I think it's consistent at least with my observation that in some cases, policy seems to be applied as a way to just say that the policy has been applied; so if the policy's been applied, then they have plausible deniability. If something goes wrong, they can say they followed the policy.
I don't know to what extent it is fear—or, if there is any fear, how widespread that might be. I've come across probably too many instances, and in the case of Phoenix, it was how the SI system report was used essentially to say that they followed the policy of making sure there was an external evaluation of the project, when it didn't have the independence it needed to reflect the substance of that policy.
I think we see situations where the system becomes very focused on checking boxes and using policies as cover for making certain decisions.