deployIfNotExists Policy with Resourgroup Dependency

Hi, 

I have been trying to create a DeployIfNotExist policy that automatically creates a storage account per resource group that has been created. The policy is working when applying remediation tasks, but for new resource groups I have been running into the error: 

A function or parameter in policy assignment 'Id' associated with the policy definition 'Id' could not be validated. Please either fix the policy or remove the policy assignment to unblock. If using template functions, try following the tips in: https://aka.ms/policy-avoiding-template-failures. The inner exception 'Unable to evaluate the template language function 'substring'. The index parameter cannot be larger than the length of the string. The index parameter: '8', the length of the string parameter: '0'. Please see https://aka.ms/arm-template-expressions/#substring for usage details.'.

It seems the Policy has issues with resolving the resource group name property under then.details.existencecondition, as the resource group is not existing at that moment in time. 

{"if": {"field": "type","equals": "Microsoft.Resources/subscriptions/resourceGroups"
    },"then": {"effect": "deployIfNotExists","details": {"type": "Microsoft.Storage/storageAccounts","roleDefinitionIds": ["/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
        ],"existenceCondition": {"field" : "name","equals": "[concat('sta',if(equals(resourceGroup().location, 'northeurope'), 'ne', if(equals(resourceGroup().location, 'westeurope'), 'we','we')),toLower(substring(resourceGroup().name,8,3)),toLower(substring(resourceGroup().name,11,3)),toLower(substring(resourceGroup().name,14,3)))]"
        },"deployment": {"properties": {"mode": "incremental","template": {"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion": "1.0.0.0","parameters": {},"variables": {},"resources": [
                {"type": "Microsoft.Storage/storageAccounts","apiVersion": "2018-07-01","name": "[concat('sta',if(equals(resourceGroup().location, 'northeurope'), 'ne', if(equals(resourceGroup().location, 'westeurope'), 'we','we')), toLower(split(resourceGroup().name,'-')[1]), toLower(split(resourceGroup().name,'-')[2]),toLower(split(resourceGroup().name,'-')[3]))]","location": "westeurope","dependsOn": [],"sku": {"name": "Standard_LRS"
                  },"kind": "StorageV2","properties": {"accessTier": "Hot","supportsHttpsTrafficOnly": true
                  }
                }
              ],"outputs": {}
            }
          },"parameters": {}
        }
      }
    }
  }

Any idea how to resolve this? 

I know there are Azure Blueprints to achieve the same, but this feature is not yet considered as the creation of resources is a bit difference. 

Any ideas more than welcome. 

Kind regards, 
Cédric.