Even in the West, nobody of low seniority challenges the C-level executive when they tailgate or walk around without their badge. And if you are new, if there is an important looking individual you don't recognise, you leave him alone, totally validating the "act as you belong adage".
Exactly the wrong message to send, particularly for an agency that’s supposedly an expert on security.
A signature (or stamp) is easy to fake and get away with for a while. It's very rare that the authenticity of signatures is checked right away. Perhaps even easier than stealing or faking a not-particularly-secured stamp. It only happens when some problem arises and is investigated after the fact. The question is not whether the signature is "authentic enough" but who signed the document. You can aks and answer this question about a seal equally well.
The reason we have signatures (or stamps) is as an explicit ritual signifying ratification of a document that one cannot plausibly deny later.
It's true, I don't know Japan, but I suspect that they might have it much easier to adapt than western pretend-buddy orgs.
There’s often a distinction in armies between “illegal command” issued by a commander, which one has to obey (or risk disciplinary action) and “blatantly illegal command” which must be disobeyed. An example of the former would be “keep your post for 20 hours straight” (where regulations limit a shift to e.g. 12 hours). An example of the latter would be “cut the limbs off other members of your platoon”.
An army setting is a much better model of some cultures. They are not as bad, but if taken ad absurdum they would look like an army setting.
The daisy chaining prevents single responsibility stuff like this.
Also for what it's worth I've done verification callbacks to every single one of my bosses at some point during my career here and no-one's ever questioned it.
https://en.wikipedia.org/wiki/Japanese_management_culture
> The term of "ringi" has two meanings. The first meaning being of "rin", 'submitting a proposal to one's supervisors and receiving their approval,' and "gi" meaning 'deliberations and decisions.' Corporate policy is not clearly defined by the executive leadership of a Japanese company. Rather, the managers at all levels below executives must raise decisions to the next level except for routine decisions. The process of "ringi decision-making" is conducted through a document called a "ringisho".
(For reference)
I'm no expert, I've never been to the land of the rising sun. This is what people have told me of their time there. Your input is very much appreciated.
And it is far too easy to state that a foreign culture needs to change. The Japanese could say that American or Western culture needs to change, just for example with the glorification of violent criminals in media.
If an angry video call from the boss is all that is required to exfiltrate millions of dollars, and boss video calls become as easy to produce as spam emails, then the exfiltration of funds from Japanese organizations becomes as fast as approximately (spam email send rate) * (millions of dollars).
When you have received the 7th angry call from the boss that day, demanding funds be sent immediately, you eventually realize you need a different system. At a minimum the boss will need to come be angry in person.
If there's a need then this will change. You might as well say that they'd never use a telephone because it's culturally alien. It was alien, but it was useful, so they adapted. Same with email and video calls. The boss has to log into their banking just like everyone else, because there's a need for it. If there's a need for this, the OP's suggestion seems like a pretty good one, as it augments the existing culture with a security step.
