If you're unable to verify, you shouldn't take money to issue a certificate saying that you've verified. Doing so is fraud, since the whole _point_ of the CA system is to be a trusted third party that verifies.
So if you can't recognise papers from some obscure country, you shouldn't be issuing certs for businesses in that country, and some more local CA should be getting that business, or a CA which has researched how to recognise "legitimate" papers for that country.
There's no right to be able to take money from anyone in any country.
Also, British CAs shouldn't be able to issue certs for Argentinian banks and Argentinian CAs shouldn't be able to issue certs for British banks. But ~nobody uses nameConstraints in certs, and no client software has a framework for imposing nameConstraints not found within the cert itself. The X.509 PKI as used right now is not designed to prevent internal fraud within and by the CAs.
Nor is TLS designed to support being able to revoke CA certs, since that would threaten profits from the big providers who pay the salaries of the attendees of the relevant standards bodies. (Yes yes, IETF attendees are in a personal capacity. Always. Uh-huh.) Otherwise, there would be a TLS extension for the server to declare "I have a certs from N CAs, here are those hashes, you can ask for any of those instead" and be able to fail over across CAs; at that point, bad actors could have their CA certs revoked more readily and there would be market forces acting to push CAs to actually verify identities. (And yes, I know there's a whole bunch of specialist nomenclature for identity verification not being strictly part of CA, but for our purposes, that's all part of the CA umbrella).
Instead, the only relevant proposed TLS extension involves the client declaring in the handshake all the CAs it supports, which is (a) a fingerprint technique for client tracking; and (b) massive bloat in the startup, since most clients support hundreds of CAs, and you should only need to know about the 3-5 CAs which the server has certs from.
There is little about the CA business that comes across, to me, as ethical, because the protocols are designed to support market forces that pressure them to not be ethical and to pressure towards a monopoly (get your certs from the CAs accepted by everyone, instead of 3-5 CAs who between them cover everyone, and be resilient to CA revocation by your site visitors).