VFS Global
VFS Global, also known as "Visa Facilitation Services Global," is an outsourcing and technology services company that serves governments and diplomatic missions worldwide. The company manages visa and passport issuance-related administrative and non-discretionary tasks for its client governments.
The company began as a "side project" at a luxury Swiss travel group Kuoni in 2001 by chief executive Zubin Karkaria.
Formerly based in India, the company is now headquartered in Dubai with offices in 147 countries. In 2018, VFS processed more than 25 million visa applications, often containing passport details and financial histories, on behalf of the British Home Office and 61 other governments.
The outsourcing company is owned by a private equity fund and, as VF Worldwide Holdings, is incorporated in the African tax haven of Mauritius. Investors in the outsourcing company include the Chinese and Abu Dhabi investment authorities, the Ohio Police and Fire Pension Fund, and yogurt billionaire Theo Müller. It has been criticized for allegedly exploitative practices and for its lack of transparency.
VFS Global has been "accused of pressuring visa applicants" into purchasing premium services which "they often don't need and can't afford." In 2019, the British Home Office was "deluged" by complaints from customers applying for visas using VFS Global, many of whom accused the company "of exploiting vulnerable applicants for profit." Applicants — "the majority of whom are from lower-income countries" — have asserted they have "missed flights and were wrongly denied visas due to delays and administrative errors, including apparent failure to scan vital documents."
History
Origins and revenue model
VFS Global was established in Mumbai, India, in 2001. In a Forbes magazine interview, CEO Zubin Karkaria claimed he founded VFS after he had "persuaded the US government to pilot a scheme for Indian visa applicants to the US at its Mumbai embassy." Both the shareholding and governing structure of VFS Global is not made public by Kuoni or VF Worldwide Holdings, an offshore corporation formed to own VFS Global and "incorporated in the African tax haven of Mauritius." By 2005, VFS Global had acquired lucrative contracts with eleven governments including the United Kingdom, Australia, and Canada. The outsourcing company obtains its revenues from service fees paid directly by visa applicants, in addition to the visa fees which are remitted to the diplomatic mission.By 2007, the company had obtained its first global account from UK Visas and Immigration for operations across 33 countries. Within one year of gaining its account with the UK government, the company's image was tarnished by a data breach which exposed the sensitive information of UK visa applicants. Despite this breach, the outsourcing company obtained a major contract with the United Kingdom in 2014 "to administer around 70% of the UK's visa applications." Critics later alleged "this contract was a crucial step-change in how visa applicants could be squeezed for more money."
Expansion and growth
In August 2017, the outsourcing company acquired the UK-based visa service provider TT Services for an undisclosed amount. At the time of the acquisition, TTS operated 51 visa application centres in over 35 countries with 216 employees. Later that year, in November 2017, VFS Global expanded its visa services in Cyprus with new centres launched in the additional cities of Thiruvananthapuram, Goa, Gurugram, and Jaipur. These expansion increased the amount of visa centres where applicants were offered additional services, such as SMS updates, courier services, and online tracking services.In June 2018, Kuoni Group, also known as Kuoni Travel Holding, after selling all the travel agency businesses and licensed the brand "Kuoni Travel" to the new owners of the former subsidiaries, had merged with VFS Global, its major business at that time. In January 2019, The parent company of VFS Global, EQT Partners, had declared to sell VFS.
In August 2019, a financial investigation by the British newspaper The Independent revealed that VFS Global had experienced exponential growth in recent years and its shareholders had "extracted about £567m via 'distribution to owner' payments and writing off intercompany loans in the past two years." The newspaper attributed this growth to the outsourcing company's "exploitative" business practices.
Services and partnerships
The outsourcing company has pursued partnerships with foreign tourist boards and airlines in an attempt to increase its revenues. In 2013, VFS Global partnered with the Italian State Tourist Board to open a Mumbai office in order to promote Italy as a tourism destination for Indian nationals. In February 2015, VFS Global likewise partnered with the Macau Tourism Office in order to promote Macau as a popular tourist destination.In 2017, the outsourcing company partnered with Atout France, the France Tourism Development Agency, in order to promote France as a tourist destination for foreign travelers.
Controversies
2005-2007 Data breaches
Initial breach and inaction
Between 2005 and 2007, a critical security flaw in the VFS Global application website for the British Foreign & Commonwealth Office resulted in many visa applications from India, Nigeria and Russia being publicly accessible. Sensitive data stored in VFS's online service could be accessed by simply "making changes" to the VFS website's URL address. By doing so, any viewer could access the company's "database of visa applicants, which stored passport numbers, names, addresses, and travel details." The security flaw had been known since December 2005, but the issue was addressed only in May 2007 following media reports. The security breach had been first reported in December 2005 by an Indian national, Sanjib Mitra, after which no effective remedial action was taken by VFS. The same applicant went public in May 2007 after he noticed that his earlier warnings were ignored.UK Government investigation
Following this data breach and media outcry, the UK Secretary of State for Foreign and Commonwealth Affairs appointed an independent investigator to uncover the reasons for the breach of security in the VFS online visa application website. The subsequent report, released in July 2007, highlighted "organisational failures" by VFS. VFS had purportedly underestimated what was necessary in order to protect personal data to the levels expected by the UK Data Protections Act. The report also recommended that the VFS online visa applications not be resumed for applications from India.In November 2007, the UK Information Commissioner's Office announced that it had found the Foreign Office's contractual relationship with VFS Global to be in breach of its obligations under the Data Protection Act 1998. The Information Commissioner's Office required the Foreign Office to sign a statement that it would comply with the Data Protection Act and would not reopen the VFS UK visa online facility. As a result of this ruling, the Foreign Office reviewed its relationship with VFS and briefly sought to significantly reduce its outsourced work, especially in the area of IT. After the report was issued, VFS spent "$2 million on online security in the next year," and introduced various measures to ensure safe and secure business environment. One of them was to make all its centres ISO compliant.
Following this incident, several governments were critical of VFS Global's abilities and raised concerns over its lackluster security protocols. "There's the accountability issue, the privacy issue and why are we outsourcing to a for-profit entity something that belongs in the security mandate?" asked Victor Wong, executive director of the Chinese Canadian National Council. Likewise, Liam Clifford, an immigration expert working for Global Visas, raised security concerns associated with VFS Global's operations: "Once you put this work in the hands of private companies overseas, you no longer have the same protection."
2015 Data breaches
VFS Global's online security again came under scrutiny in July 2015 when its online visa forms for Italy allowed any user to access the personal information of other applicants — including their date of birth, passport details and addresses — if they input the ID number of another person when logging into the system.Following the discovery of 2015 security issues, the outsourcing company stated in 2016 that they had instituted new security protocols. VFS Global claims to annually renew its ISO 27001 audit and certification.
2014-2019 Monopoly allegations
VFS Global has been alleged to be a monopolistic enterprise operating in the visa outsourcing sector. Its alleged monopoly has led to issues related to prohibitive visa application prices and also sparked concerns in the areas of centralised document handling and content security, though VFS claims a streamlined application submission process in all its centres. For example, VFS staff at its collection offices in Southeast Asia were accused of abusing its dominant market status by creating their own extemporaneous rules for visa applicants. This included entry criteria to the VFS centres and also level of assistance offered to applicants.Three years later, in June 2014, the outsourcing company was investigated by the South African Competition Commission regarding allegations of market dominance by VFS Global in the visa support services market to foreign embassies. The Commission's spokesperson Themba Mathebula stated that the commission's screening unit had completed its preliminary investigation and submitted its report, recommending further formal investigations into the outsourcing company.
In a statement to European Union parliament in July 2018, VFS Global denied that their outsourcing company is operating as a monopoly, though its prepared statement did not cite any outsourcing companies with whom they are in competition for winning contracts.