Deposit by Mail Controls at Selected Mail Processing Facilities
Objective
Our objective was to assess controls and actions taken by the U.S. Postal Service to address identified security deficiencies surrounding the Postal Service’s Deposit by Mail (DBM) service at [redacted] mail processing facilities.
At the request of a business customer, the Postal Service initiated a new service in February 2015 called DBM, which allows cash and high-value mailings to be sent through the Postal Service Priority Mail system. USPS has 16,000 retail locations throughout the country that participate in the DBM service. The high-value DBM mail is handled and processed like any other Priority Mail.
The customer’s retail location sends their [redacted] via Priority Mail to the customer’s headquarters in [redacted]. In turn, the customer’s headquarters sends [redacted] throughout the country. Incoming and outgoing Priority Mail envelopes originate and destinate through three [redacted] mail processing facilities: [redacted]. Postal Inspection Service and Postal Service personnel are responsible for security at these locations while the Postal Service has custody of the mail.
The customer’s annual DBM mail volume increased from about [redacted] mailpieces from June 2018 to May 2019. The DBM service generated about [redacted] million in revenue for the Postal Service during this time period. We estimate that the business customer mailed about [redacted] through the DBM service from June 2018 to May 2019. The DBM service currently [redacted].
Postal Service Handbook RE-5, Building and Site Security Requirements, covers the security of personnel, buildings, and mail on site and security of mail and Postal Service assets within a building. Since 2018, the Postal Inspection Service’s [redacted] has conducted six security reviews at the three [redacted] mail processing facilities. Specifically, Vulnerability Risk Assessment Tool (VRAT) reviews of facility security were performed at the [redacted]. VRAT is the tool the Postal Inspection Service and Postal Service employees use to identify security risks and vulnerabilities at facilities.
The Postal Inspection Service conducted two additional security reviews of the DBM service at the [redacted]. [Redacted.] Security reviews are addendums to VRATs. The two security reviews examined the protocols and security practices at Postal Service facilities that process, transport, and deliver the customer’s [redacted]. From the various security reviews, we identified 14 high-risk security deficiencies which impact the DBM service and determined the actions management has taken to respond to the Postal Inspection Service security reports and address these deficiencies.
What the OIG Found
The Postal Service did not properly address the 14 high-risk security deficiencies identified by the Inspection Service for the [redacted] mail processing facilities which process DBM mail. We also identified three additional high-risk security deficiencies during our site observations at the three facilities in June 2019.
The deficiencies included:
- Lack of cameras at DBM mail processing and handling facilities (three deficiencies at the three facilities). Cameras that provide full coverage of the mail processing machines that process the DBM mail are needed.
- Unsecured doors (five deficiencies at the three facilities), including exterior doors with badge readers and interior doors left open, propped, or broken.
- Unsecured staged DBM mail (four deficiencies at two facilities). DBM mail is staged outside of secured areas and is accessible to unauthorized personnel.
- Inadequate rewrap procedures for DBM mail (four deficiencies at one facility). The rewrap area is where damaged or broken parcels are repaired. It is accessible by unauthorized personnel and is not fully covered by camera views. In addition, DBM mail is comingled with other mail.
- Personal items were left on the work-floor (one deficiency at one facility).
These conditions occurred because plant officials did not properly coordinate with the Postal Inspection Service to properly address security deficiencies. In addition, Standard Operating Procedures (SOPs) were not developed for high-value Priority Mail such as the DBM service.
When security deficiencies are not properly addressed, there is an increased risk of mail theft. According to DBM business customer records, nearly [redacted]. [Redacted] from mail processing facilities for the period February through July 2019. Lost and stolen mail reflects poorly on the Postal Service’s brand and public image and leaves the agency open to customer complaints.
What the OIG Recommended
We recommended management:
- Establish SOPs for the DBM service to include security cameras, secured doors, staged mail, and adequate rewrap procedures.
- Instruct plant management to properly address security deficiencies identified by the Postal Inspection Service, in a timely manner.