> Why isn't it neutral or slightly positive?

Because KYC is evil in itself and if the linked article does not explain to you why is that then I certainly cannot.

> KYC provider would want to protect their reputation more than the average company

False. It is exactly the opposite. See, there are no repercussions for leaking customers data, while properly securing said data is expensive and creates operational friction. Thus, there are NO incentives to protect data while there ARE incentives to care as less as possible.

Bear in mind that KYC is a service that no one wants, anll customers are forced and everybody hates it: customers, users, companies.