My wife received, at her business post office box (used for 12 years), mail from another bank addressed to that bank's customer. The customer's loan account number and the first two paragraphs of the letter were readable through the envelope.

I called the bank, requesting an explanation of how our post office box came to be used and to inform them of the envelope transparency. The post office box was given to them by their customer (no idea why). As to the envelope, the person doing the mailing ran out of their usual security window envelopes and decided to use the non-security, non-window envelope. My point is that even well crafted procedures designed to ensure compliance would be derailed by this weak training link. It sure made me mentally retrace our steps in getting the mail out the door. It also makes me want to beef up our address verification procedures for CIP.

Allow me to say that the customer (and the bank) are lucky that went to you and not someone without an inclination toward honesty.