A practical legal guide for borrowers, families, and employers (General information only; not a substitute for legal advice.)

1) Why this happens

Some lending apps (“OLAs”) and their third-party collectors pressure delinquent borrowers by:

Spamming calls/texts, even to relatives, co-workers, and employers
Threats, insults, and “public shaming” via group chats or social media
Disclosing debt details to contacts
Contact-scraping (harvesting your phonebook) and tracking via invasive app permissions

These tactics are unlawful when they cross consumer-protection and privacy lines—even if you truly owe money.

2) Who regulates what

Securities and Exchange Commission (SEC) – regulates lending and financing companies and their online lending platforms; sets rules on collection conduct and can suspend/revoke licenses and shut down abusive OLAs.
Bangko Sentral ng Pilipinas (BSP) – oversees banks, e-money issuers, and other BSP-supervised financial institutions; enforces financial consumer protection and fair collection by these entities.
National Privacy Commission (NPC) – enforces the Data Privacy Act (DPA) against doxxing, unlawful disclosure, and over-collection of personal data (including scraping your contacts).
Department of Justice (DOJ)/NBI Cybercrime Division and PNP-ACG – handle criminal complaints (threats, libel, cyber harassment).
Courts – civil actions for damages; criminal cases under the Revised Penal Code (RPC) and special laws.

3) Core legal protections

A. Financial Consumer Protection

The Financial Products and Services Consumer Protection Act (FCP Act) prohibits abusive, deceptive, and unfair collection practices by financial providers and their agents.
Regulators (SEC/BSP/IC) can order restitution, fines, cease-and-desist, and license actions. Internal complaint channels and regulator-level dispute resolution are mandated.

B. Lending/Financing Compliance (SEC)

SEC rules for lending/financing companies and OLAs generally ban:
- Profanity, insults, threats, and harassment
- Disclosing a borrower’s debt to contacts or employer
- Contacting people with no borrower consent or legitimate purpose
- Misrepresenting identity or falsely claiming legal cases/warrants
SEC can issue Show-Cause/CEASE & DESIST orders, revoke registration, and file criminal cases against unregistered or abusive entities.

C. Data Privacy (NPC; RA 10173)

Collectors need a lawful basis to process personal data; consent must be freely given and specific—not forced by take-it-or-leave-it permissions.
Excessive permissions (e.g., blanket access to contacts, photos, or location) are likely disproportionate.
Unlawful disclosure (e.g., messaging your contacts about your debt) can be unauthorized processing or malicious disclosure, with criminal liability and administrative fines.
You have rights to access, object, erasure, and damages.

D. Criminal and Civil Liability (selected)

Grave threats, grave/light coercion, unjust vexation (RPC) – for intimidation, shaming, or persistent annoyance without lawful justification.
Libel/Cyber-libel – if false and defamatory statements are posted/shared online.
Violations of special laws – e.g., Anti-Photo/Video Voyeurism if intimate images are used to extort (rare but severe).
Civil damages – moral, exemplary, temperate damages for humiliation/mental anguish; injunction to stop harassment.

4) What counts as unfair or abusive collection

While exact wordings vary by regulator circulars and case rulings, these are commonly prohibited:

Repeated calls/texts at unreasonable hours; using multiple numbers to bypass blocks
Using threats (arrest, criminal records, NBI/PNP “watchlists”) for pure debt non-payment (which is not a crime)
Posting your photo, name, or messages in public groups or tagging your contacts
Contacting your employer/co-workers to shame or coerce payment
Pretending to be a lawyer, court official, police, or regulator
Demanding fees/interest not stated in the contract or beyond legal caps (when applicable)

Key point: Non-payment of a purely civil loan is not a criminal offense. Fraud is different; but mere delay in payment does not justify harassment.

5) Immediate steps if you’re being harassed

A. Secure your device & data

Revoke app permissions (Contacts, Storage, Location, SMS, Call logs). On Android: Settings → Apps → [App] → Permissions → Deny.
Delete the app if you can still access your account via web; otherwise, keep it only long enough to gather evidence, then uninstall.
Change passwords (email, social media, online banking). Enable 2FA.
Inform close contacts: you’ve been targeted; ask them to ignore/report messages.

B. Preserve evidence (don’t engage)

Screenshots (include numbers, time/date, message headers), audio recordings of calls (if lawful), call logs, and exported chat histories.
Keep copies of your loan agreement, payment records, and any consent screens you remember accepting.
Maintain a timeline (date/time, number used, summary of content).

C. Stop the bleeding

Block and report numbers/handles.
On Facebook/Messenger/WhatsApp/Viber: Report → Harassment/Abusive content; request takedown of public posts.
Ask your HR to forward any collector messages to you and not to respond; provide HR a short memo (see template below).

6) Formal remedies & where to file

A. Write to the lender/collector (mandatory first step, in practice)

Send a Formal Notice and Demand to Cease Unlawful Collection to the company and its collection agent:

Demand they stop contacting third parties, delete scraped data, and route all communications to you only and in writing.
Invoke the FCP Act, SEC/BSP rules, and the DPA; assert your right to object and erasure for unlawfully obtained data.
Give 5–10 business days to comply and confirm in writing.

(A concise template is provided in §10.)

B. Complaint with the SEC (for lending/financing companies/OLAs)

File with the SEC Enforcement and Investor Protection Department (EIPD).
Attach: IDs, loan contract, proof of payments, screenshots, your demand letter, and a sworn statement.
Reliefs: cease-and-desist, penalties, license suspension/revocation, referral for prosecution.

C. Complaint with the NPC (privacy violations)

File a Data Privacy Complaint after (or alongside) your demand letter.
Allegations: unlawful disclosure to contacts, excessive data collection, absence of valid consent, lack of data minimization, failure to honor objection/erasure.
Reliefs: compliance orders, administrative fines, criminal referral.

D. BSP complaint (if the entity is a bank or BSP-supervised)

Use the financial consumer assistance channel of the provider, then escalate to BSP Consumer Assistance Mechanism.

E. Criminal complaints (NBI/PNP-ACG/Prosecutor)

For threats, coercion, libel/cyber-libel, unjust vexation.
Attach notarized affidavits, device forensics if available, and all screenshots/links.

F. Civil action (optional/parallel)

Injunction against further harassment; damages for mental anguish and reputation harm.
Consider Small Claims for simple money disputes (collection by you, e.g., overpaid charges)—no lawyer required up to the prevailing small-claims threshold.

7) Special issues

A. Contacting your employer

Unless your employer is a co-maker or authorized reference, collectors have no legal basis to discuss your debt.
Employers should not disclose your personal data to collectors absent a lawful basis. Provide HR a memo: “Please forward any collection messages to me; do not reply; kindly document and send me copies.”

B. Collateral threats (e.g., posting photos)

This can escalate to privacy, anti-violence/harassment, or cyber-libel violations. Move quickly with NPC and law enforcement for takedown and preservation requests.

C. “Consent” via app permissions

Consent must be freely given and specific. Pre-ticked boxes or “grant all permissions or no loan” approaches are questionable.
Even with consent, data minimization applies; scraping your entire contact list is rarely necessary to collect a debt.

D. Unregistered/illegal OLAs

If the “company” cannot produce a SEC registration and Certificate of Authority for lending/financing, treat as unregistered. Prioritize law enforcement and platform reporting (app store/social media), alongside SEC.

8) Practical negotiation tips (without surrendering your rights)

Communicate in writing (email/support ticket) to create a clean record.
Offer a reasonable payment plan linked to your cashflow; ask them to freeze charges while you cooperate.
Do not agree to unlawful fees or “pressure payments” just to stop shaming—document and report instead.
If you can settle, request: Final Statement, Quitclaim/Release, and Account closure confirmation.

9) Evidence checklist (attach to complaints)

Identity and corporate details of the lender/collector (website, app name, SEC/BSP details if available)
Loan documents; payment proofs; screenshots of app permissions/consents
Harassment log (dates/times/numbers/handles), raw files of messages/voice notes
Copies of posts, group chats, and list of third parties contacted
Your demand letter and any replies
Proof of harm: HR memos, witness statements, medical consultation (if anxiety/insomnia), social-media takedown receipts

10) Short templates

A. Cease & Desist / Data Privacy Demand (Email/Letter)

Subject: Unlawful Collection & Privacy Violations – Demand to Cease Dear [Company/Collector], I am the borrower for Loan No. [____]. Your agents have contacted third parties (my [relative/employer]) and used threats/insults on [dates]. You have no lawful basis to disclose my personal data or communicate with these third parties. I hereby object to further processing under the Data Privacy Act and demand you cease: (1) contacting any third party, (2) disclosing my debt, and (3) using data scraped from my device (e.g., contacts). Delete such data and confirm in writing within 5 business days. All future communications must be in writing to this email only. Non-compliance will be reported to the SEC/NPC/BSP and law enforcement, and I will pursue damages. Sincerely, [Name, ID, Mobile, Email]

B. HR Memo (If collectors message your workplace)

To HR: I am experiencing illegal debt-collection harassment from [Company/App]. Please do not respond to any collector. Kindly forward all messages to me and confirm receipt. This memo is for documentation and to protect the company from data-privacy risk.

11) FAQs

Is non-payment of a loan a crime? No, mere non-payment of a civil debt is not a crime. Fraud (e.g., falsified IDs, bouncing checks with deceit) is different.

Can collectors call my references? They may contact listed references to locate you, but disclosing debt details or harassing them is generally unlawful.

Can they sue me? Yes—civilly for collection. That process runs through the courts, not by threats or online shaming. You’ll receive proper court papers if a real case is filed.

What if I already paid but harassment continues? Send proof, demand account closure, then escalate to regulators with your evidence.

12) Preventive tips before borrowing

Use legitimate lenders (check SEC/BSP registration).
Read rates/fees, repayment terms, and privacy notices.
Deny unnecessary permissions; prefer lenders that don’t require contacts access.
Borrow only what you can repay; line up a buffer or salary-deduction option with legitimate providers.

13) Quick action plan (one-page summary)

Revoke permissions, collect evidence, inform contacts
Send Cease & Desist/Data Privacy Demand
Escalate to SEC (lending/financing/OLA), NPC (privacy), BSP (banks/EMIs)
Consider NBI/PNP-ACG for threats/libel; civil action for injunction/damages
Keep a timeline and persist—regulators increasingly penalize abusive OLAs

Final word

You can assert your rights even if you owe money. Document everything, communicate in writing, and make regulators your ally. If the harassment is intense or complex, consult a lawyer for tailored strategy—especially for swift injunctions and coordinated filings with SEC/NPC/BSP.