Excess code review rules and company policies are, in effect, a defense against the stupid. They're in place to limit or slow down the damage potentially done by stupid employees.
However, they're also a defense against the smart.
If there's a barrier erected to weed out stupid changes the barrier works to weed out smart changes as well. The barrier can't distinguish smart changes from stupid changes, and the people operating the barrier can't easily do that either since their asses are on the line in case they miss a bad change. As you can see, even the word of a higher manager can't change that since the defenses are spread out so wide: there's always some additional policy that requires more and more authorization from more and more people.
Good systems always support skunkworks approaches where good programmers have an unofficial half-sanctioned way to subvert the policies when needed.
However, they're also a defense against the smart.
If there's a barrier erected to weed out stupid changes the barrier works to weed out smart changes as well. The barrier can't distinguish smart changes from stupid changes, and the people operating the barrier can't easily do that either since their asses are on the line in case they miss a bad change. As you can see, even the word of a higher manager can't change that since the defenses are spread out so wide: there's always some additional policy that requires more and more authorization from more and more people.
Good systems always support skunkworks approaches where good programmers have an unofficial half-sanctioned way to subvert the policies when needed.