Management of Commercial Mail Receiving Agencies
Background
Customers can receive mail and packages from the U.S. Postal Service in a variety of locations, including through private mailboxes at Commercial Mail Receiving Agencies (CMRA). Over 1.6 million customers nationwide (through nearly 12,000 CMRAs) were registered for this service as of February 2025. The Postal Service does not collect any related revenues but manages CMRA applications, quarterly reporting, mail sample tests, and overall program data quality. In 2018, we reported that insufficient oversight made CMRAs vulnerable to drug traffickers, and the Postal Service subsequently invested in an automated database to better track and monitor CMRA documentation.
What We Did
Our objective was to evaluate the Postal Service’s management of CMRAs. We analyzed systems, data, and documentation; interviewed staff; and reviewed policies.
What We Found
Despite improvements, ineffective management and oversight of CMRAs remain. First, the amount the Postal Service spends managing CMRAs is unknown, as management does not track these costs. This lack of data hinders the efficient management of CMRA resources and the potential development of strategies to offset costs. We estimated the Postal Service missed collecting CMRA-related revenues of about $5.2 million for fiscal years 2023-2024. Second, we found compliance issues related to missing or outdated applications, inaccurate data, and incomplete mail samples. These issues occurred due to a variety of shortfalls, including staff not being aware of certain policy requirements, vague policies, or a lack of internal controls. Industry representatives echoed some of these concerns and contended that insufficient communication from the Postal Service to both field staff and CMRAs could be contributing to the non-compliance. While we acknowledge the Postal Service is deploying its automated database, continued non-compliance could result in vulnerabilities to program safety, security, and effectiveness by those trying to exploit the CMRA network.
Recommendations and Management’s Comments
We made five recommendations to address the issues in the report. Management agreed with one and disagreed with four. We consider management’s comments responsive to recommendation 3, as corrective action should resolve the issues in the report. For recommendations 1, 2, 4, and 5, we will work with management through the formal audit resolution process. Management’s comments and our evaluation are at the end of each finding and recommendation.