Complaint Against Unlicensed Online Loan Apps Philippines

Complaint Against Unlicensed Online Loan Apps in the Philippines (Everything You Need to Know)

This guide explains how to spot unlicensed online loan apps (“OLAs”), what laws apply, which government offices handle complaints, what evidence to gather, and how to escalate—step-by-step. It’s general information, not legal advice.

What counts as an “unlicensed online loan app”?

  • No company authority to lend. In the Philippines, only financing companies and lending companies with a Certificate of Authority from the Securities and Exchange Commission (SEC) may offer loans to the public. If the operator behind the app lacks this authority, it’s unlicensed—even if the app exists on a popular app store.
  • No authorization to offer loans online. Even licensed lenders must follow SEC rules specific to online lending platforms (OLPs). Apps/sites that operate without the required SEC notifications/registrations for their OLPs are treated as illegal operations.
  • Misrepresentation. Apps that claim to be banks, e-money issuers, or microfinance organizations when they’re not, or that impersonate licensed firms, are considered unlawful.

The legal framework (Philippine context)

  • Lending Company Regulation Act & related SEC rules. Lending/financing companies must (1) be registered with the SEC, and (2) hold a Certificate of Authority to operate. The SEC also issues memorandum circulars governing OLPs and prohibiting unfair debt collection practices (e.g., doxxing, harassment, contacting people in your phone book, threats, or shaming).
  • Financial Consumer Protection Act (FCPA) of 2022. Strengthens the powers of financial regulators (SEC, BSP, Insurance Commission, Cooperative Development Authority) to protect consumers, require restitution, and penalize market-misconduct.
  • Data Privacy Act of 2012 (DPA). The National Privacy Commission (NPC) enforces rules on lawful, transparent, and proportional personal-data processing. Scraping phone contacts, posting photos, or “debt shaming” typically violates the DPA and may trigger administrative and criminal penalties.
  • Truth in Lending Act. Requires clear disclosure of finance charges and effective interest rates. Hidden or misleading fees can be unlawful.
  • Revised Penal Code & Cybercrime Prevention Act. Harassment, extortion, grave threats, coercion, and libel (including cyber-libel) can be criminal offenses when committed by collectors through calls, texts, chats, or social posts.
  • Rules on Electronic Evidence. Screenshots, screen recordings, chat logs, and metadata can be admissible if properly authenticated.

Who regulates what?

  • SEC – Non-bank lenders (lending/financing companies) and their online platforms; illegal lending; unfair collection practices.
  • BSP (Bangko Sentral ng Pilipinas) – Banks, quasi-banks, and certain payment/e-money issuers. If the lender is a bank or EMI, route your complaint here.
  • NPC (National Privacy Commission) – Data privacy breaches and harassment arising from misuse of your personal data (e.g., contact-list scraping, public shaming).
  • DOJ/NBI/PNP Anti-Cybercrime – Criminal acts such as extortion, grave threats, or cyber-libel.
  • CIC (Credit Information Corporation) – The national credit registry. Only accredited, participating institutions can report to CIC; threats of “blacklisting” by unlicensed apps are usually empty.
  • DTI/NTC/Telcos/App stores – Consumer advertising issues, spam/SMS complaints, number blocking, and app-store reporting channels.

Common red flags and unlawful practices

  • No company details (name, SEC registration/C.A. number, office address, landline) on the app/site.
  • Forced permissions (contacts, photos, camera, location) unrelated to providing the loan.
  • Debt-shaming (contacting friends/family/employer; posting edited photos; group chats blasting your identity).
  • Threats (arrest/“NBI blotter” for mere non-payment, workplace shaming, spurious criminal charges).
  • Hidden charges (unclear interest/fees, forced “service charges,” short tenors with ballooned APRs).
  • Impersonation (posing as a bank or a known lender).

Evidence to collect (before you complain)

  1. Identity of the app/lender

    • App name, store link, developer info, website URLs, social pages, customer-service numbers.

  2. Your transaction trail

    • Application screens, loan approval notice, disclosure pages, e-contracts, disbursement and repayment proofs (receipts, e-wallet/bank screenshots).

  3. Harassment record

    • Screenshots/recordings of calls, texts, chats, social posts; caller IDs; dates/times; names used by collectors.
    • If your contacts were messaged, ask them for forwarded messages/screens and note if the app used your photos.

  4. Data-privacy angle

    • Which permissions the app demanded; copies of consent screens and privacy policy; evidence that contacts were scraped or data was misused.

  5. Your damages

    • Emotional distress, reputational harm (HR memos, client complaints), financial loss (illegal fees, lost wages, medical consults).

Preserve original files (not just cropped images). Keep a clean folder with dates, and export device logs where possible.

Where and how to file complaints

A. Securities and Exchange Commission (SEC)

When: Unlicensed/illegal lending, unregistered OLPs, or unfair debt collection by a lending/financing company.

What to submit:

  • Complaint-Affidavit (narrate facts chronologically; identify the app and the people behind it if known).
  • Evidence bundle (see “Evidence” list).
  • Government ID and your contact details.
  • Relief sought (e.g., cease-and-desist order, administrative fines, referral for criminal prosecution, restitution of illegal fees).

What the SEC can do: Issue advisories and cease-and-desist orders, revoke/deny licenses, impose administrative sanctions, and refer criminal cases for prosecution.

B. National Privacy Commission (NPC)

When: The app scraped your contacts or misused personal data, or collectors debt-shamed you or your contacts.

What to submit:

  • Complaint or Data Subject Rights (DSR) report: explain the privacy violations (unlawful processing, unauthorized disclosure, etc.).
  • Evidence of data misuse (messages to your contacts, screenshots, links).
  • Proof that you tried to exercise your DSRs (e.g., a demand to delete/stop processing), or explain urgency/impossibility if you couldn’t do so safely.

What the NPC can do: Order cease-and-desist, direct deletion/return of personal data, mandate corrective measures, and impose penalties under the DPA.

C. BSP Consumer Assistance

When: The lender is a bank or licensed e-money issuer/payment firm (check its regulatory status). Submit a complaint with supporting documents; ask for chargeback/reversal if applicable.

D. Criminal complaints (DOJ, NBI, PNP-Anti-Cybercrime)

When: You suffered grave threats, coercion, extortion, or (cyber-)libel. Prepare a Complaint-Affidavit with annexes; name the respondents if identifiable (collectors often show names/handles/phones). Law enforcement may subpoena platform records to unmask operators.

E. App stores, telcos, platforms, and your employer

  • App stores & platforms: Report the app/account for illegal lending or harassment with your evidence bundle.
  • Telcos: Request number blocking/spam reporting; keep reference numbers.
  • Employer/School: If they were contacted, give HR/administration a short memo (see template below) so they treat it as harassment, not a verified legal claim.

Practical playbook (step-by-step)

  1. Safety first. Do not meet collectors. Do not send additional IDs/selfies to unknown emails or chats.
  2. Freeze the scene. Take full-screen screenshots and screen recordings; save call logs; export chats (with timestamps).
  3. Minimize data exposure. Revoke app permissions (contacts, photos, camera). If practical, uninstall—but finish evidence capture first.
  4. Stop the shaming spiral. Inform close contacts that an illegal app might message them; ask them to ignore, block, and forward any harassment for your records.
  5. Send a short, firm notice to the app/operator (if you have an official address), revoking consent to process your data and demanding they stop harassing you/your contacts. Avoid argumentative back-and-forth.
  6. File with SEC and NPC (parallel filings are fine). Attach the same evidence pack with a clear table of contents.
  7. Consider criminal escalation (extortion/threats/cyber-libel) with NBI/PNP if abuse continues.
  8. On repayment: Paying principal is distinct from tolerating illegal practices. The enforceability of loans from unlicensed lenders is fact-specific; get legal advice before you decide to stop paying. Never hand over more personal data as a condition for “restructuring.”
  9. Seek support. Document stress/medical consultations; this can support damages later.

Frequently asked questions

  • Can they have me arrested for non-payment? Debt non-payment by itself is generally a civil matter, not a crime. Threats of arrest or “NBI blotter” for mere non-payment are abusive. Separate criminal liability can exist if there was fraud when the loan was obtained (that’s different).
  • Is my loan void if the lender is unlicensed? Not automatically. The operator may be penalized, and abusive terms/fees can be struck down, but the status of the debt is a nuanced, case-by-case question. Get tailored legal advice.
  • Can they message my boss or family? Harassing third parties and debt shaming are prohibited under SEC rules and can also violate the DPA. That conduct is actionable.
  • Will they ruin my credit record? Only regulated, CIC-participating institutions can submit to the national credit registry. Unlicensed apps typically cannot.
  • Should I delete the app? Yes—after capturing evidence. Revoke permissions first, then uninstall.

How to structure your complaint-affidavit (SEC or law enforcement)

  1. Title: Complaint-Affidavit for Illegal Lending/Unfair Collection Practices
  2. Parties: Your full name, address, ID details; Respondent app/operator (as identified).
  3. Jurisdiction & capacity: State why the SEC (or prosecutor) has jurisdiction.
  4. Material facts: Chronological narrative with dates/times; attach and label exhibits (Annex “A,” “B,” …).
  5. Violations: Cite illegal lending (no Certificate of Authority), unregistered OLP, and unfair collection practices (harassment, shaming, threats).
  6. Reliefs prayed for: CDO, sanctions, referral for prosecution, restitution of illegal fees, deletion of your data, and any other just relief.
  7. Verification & notarization: Sign, date, and have it notarized as required.

How to structure your NPC privacy complaint

  1. Title: Complaint for Unlawful Processing and Unauthorized Disclosure of Personal Data
  2. Respondent: App/operator and any known collectors or third-party agencies.
  3. Facts: App permissions taken, privacy policy (or lack thereof), contact-list scraping, messages to third parties, screenshots.
  4. Legal basis: Violations of transparency/legitimate purpose/proportionality, unauthorized processing and disclosure, failure to implement security measures, failure to honor DSRs.
  5. Relief sought: Cease-and-desist; deletion/return of your data; prohibition on further processing; identification of data sources/recipients; penalties; and coordination with the SEC/law enforcement.

Templates (you can copy-paste and fill in)

A. Short Notice to the App (Cease & Desist / Privacy Rights Exercise)

Subject: Cease and Desist from Unlawful Collection and Data Processing

I am [Name], applicant/borrower on your app “[App Name]” used on [Date]. You and/or your agents have contacted my employer/family and accessed my contacts, which is unlawful.

I hereby withdraw any consent and demand that you:
1) Cease all harassing communications to me and third parties; 
2) Delete my contact-list and any personal data not necessary for lawful processing;
3) Provide the name of your company, SEC Registration No., and Certificate of Authority No.; and
4) Provide your data protection officer’s details and your lawful basis for processing.

If the harassment continues, I will proceed with complaints before the SEC, NPC, and law enforcement.

B. Employer/School Advisory (to neutralize debt-shaming)

Subject: Advisory on Unlawful Harassment by Online Loan App

This is to inform you that I am being harassed by an unlicensed online loan app and its agents, who may contact the company/school using threats or defamatory messages. These are not official legal notices. 
Please direct any such communications to me and preserve them for evidence.

C. Evidence Index (attach to any complaint)

Annex A – Screenshots of app listing (name, developer, links)
Annex B – Loan transaction screens and e-contract
Annex C – Disbursement and repayment proofs
Annex D – Chat/call logs with timestamps
Annex E – Messages to contacts/employer (with headers/URLs)
Annex F – App permission prompts / privacy policy
Annex G – My ID and contact details (redacted as needed)

Practical do’s & don’ts

  • Do keep communications short and factual; avoid angry replies to collectors.
  • Do redact sensitive info (others’ IDs, minors) on public filings—but keep unredacted originals for the authorities.
  • Don’t pay extra “processing” or “settlement” fees through personal accounts or remittance names you can’t verify.
  • Don’t sign new “restructuring” documents with mystery entities.
  • Don’t post your story publicly with full names/photo tags—you might expose yourself to counter-claims; let regulators/law enforcement handle it.

Possible outcomes

  • SEC action: App taken down; cease-and-desist; fines; license revocation/denial; referral for prosecution.
  • NPC action: Deletion of unlawfully processed data; orders to stop processing; penalties.
  • Criminal cases: Subpoenas, identification of handlers/operators, prosecution for threats/coercion/cyber-libel.
  • Civil redress: Recovery of illegal fees and damages (including moral/exemplary), subject to proof. Some claims may be eligible for small-claims court (check the latest monetary threshold).

Final notes & resources checklist

  • Prepare two clean digital folders: (1) Evidence; (2) Filings/receipts.
  • Keep reference numbers for every report (SEC/NPC/telco/app store).
  • Consider consulting a lawyer for strategy on repayment, civil claims, and any criminal escalation.
  • Verify the current SEC/NPC procedures and forms on their official sites before filing.

If you want, I can turn this into filled-out SEC and NPC complaint drafts using your details and evidence—just share the app name, what happened (dates/times), and the screenshots you’re comfortable with.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login