybersecurity projects across Treasury and IRS accounts.
Who Bears the Cost
- Regulated financial and corporate sectors — Increased IRS enforcement dollars and targeted Treasury/TFI funding raise enforcement risk and compliance pressures for financial institutions; selected rider prohibitions may shift enforcement priorities but do not eliminate oversight exposure.
- Independent regulators (FTC, SEC, CPSC, FCC) — The bill constrains regulatory discretion via riders that block or delay rulemakings, which reduces agency flexibility and shifts legal/regulatory risk back to Congress and the courts.
- District of Columbia government — Federal funding comes with statutory conditions and reporting requirements that limit local autonomy in areas where riders prohibit or restrict specific local laws (e.g., legalizations, elections, and some public‑health related rules).
- Agencies implementing IT modernization — Must absorb new reporting burdens (detailed quarterly IT and program reporting) that require internal staff time and resources; smaller agencies may need to reallocate funds to comply with reporting and oversight.
- Vendors and private custody providers of digital assets — The Treasury directives to produce custody plans and lists of third‑party custodians will increase scrutiny and may create vendor due‑diligence and disclosure burdens.
Key Issues
The Core Tension
Congress funds agency capacity (notably IRS enforcement and Treasury cyber) at the same time it binds agencies with riders that curtail regulatory action and require procedural studies and reports: the central dilemma is whether appropriations should simply finance execution of statutory missions or also be used as an instrument to set binding policy and procedural constraints that reshape agency discretion and slow implementation.
The bill is a hybrid of financing and intrusive policy direction. On the one hand it substantially funds enforcement, cyber, and modernization work—most prominently at the IRS and Treasury—creating new operational capacity.
On the other, it uses appropriations riders to micromanage major policy domains (digital assets, beneficial ownership, consumer safety standards, and multiple regulatory rulemakings). That mix produces implementation tensions: agencies must ramp up large programs while operating under legal constraints that limit what rules they can finalize or even study.
Practically, the heavy reporting requirements (for example, IRS quarterly investment reports and Treasury reports on digital‑asset custody and a proposed Strategic Bitcoin Reserve) create near‑term administrative work that consumes staff and contracting dollars intended for program delivery. The bill also produces legal uncertainty: provisions that forbid enforcement of rules ‘‘found by a Federal court to be unconstitutional or do not reflect Congressional intent’’ (FinCEN BO language) leave agencies uncertain about how to proceed with partially litigated rules and may encourage serial litigation.
Finally, the piecemeal rider approach creates policy incoherence—agencies get money for functions (cyber, BO systems, digital asset custody) while simultaneously being told certain work cannot proceed—raising costs and lengthening timelines for projects that require regulatory or cross‑agency coordination.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.