diff --git a/pkg/webhooks/mutation.go b/pkg/webhooks/mutation.go
index eefe7f25c0..94d07f2989 100644
--- a/pkg/webhooks/mutation.go
+++ b/pkg/webhooks/mutation.go
@@ -2,6 +2,7 @@ package webhooks
 
 import (
 	"github.com/golang/glog"
+	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
 	engine "github.com/nirmata/kyverno/pkg/engine"
 	policyctr "github.com/nirmata/kyverno/pkg/policy"
 	"github.com/nirmata/kyverno/pkg/utils"
@@ -10,7 +11,7 @@ import (
 )
 
 // HandleMutation handles mutating webhook admission request
-func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest, roles, clusterRoles []string) (bool, []byte, string) {
+func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest, policies []kyverno.ClusterPolicy, roles, clusterRoles []string) (bool, []byte, string) {
 	glog.V(4).Infof("Receive request in mutating webhook: Kind=%s, Namespace=%s Name=%s UID=%s patchOperation=%s",
 		request.Kind.Kind, request.Namespace, request.Name, request.UID, request.Operation)
 
@@ -60,15 +61,7 @@ func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest, roles
 	//TODO: check if the name and namespace is also passed right in the resource?
 	// if not then set it from the api request
 	resource.SetGroupVersionKind(schema.GroupVersionKind{Group: request.Kind.Group, Version: request.Kind.Version, Kind: request.Kind.Kind})
-	// lookup policies based on operation,kind, namespace
-	policies, err := ws.pMetaStore.LookUp(resource.GetKind(), resource.GetNamespace())
-	if err != nil {
-		//TODO check if the CRD is created ?
-		// Unable to connect to policy Lister to access policies
-		glog.Errorln("Unable to connect to policy controller to access policies. Mutation Rules are NOT being applied")
-		glog.Warning(err)
-		return true, nil, ""
-	}
+
 	var engineResponses []engine.EngineResponse
 	policyContext := engine.PolicyContext{
 		Resource: *resource,
diff --git a/pkg/webhooks/server.go b/pkg/webhooks/server.go
index c6e0eca610..46dee5c8d5 100644
--- a/pkg/webhooks/server.go
+++ b/pkg/webhooks/server.go
@@ -26,7 +26,6 @@ import (
 	"github.com/nirmata/kyverno/pkg/webhookconfig"
 	v1beta1 "k8s.io/api/admission/v1beta1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/labels"
 	rbacinformer "k8s.io/client-go/informers/rbac/v1"
 	rbaclister "k8s.io/client-go/listers/rbac/v1"
 	"k8s.io/client-go/tools/cache"
@@ -183,16 +182,15 @@ func (ws *WebhookServer) serve(w http.ResponseWriter, r *http.Request) {
 }
 
 func (ws *WebhookServer) handleAdmissionRequest(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse {
-	// TODO: this will be replaced by policy store lookup
-	policies, err := ws.pLister.List(labels.NewSelector())
+	policies, err := ws.pMetaStore.LookUp(request.Kind.Kind, request.Namespace)
 	if err != nil {
+		// Unable to connect to policy Lister to access policies
 		glog.Errorf("Unable to connect to policy controller to access policies. Policies are NOT being applied: %v", err)
 		return &v1beta1.AdmissionResponse{Allowed: true}
 	}
 
 	var roles, clusterRoles []string
 
-	// TODO(shuting): replace containRBACinfo after policy cache lookup is introduced
 	// getRoleRef only if policy has roles/clusterroles defined
 	startTime := time.Now()
 	if containRBACinfo(policies) {
@@ -206,7 +204,7 @@ func (ws *WebhookServer) handleAdmissionRequest(request *v1beta1.AdmissionReques
 	glog.V(4).Infof("Time: webhook GetRoleRef %v", time.Since(startTime))
 
 	// MUTATION
-	ok, patches, msg := ws.HandleMutation(request, roles, clusterRoles)
+	ok, patches, msg := ws.HandleMutation(request, policies, roles, clusterRoles)
 	if !ok {
 		glog.V(4).Infof("Deny admission request:  %v/%s/%s", request.Kind, request.Namespace, request.Name)
 		return &v1beta1.AdmissionResponse{
@@ -222,7 +220,7 @@ func (ws *WebhookServer) handleAdmissionRequest(request *v1beta1.AdmissionReques
 	patchedResource := processResourceWithPatches(patches, request.Object.Raw)
 
 	// VALIDATION
-	ok, msg = ws.HandleValidation(request, patchedResource, roles, clusterRoles)
+	ok, msg = ws.HandleValidation(request, policies, patchedResource, roles, clusterRoles)
 	if !ok {
 		glog.V(4).Infof("Deny admission request: %v/%s/%s", request.Kind, request.Namespace, request.Name)
 		return &v1beta1.AdmissionResponse{
diff --git a/pkg/webhooks/utils.go b/pkg/webhooks/utils.go
index d0e8b720ab..e973437297 100644
--- a/pkg/webhooks/utils.go
+++ b/pkg/webhooks/utils.go
@@ -99,7 +99,7 @@ func processResourceWithPatches(patch []byte, resource []byte) []byte {
 	return resource
 }
 
-func containRBACinfo(policies []*kyverno.ClusterPolicy) bool {
+func containRBACinfo(policies []kyverno.ClusterPolicy) bool {
 	for _, policy := range policies {
 		for _, rule := range policy.Spec.Rules {
 			if len(rule.MatchResources.Roles) > 0 || len(rule.MatchResources.ClusterRoles) > 0 {
diff --git a/pkg/webhooks/validation.go b/pkg/webhooks/validation.go
index 4f216e6391..f5a3e1498b 100644
--- a/pkg/webhooks/validation.go
+++ b/pkg/webhooks/validation.go
@@ -4,6 +4,7 @@ import (
 	"time"
 
 	"github.com/golang/glog"
+	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
 	engine "github.com/nirmata/kyverno/pkg/engine"
 	policyctr "github.com/nirmata/kyverno/pkg/policy"
 	"github.com/nirmata/kyverno/pkg/utils"
@@ -14,7 +15,7 @@ import (
 // handleValidation handles validating webhook admission request
 // If there are no errors in validating rule we apply generation rules
 // patchedResource is the (resource + patches) after applying mutation rules
-func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest, patchedResource []byte, roles, clusterRoles []string) (bool, string) {
+func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest, policies []kyverno.ClusterPolicy, patchedResource []byte, roles, clusterRoles []string) (bool, string) {
 	glog.V(4).Infof("Receive request in validating webhook: Kind=%s, Namespace=%s Name=%s UID=%s patchOperation=%s",
 		request.Kind.Kind, request.Namespace, request.Name, request.UID, request.Operation)
 
@@ -71,16 +72,6 @@ func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest, pat
 	// resource namespace is empty for the first CREATE operation
 	resource.SetNamespace(request.Namespace)
 
-	// lookup policies based on operation,kind, namespace
-	policies, err := ws.pMetaStore.LookUp(resource.GetKind(), resource.GetNamespace())
-	if err != nil {
-		//TODO check if the CRD is created ?
-		// Unable to connect to policy Lister to access policies
-		glog.Error("Unable to connect to policy controller to access policies. Validation Rules are NOT being applied")
-		glog.Warning(err)
-		return true, ""
-	}
-
 	policyContext := engine.PolicyContext{
 		Resource: *resource,
 		AdmissionInfo: engine.RequestInfo{