.......if third party recovery are not strictly defined and scrutinized, there are possibilities that people might just submit random wallets and I understand that they would need to prove ownership before recovery and trust me, there are several possible ways a person especially a potential scammer could claim ownership of a wallet and that why the team needs a legal backings for situations like this.
But regardless of all what I’ve said, the team needs to be careful while caring out their activities if they’re truly genuine.
You are making a point here the organisation needs to get a legal backing which I believe it would be a safe guard for them while rendering services so that they don't fall into trouble of being apprehended by security agency for what they have no knowledge of. But I believe they would have to let whoever is patronising their services to sign an undertaken that such wallet they are presenting to them belongs to them and if anything otherwise happens while in the process of recovering the keys, they the organisation wouldn't be held responsible but the person who brought the wallet to them claiming ownership would be made to face the law as the case may be and according to their agreement as signed by both parties. I think this is for both to understand.