Complaints Against Unregistered Lending Apps in the Philippines

A practitioner-oriented guide for consumers, counsel, and regulators

I. Why this matters

Mobile lending apps have made short-term credit accessible, but some operators run without the authority required by Philippine law. These “unregistered” apps often use opaque fees, invasive data harvesting, and abusive collection tactics. Borrowers and counsel need to know (1) how to spot an unregistered lending app, (2) which laws apply, and (3) what remedies—administrative, criminal, civil, and data-protection—are available.

II. What counts as an “unregistered lending app”?

An app (or website/chat channel) is unregistered when it offers or facilitates loans as a business to persons in the Philippines without the proper Certificate of Authority from the Securities and Exchange Commission (SEC) for lending or financing companies. Key points:

Who regulates?
- SEC: lending companies (Lending Company Regulation Act of 2007) and financing companies (Financing Company Act).
- Bangko Sentral ng Pilipinas (BSP): banks and certain non-bank financial institutions (NBQBs).
- National Privacy Commission (NPC): personal data processing.
- Department of Justice (DOJ), NBI, PNP-ACG: criminal enforcement.
- Local governments/NTC/DICT: limited roles (e.g., permits, communications, cyber support).
Telltale signs of being unregistered
- No SEC registration/Certificate of Authority disclosed in-app or on their website.
- No physical principal office address in the Philippines.
- Uses shell “service providers” to mask the lender, or claims to be merely a “platform” while directly disbursing/collecting loans.
- “Contact scraping” consent forced as a condition to borrow.
- Threats, public shaming, or contacting your employer/family for collection.

Practice tip: A legitimate lender in the Philippines publicly discloses its exact corporate name, SEC Company Registration Number and Certificate of Authority number, principal office address, contact details for complaints, and the interest/fees computation.

III. Legal framework

A. Corporate and licensing laws (SEC supervision)

Lending Company Regulation Act (LCRA) and Financing Company Act (FCA) require SEC authorization before engaging in lending/financing as a regular business.
Operating without a Certificate of Authority exposes promoters, officers, and responsible employees to SEC cease-and-desist orders (CDOs), administrative fines, potential criminal prosecution, and asset freezes.
Online Lending Platforms (OLPs): SEC issuances require OLPs to be controlled by or formally tied to a duly authorized lending/financing company; “marketplace” defenses usually fail if the platform sets credit terms or collects.

B. Consumer-protection standards

Unfair or abusive debt-collection practices are prohibited. SEC rules bar shaming, threats, profanity, obscene or humiliating content, contacting persons in your phonebook unrelated to the debt, or calls at unreasonable hours.
Disclosures: Clear, conspicuous disclosure of nominal/annualized interest, fees (service, processing, late), payment schedules, and total cost of credit. Hidden fees or “rebates” deducted upfront but still charged interest on the gross amount can be challenged.

C. Data-protection and cybersafety

Data Privacy Act (DPA): Personal data collection must be lawful, transparent, and proportional to the purpose. Harvesting your contact list, gallery, or geolocation without necessity and valid consent is unlawful.
Breach of confidentiality: Posting borrower photos or messages in group chats/social media to shame debtors can constitute unauthorized disclosure, actionable before the NPC and in civil courts.
Cybercrime Prevention Act: Threats, libel, unauthorized access, or computer-related identity theft/illegal processing may be prosecutable when done through ICT.

D. Criminal and civil liabilities

Criminal: Operating an unlicensed lending business; grave threats/coercion; computer-related offenses; violations of special laws (e.g., DPA).
Civil: Damages for torts (abuse of rights, privacy violations, intimidation), nullity of unconscionable stipulations, and restitution for illegal charges.
Debt validity: Even if the lender is unregistered, courts may still recognize the borrower’s core obligation to repay what was actually received, but will strike down usurious-like or unconscionable interest/penalties and abusive collection.

IV. How to assess your case (borrower or counsel)

Identify the entity
- Exact app name(s), developer name, website/domain, and in-app corporate details.
- Payment channels (bank accounts, e-wallet merchant names)—these often reveal the true operator.
Map the credit terms
- Loan amount disbursed vs. approved (watch for “net of fees” deductions).
- Stated interest vs. effective rate per 30 days and per annum.
- Penalties, rollover fees, extension charges.
Document conduct
- Screenshots/screen recordings of in-app disclosures, chats, call logs.
- Copies of texts/messages to contacts (with consent from those contacts).
- Proof of threats/shaming posts (URLs, timestamps).
- Payment proofs (receipts, transaction references).
Check registration
- Look for SEC Certificate of Authority details shown in the app. Absence or mismatch is a red flag.
- If the app claims “we are only a platform,” evaluate who approves, disburses, and collects.
Evaluate privacy practices
- Was access to contacts, photos, or location demanded before disbursement?
- Were third parties (employer, relatives) contacted without a lawful basis?

V. Where and how to complain (multi-track strategy)

Track 1: SEC (primary regulator for lending/financing companies)

Who should use this: Anyone dealing with a lending/financing app operating without a Certificate of Authority, or engaging in abusive collection even if licensed.
What to file: A sworn complaint detailing parties, facts, violations (unlicensed operation; unfair collection; failure to disclose), plus evidence (screenshots, contracts, receipts).
Relief sought:
- Cease-and-desist order, takedown of online channels/OLPs;
- Administrative fines and penalties;
- Criminal referral to DOJ/NBI/PNP where warranted.
Good practice: Name the natural persons (owners/officers) where identifiable; attach proof tying them to the merchant accounts or developer console registrations.

Track 2: National Privacy Commission (NPC)

Who should use this: Borrowers whose contacts/photos/location were harvested or disclosed without lawful basis; those subjected to doxxing/shaming.
What to file: A complaint with narrative, evidence of data processing, copies of privacy notices/consents (or their absence), and screenshots of disclosures to third parties.
Relief sought: Compliance orders, fines, suspension of processing, deletion/return of data, and referral for criminal prosecution under the DPA when appropriate.

Track 3: Criminal complaints (DOJ/NBI/PNP-ACG)

When: In cases of threats, extortion-like behavior, identity theft, illegal access, or syndicated operation.
What to prepare: Affidavit-complaint, device for forensic imaging if needed, message headers/metadata, and witness statements (e.g., relatives contacted).

Track 4: Civil actions

When: To recover damages for harassment or privacy invasion; to contest unconscionable interest/penalties; to enjoin shaming.
Interim relief: Temporary restraining order/preliminary injunction to stop ongoing harassment or defamatory postings.

Track 5: Platform and ecosystem levers

App stores: Report policy-violating apps (abusive collection, invasive permissions, misleading financial disclosures).
E-wallets/banks: File fraud/abuse reports for the merchant accounts receiving repayments.
Employers/schools: If contacted, provide them a letter explaining the illegality of third-party contact and requesting preservation of evidence.

VI. Anatomy of a strong complaint file

A. Parties and identification

Borrower: name, ID (redact sensitive portions for public filings).
Respondent(s): corporate names (and aliases), officers, developer entity, payment recipients.

B. Facts

Chronology from app installation, onboarding, consent screens, disbursement, to collection behavior.

C. Legal violations

Unlicensed operation under LCRA/FCA (lack of Certificate of Authority).
Unfair debt collection (harassment, shaming, contacting unrelated persons, threats).
DPA violations (unlawful processing; lack of transparency/proportionality; unauthorized disclosure).
Misrepresentation of interest/fees; unconscionable penalties (consumer-protection principles).

D. Evidence index

Screenshots with timestamps, filenames, and short descriptions.
Audio transcriptions (who, when, what was said).
Payment proofs and running balance computations (showing effective rates).
List of third parties contacted (with their short affidavits, if possible).

E. Relief sought

Administrative sanctions; app takedown/blocking; deletion of unlawfully processed data; cease-and-desist; restitution of illegal charges; damages; and criminal referral.

VII. Frequent borrower questions

“If the lender is unregistered, do I still owe the loan?” Generally, you remain liable for the amount actually received, but unconscionable interest/penalties and abusive practices can be voided/struck down. Regulatory penalties hit the lender; they don’t automatically cancel your principal.
“They’re threatening to message my contacts. Is that legal?” No. Mass-messaging your contacts to shame you is typically an unfair collection practice and a data-privacy violation, even if you tapped “Allow Contacts” under duress.
“They deducted fees upfront then charged interest on the gross.” This can be challenged. Compute the effective interest and present it with proof of net proceeds; regulators and courts focus on the true cost of credit.
“The app says it’s based overseas.” Philippine laws apply if the app targets Philippine borrowers or processes the data of Philippine residents. Regulators may coordinate for blocking and enforcement, and criminal acts with local effects can be prosecuted.

VIII. Evidence preservation checklist (quick)

Keep the device unchanged; make a screen recording of key flows.
Export SMS, chat threads, and call logs.
Save APK version or app version number and date/time of actions.
Download bank/e-wallet statements proving disbursement and repayments.
Ask contacted third parties for dated screenshots and brief statements.
Keep a timeline: dates of loan approval, release, due date, first threat, shaming posts, payments.

IX. Drafting templates

A. SEC complaint (outline)

Title: [Your Name] v. [App Name / Operator] — Unlicensed Lending and Unfair Collection Respondents: [Corporate name(s), officers] Facts: Chronology with exhibits (A-1 to A-n). Causes of Action: (1) Unlicensed lending; (2) Unfair collection; (3) Misrepresentation of cost of credit. Prayer: CDO/Takedown; administrative fines; referral for criminal prosecution; disclosure of beneficial owners; restitution of illegal charges.

B. NPC complaint (outline)

Complainant: [Your Name] Respondents: [App/Company] Allegations: Unlawful processing (excessive collection of contacts), unauthorized disclosure to third parties, lack of transparent privacy notice. Relief: Order to cease unlawful processing, delete data, notify third parties, impose fines; referral for criminal action.

C. Affidavit of harassment (collection abuse)

I. Personal Circumstances II. Statements of Fact (attach screenshots/recordings) III. Damages (emotional distress, reputational harm) IV. Relief (protective orders/injunction, damages)

X. Strategic considerations for counsel

Parallel filings work: SEC (licensing/abuse) + NPC (privacy) + criminal referral for threats.
Name natural persons where supported: liability can attach to officers and those who directly order abusive tactics.
Interest/penalty calibration: Present a simple effective-rate table; regulators respond to math.
Settlement posture: Push for (1) deletion of unlawfully collected data, (2) recall of third-party messages, (3) waiver/reduction of illegitimate charges, and (4) neutral credit reporting (if any).
Client counseling: Advise clients not to pay under threat if the threat is illegal; document, then pay only what is legally due under guidance.
Coordination with platforms: App store and payment-rail reports can choke abusive operators quickly.

XI. Preventive guidance for consumers

Before borrowing:
- Verify the lender’s SEC Certificate of Authority and exact corporate name.
- Read privacy permissions; deny access to contacts/photos—legitimate lenders don’t need them.
- Calculate effective interest and compare across apps.
If already borrowed:
- Pay what is legitimately due; dispute unlawful charges; document everything.
- Immediately revoke unnecessary permissions and change passwords if credentials were exposed.
- Inform relatives/employer that any collection contact to them is likely illegal and should be documented.

XII. Key takeaways

Unregistered = unlawful when lending as a business to Philippine borrowers without SEC authority.
Abusive collection and data-privacy violations are independently actionable—even against registered lenders.
Multi-track complaints (SEC, NPC, criminal, civil) yield the fastest relief.
Evidence is king: collect, index, and present a clean chronology and effective-rate math.
Borrowers usually still owe the principal, but unconscionable interest/penalties and harassment can be knocked out—and punished.

XIII. Appendix: Effective-rate worksheet (you can replicate in a spreadsheet)

Inputs: Approved amount; fees deducted upfront; amount actually received; tenor (days); scheduled interest/penalties.
Computation:
1. Net proceeds = approved amount − upfront fees.
2. Finance charge for period = total paid − net proceeds.
3. Periodic rate = finance charge ÷ net proceeds.
4. APR (approx.) = periodic rate × (365 ÷ days in period).
Use: Demonstrate the gap between advertised rate and true cost of credit.

This article summarizes Philippine legal principles on unregistered lending apps and borrower remedies. For a specific case, tailor filings to your facts and preserve evidence early.