Can the operational risk ‘umbrella function’ provide more value to financial services?