Checking legitimacy of lending company registration with SEC Philippines

Checking Legitimacy of a Lending Company’s SEC Registration (Philippines)

A practitioner’s guide for borrowers, compliance officers, and counsel

1) Why this matters

In the Philippines, lending to the public is a regulated activity. A firm that extends loans as a business must be a corporation and must secure two separate permissions from the Securities and Exchange Commission (SEC):

  1. a Certificate of Incorporation (corporate existence), and
  2. a Certificate of Authority (CA) to Operate as a Lending Company (industry license).

Operating without the second—even if incorporated—is illegal and exposes owners and officers to criminal liability, cease-and-desist orders, and app takedowns/closure. This article explains how to verify legitimacy, what documents to demand, which red flags to watch, and what to do if you encounter a suspicious “lender,” including online lending platforms (OLPs).

2) Core legal framework (what you’re checking against)

  • Lending Company Regulation Act (LCRA) — requires corporations that “make loans as a business” to obtain an SEC Certificate of Authority; sets qualifications, disclosures, and penalties.
  • Financing Company Act — separate regime for financing companies (often with larger capitalization and different business models).
  • Truth in Lending Act — mandates clear disclosure of finance charges and effective interest rate before contract signing.
  • Civil Code / Consumer protection doctrines — govern unconscionable stipulations and remedies.
  • SEC memoranda on online lending — require OLPs to be operated only by SEC-licensed lending/financing companies and to comply with disclosure, complaints handling, and app conduct.
  • Data Privacy Act & SEC debt-collection rules — outlaw abusive collection, doxxing, unauthorized contact scraping, and harassment.

Practical rule: Individuals and sole proprietorships cannot lawfully run a “lending company.” If a “lender” shows a DTI Business Name instead of SEC corporate papers and a CA, treat it as a major red flag.

3) The two-layer license test

To be legitimate, a lending company must satisfy both layers:

  1. Corporate existence — SEC Certificate of Incorporation, showing the exact corporate name and primary purpose (lending).

  2. Industry license — SEC Certificate of Authority to Operate as a Lending Company (the document literally says “Certificate of Authority”), displaying:

    • Corporate name (must exactly match the incorporation certificate),
    • SEC Registration Number and CA Number,
    • Date of issuance,
    • Principal office address,
    • Signature/seal of SEC.

Without the CA, they cannot legally lend to the public. A “secondary license” like this is what converts a company from “just incorporated” to authorized to lend.

4) Step-by-step: How to check legitimacy

A. Ask for and scrutinize documents (do this before sharing your ID or signing anything)

  • Photocopies or clear scans of:

    • Certificate of Incorporation;
    • Certificate of Authority to Operate as a Lending Company;
    • Articles of Incorporation (purpose clause should include lending);
    • Mayor’s/Business Permit and BIR Registration (not a substitute for the CA, but a consistency check);
    • If dealing with branch staff or field agents: Board Resolution/Secretary’s Certificate authorizing the specific branch or agent to transact.

What to check on the face of the CA:

  • Exact corporate name vs. trade name on signage/app;
  • Principal office vs. actual location;
  • Validity (look for revocation/ suspension annotations);
  • Signs of tampering (mismatched fonts, misspellings, wrong SEC logo, outdated officials).

B. Match names exactly

Scammers exploit look-alikes (e.g., “ABC Lending Company, Inc.” vs “ABC Lendings Corp”). The spelling, punctuation, “Inc.”/“Corp.” and even comma placements must align perfectly with the SEC certificates and the contract.

C. Confirm corporate identity trail

  • Receipt headers and ORs should bear the same corporate name and TIN.
  • Loan contract and privacy consent must name the licensed corporation, not a separate “marketing” entity.
  • App/website Terms of Service must identify the licensed corporate owner, its address, and complaints channel.

D. Validate the activity fits the license

  • A licensed financing company is not automatically a licensed lending company (and vice versa). The public-facing activity must align with the specific authority granted.

E. Online lending platforms (OLPs)

If you’re borrowing via an app or site:

  • The OLP must be owned/operated by a licensed lending/financing company or be explicitly registered/authorized under that company.
  • The app should display corporate name, SEC Reg. No., CA No., principal office, effective interest rate (EIR), and complaints process.
  • Pop-ups demanding access to contacts, photos, or location that are not necessary to deliver the loan are a privacy red flag.

5) Required disclosures and compliant documents

Before you sign or receive funds, you should receive:

  • A Disclosure Statement (Truth in Lending), showing:

    • Principal, nominal rate, effective interest rate (EIR),
    • All fees/charges (processing, service, late fees, penalties),
    • Amortization schedule, dates due, total finance charge.

  • A Loan Agreement with:

    • Corporate name and CA No.,
    • Repayment terms, prepayment rights, penalties, default and acceleration clauses,
    • Collection policy consistent with SEC guidance (no harassment/doxxing).

  • Privacy Notice and Consent:

    • Specific data collected, purposes, retention, sharing, and your data subject rights,
    • No blanket access to contact lists for “collection” unless strictly necessary and proportionate.

If any of these are missing or vague, do not proceed.

6) Common red flags

  • No SEC Certificate of Authority is shown (“We’re in process” / “We’re using a partner’s license”).
  • DTI registration only or individual lender (“lending investor”)—not allowed.
  • Corporate name used in receipts/contracts does not match any document presented.
  • Activation fees or “insurance” paid before any contract is provided.
  • Retention of original IDs, ATM cards, passbooks, or coercion to install spyware apps.
  • Excessive permissions (contacts/gallery/microphone) unrelated to underwriting.
  • Harassment or threats to message family/employer; posting/sharing of borrower photos.
  • Impossible rates and disguised charges; no EIR disclosed.
  • Collections by anonymous agents with untraceable numbers or payment channels under personal e-wallets.

7) Special issues for branch networks and agents

  • Each branch of a lending company should transact in the company’s name.
  • Agents/collectors must carry company IDs and be able to show a written authority.
  • For field collections, verify that official receipts bear the company’s name and TIN; avoid paying to personal accounts.

8) If the lender is actually a bank, pawnshop, or cooperative

  • Banks and quasi-banks are licensed by BSP, not by an SEC CA for lending.
  • Pawnshops are BSP-supervised for pawnbroking; if they also lend to the public beyond pawn loans, they need the proper authority.
  • Cooperatives lend to members under CDA rules; lending to the general public requires the appropriate license.
  • Microfinance NGOs operate under their own statute; public-facing consumer lending outside that scope requires a CA.

When in doubt, ask which regulator and license covers the loan you’re being offered.

9) Collection conduct: what’s prohibited

  • Harassment: threats, profanities, shaming, or contacting a borrower’s contacts/employer to coerce payment are barred.
  • Public disclosure of debt or posting borrower photos is unlawful.
  • Robocalls/spam beyond reasonable frequency are abusive.
  • Contact scraping from your phone without valid, specific consent violates data privacy principles.
  • False representations (posing as law enforcement, court officials) are illegal.

Keep screenshots/recordings; these become evidence for complaints.

10) Remedies if you suspect an illegal or abusive lender

  1. Stop and document: Copies of all IDs you shared, screenshots of chats/app screens, receipts, and the loan file (if any).

  2. Demand the CA: Ask, in writing, for the SEC Certificate of Authority and corporate details.

  3. Dispute unlawful charges: Invoke the Truth in Lending disclosure rules and unconscionability doctrines.

  4. File complaints (choose all that apply):

    • SEC (unauthorized lending, abusive collection, fake/forged licenses, OLP misconduct);
    • National Privacy Commission (contact scraping, doxxing, unlawful processing);
    • Law enforcement (grave threats, extortion, cyber harassment).

  5. Cease-and-desist expectations: SEC can order app takedowns, branch closures, and pursue criminal cases.

  6. Civil options: For harassment and privacy violations, consider damages; for illegal charges, seek nullity/unconscionability rulings and restitution.

11) Borrower due-diligence checklist (printable)

Verify the company

  • SEC Certificate of Incorporation (name matches).
  • SEC Certificate of Authority to Operate as a Lending Company (not just incorporation).
  • Address and branch details match permits and documents.
  • Receipts/contracts bear same corporate name and TIN.

Verify the offer

  • Disclosure Statement with EIR and all fees.
  • Loan Agreement names the licensed corporation and states collection policy.
  • Privacy Notice with specific, proportional data use; no unnecessary access.
  • Payment channels in the company’s name, not personal wallets.

Spot red flags

  • “We’ll show the CA after you pay the activation fee.”
  • “Use our app; it needs your contacts to proceed.”
  • “DTI-registered borrower’s choice lending”—but no SEC CA.
  • Threats to call family/employer if you inquire or delay.

12) Compliance officer’s quick audit (for internal checks)

  • Licensing: CA on file, current; scope matches product.
  • Governance: Board resolutions authorizing branches, designated Data Protection Officer.
  • Disclosures: Standard form Disclosure Statement and EIR calculator tested for accuracy.
  • Collections: Written policy aligned with SEC debt-collection rules; agent scripts vetted.
  • OLP hygiene: App permissions trimmed to necessity; privacy impact assessment done; incident response plan for data breaches.
  • Complaints handling: Dedicated hotline/email, logged and tracked to closure; regulator reporting pipeline.

13) Frequently asked questions

Q: Is an SEC registration number on a calling card enough? A: No. That shows incorporation only. You need to see the Certificate of Authority.

Q: The company says it’s “partnered with” a licensed lender. Is that okay? A: Only if the licensed corporation is the actual contracting party and the app/agent is clearly and lawfully acting for that entity. Otherwise treat as non-compliant.

Q: May they keep my ID or ATM as “security”? A: No. Withholding government IDs or banking instruments is improper and can be unlawful.

Q: They texted my contacts about my debt. What can I do? A: Preserve evidence and complain to SEC and the privacy regulator; this behavior is prohibited.

Q: Are sky-high rates illegal per se? A: Interest ceilings were deregulated decades ago, but truthful disclosure, no hidden charges, and no unconscionable or abusive practices are still mandatory. Courts can strike down unconscionable terms.

14) Bottom line

  • A legitimate lender has both an SEC corporate registration and an SEC Certificate of Authority to Operate as a Lending Company—and can show them on demand.
  • Exact name matching across certificates, contracts, receipts, and apps is critical.
  • No CA = No lending.
  • For OLPs, the app must be tied to a licensed company and must comply with disclosure, privacy, and collection rules.
  • When in doubt, walk away, keep your documents, and report suspicious actors.

This article provides general information on Philippine law and regulatory practice for lending companies. Specific situations vary; consult counsel or a qualified compliance professional for case-specific advice.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login