Once a year, the Compliance Department tries to get us to notice the bank's "clean-desk policy". The policy has been in effect for as long as I can remember, and for as long as I can remember, I have been ignoring it. It's one of those pointless policies that state the obvious and then set up a load of rules that go way beyond what is necessary.

 

No sensible banker is going to leave confidential information lying around, and it's not necessary to try to turn all of us into retentive neat freaks to prevent slip-ups.

 

The basic message of the policy is pretty clear from its title. But it doesn't just say, "Keep your desks tidy." No, it's full of specific rules that Compliance has come up with to deal with categories of confidentiality. Things that are a little bit confidential need to be out of sight; things that are really confidential need to be locked away; and things that are really, really confidential need to be in a safe surrounded by bear traps.

A lot of this is common sense, but the bit that bothers me is that someone has come up with the idea that the only way to be really sure confidential information is being protected is to require everyone's desks to be completely empty at the end of every day. I suppose the fear is that the cleaners or security guards are sneaking around in the middle of the night reading about credit default swap pricing and leafing through loan agreements.

There are people at the bank with spotlessly clean desks who will have no problem complying with this policy. I am highly suspicious of these people. Our chief financial officer, for example, never has even a Post-it note on his desk. My assumption is that he is either completely idle or frighteningly obsessive about tidiness.

My office, by contrast, is a shambles. Surrounding the computer are piles of offering circulars, information memoranda, loan agreements and pitch books, as well as various magazines and memos. I'm not one of those deluded messy people who say unconvincingly, "I know exactly where everything is." I don't. But I can find pretty much everything I need, eventually.

Now, I could take an afternoon to tidy my desk. And now and again I've tried. But the phone tends to ring, and people tend to stop by, and clients send e-mails, and before I have a chance to find out what the desk is actually made of, I start to feel like coffee. So I tend to give up.

But, as I mentioned, the Compliance Department has embarked on its annual get-people-to-notice-the-clean-desk-policy initiative, and this year, I may actually have to do something about it. The plan this year is that Compliance will visit each department's offices after hours and then announce on the internal network the names of the people who have not complied.

Having not actually read the  e-mail that set out this new name-and-shame programme in the first place - it was deleted along with every other piece of junk mail I get from back office - I discovered it this morning when the first list of offenders was posted.

"The following instances of non-compliance with the clean-desk policy were noted during our review of the Structured Finance Department: (1) Stephen Chow's work station was found to have unsecured copies of the bank's internal memo `Operation of internal mail system'; (2) Peter Tsang's workstation was found to have ..." etc.

Unfortunately, there are people, including people in management, who think that since data protection is essential, any method is acceptable. Because these people are also deciding my bonus, I can't just ignore the policy this time.

So I comply, kind of. First, I find out when my department is going to be inspected. Then I get some large cardboard boxes and dump the piles of paper on my desk into them. Then I print out 100 copies of the clean-desk policy.

Now comes the difficult part of the plan, which I have to stay late in the office to implement. I need to be the last person to leave in order to carry out my plan. And this is not easy. It's not that I don't like working late, it's just that, being a managing director means that my staff don't like to leave the office before I do, whatever time that is. I wait and wait until 9pm, trying to look busy surfing the Net and e-mailing my friends. Still nobody has left. At 10pm nothing has changed, so I try a new tactic: I get up and go.

As I suspect, when I return at 10.15pm, the office is deserted. The Compliance guys should be here in about three hours. This gives me plenty of time to take my 100 copies of the clean-desk policy and put one on every desk in the department. Including my own.

I was looking forward to the name-and-shame e-mail for my department the next day, but it never came. Internal bank-policy documents left unsecured on every desk, and no public vilification! Turns out there were no more name-and-shame e-mails at all after that and Compliance decided to review its procedures. And my desk has returned to its natural state.