I would definitely seek clarification from management and try to get them to define a better policy.
Also, take a look at writing udev rules, there are some things you can do there that might help. For example, you could write a rule that only mounts USB mass storage devices that are a particular model and/or a particular vendor. I think you could write a rule that would only mount a Maxtor One Touch and ignore anything else.
http://reactivated.net/writing_udev_rules.html
If the concern is that people are stealing data, you could mount everything read only.
If the concern is that people are unwittingly bringing in malware on thumb drives, then you could probably create a udev rule that runs clamav on the drive as soon as it's mounted.