Filing Complaints Against Abusive Online Lending Apps

Filing Complaints Against Abusive Online Lending Apps (Philippine Context)

This is a practical, step-by-step legal guide for borrowers and anyone harassed by “debt-shaming” collectors. Philippine laws cited include the Data Privacy Act (R.A. 10173), the Financial Consumer Protection Act (R.A. 11765), the Truth in Lending Act (R.A. 3765), the Lending Company Regulation Act (R.A. 9474), the Financing Company Act (R.A. 8556), the Cybercrime Prevention Act (R.A. 10175), the Credit Information System Act (R.A. 9510), and relevant rules of the Securities and Exchange Commission (SEC) and the National Privacy Commission (NPC). This is general information, not legal advice.

1) What counts as “abusive” or unlawful collection conduct?

Abusive practices you can complain about typically include:

  • Debt shaming: messaging your family, employer, or contacts; posting defamatory content; group chats announcing your “debt.”
  • Harassment and intimidation: repeated calls or messages at unreasonable hours; threats of arrest, criminal cases, workplace disclosure, or physical harm; use of slurs/obscenity.
  • Privacy violations: scraping your contact list, photos, SMS, precise location, or social media without a lawful, necessary, and proportionate purpose; processing beyond what’s needed to administer a loan; refusing legitimate erasure/rectification requests.
  • Deceptive notices: fake “court orders,” “subpoenas,” or “blacklist” threats; misrepresenting that they are officers of government.
  • Hidden or unconscionable charges: failure to disclose total finance charges/true cost of credit (Truth in Lending Act), or charging beyond caps applicable to certain small short-term loans (SEC rules).
  • Unregistered operations: the lender has no SEC registration and Certificate of Authority as a lending/financing company or uses an unregistered online lending platform (OLP).
  • Unfair terms: blanket consent clauses authorizing contact-list scraping; waivers of your data-privacy or consumer-protection rights.

Important: Owing money does not erase your rights. You may complain about abusive collection and privacy violations even if you are in default. You still owe any valid debt, but illegal tactics can be sanctioned and debt terms reduced if unconscionable.

2) Which regulator or office should you go to?

  • Securities and Exchange Commission (SEC)primary regulator for lending/financing companies and their online lending platforms. Use for: unregistered lenders/OLPs; unfair or abusive collection; excessive or undisclosed charges; failure to comply with SEC rules.

  • National Privacy Commission (NPC)data-privacy violations under R.A. 10173. Use for: contact-list scraping; public shaming; unauthorized disclosure/processing; failure to honor data-subject rights (access, correction, deletion, objection).

  • Bangko Sentral ng Pilipinas (BSP)if the provider is a bank, an e-money issuer, or otherwise BSP-supervised. Use for: issues with banks or e-wallets tied to the loan; failures in dispute handling; unfair sales/collection practices by BSP-regulated entities (R.A. 11765).

  • PNP Anti-Cybercrime Group / NBI Cybercrime Divisioncriminal harassment, threats, cyber-libel, doxxing, extortion, identity theft. You may file a criminal complaint even while pursuing SEC/NPC remedies.

  • NTC / Your Telcoto report/seek blocking of persistent spam/harassment numbers or SIMs, and for issues under the SIM Registration Act.

  • Courts (civil actions; small claims; protection orders) — to seek damages, injunctive relief (e.g., to stop harassment), or to reduce unconscionable interest/penalties.

  • Credit Information Corporation (CIC) — for disputes over inaccurate credit reporting by an authorized submitting entity under R.A. 9510.

3) Your legal bases at a glance

  • R.A. 11765 (Financial Consumer Protection Act, 2022): mandates fair treatment, full disclosure, and internal dispute resolution (IDR); empowers regulators (BSP/SEC/IC/CDA) to issue cease-and-desist, order restitution, and impose penalties for abusive sales/collection practices.
  • R.A. 10173 (Data Privacy Act, 2012): protects against unauthorized or excessive data processing; recognizes rights to be informed, access, rectify, erase/block, object, and claim damages. “Debt shaming” via your contacts is typically unlawful processing.
  • R.A. 3765 (Truth in Lending Act): requires clear disclosure of finance charges and true cost of credit before you borrow.
  • R.A. 9474 / R.A. 8556: require SEC registration and a Certificate of Authority for lending/financing companies; SEC circulars prohibit unfair debt-collection practices and require OLPs to be registered/comply with conduct standards.
  • R.A. 10175 (Cybercrime Prevention Act): covers cyber-libel, illegal access, and other computer-facilitated offenses.
  • Revised Penal Code: libel, grave threats/coercion, unjust vexation, etc., depending on facts.
  • R.A. 9510 (CIC law): allows you to obtain your credit report and dispute erroneous entries.
  • Civil Code & jurisprudence: courts can strike down unconscionable interest/penalties and award damages for privacy and reputational harms.

Note on interest caps: The SEC has caps for certain small, short-term, unsecured loans granted by lending/financing companies through OLPs (plus limits on penalties/fees). If you suspect over-charging, raise this as a violation when you complain. (Exact caps can change; verify the latest figures when preparing your filing.)

4) Evidence to gather (build a “case file”)

Create a folder and keep:

  1. Your loan documents: application screens, disclosure statements, e-mail/SMS confirmations, app screenshots, repayment receipts.
  2. Proof of registration/identity of the lender: app store listing, website, SEC details if any.
  3. Harassment record: screenshots of messages/chats, caller IDs, call logs, voicemails, group chats, social-media posts, and any threats.
  4. Privacy proof: permission prompts; evidence they accessed your contacts or messaged third parties; list of affected contacts (with their signed statements/affidavits, if possible).
  5. Timeline: dates of borrowing, due date, first harassment, every incident, and your attempts to resolve.
  6. Your ID and contact details (for regulators).
  7. Device information: phone model/OS, app version; permissions you granted (Settings → Apps → Permissions).
  8. Financial harm: fees charged, amounts paid, lost wages (if workplace contacted), medical/psych distress (certificates), reputational damage (HR memos).

Back up everything; preserve originals; avoid editing metadata.

5) Immediate protective steps (while preparing a complaint)

  • Revoke app permissions: Contacts, SMS, Photos, Location. Uninstall only after taking screenshots/backups.
  • Notify affected contacts briefly that any messages about you are likely harassment; ask them to keep copies.
  • Use in-app IDR (if it exists) to trigger a formal response under R.A. 11765. Keep a copy.
  • Demand letter (polite but firm): ask them to stop unlawful processing/harassment, to correct/delete data, and to identify their lawful basis and DPO. Give a short deadline (e.g., 5–10 days).
  • Report numbers to your telco for blocking; enable spam filters.
  • Do not share OTPs or IDs beyond what is strictly necessary; avoid paying “collection agents” via personal accounts—insist on official channels/receipts.

6) How to file: step-by-step

A. Filing with the SEC (for lenders/OLPs; unfair collection; over-charging; unregistered OLPs)

  1. Prepare: your case file (Section 4), a short narrative (facts/issues/relief sought), and copies of the lender’s business details if known.

  2. Identify the violation(s):

    • Operating without SEC registration/Certificate of Authority.
    • Unfair debt-collection (e.g., debt shaming, threats, deceptive notices).
    • Violations of interest/penalty/fee caps and disclosure requirements.

  3. Submit a complaint to the SEC Enforcement/Investor Protection unit or nearest Extension Office. Attach evidence.

  4. Possible outcomes: cease-and-desist orders, app takedown coordination, administrative fines/penalties, revocation of authority, restitution directives.

Tip: In your SEC complaint, name the app(s), developer/publisher (if shown in the app store), the corporate entity (if known), and any third-party collection agencies involved.

B. Filing with the NPC (privacy/data-protection violations)

  1. Write a Data Subject Complaint stating:

    • What personal data were collected/processed;
    • Lack of lawful basis/necessity;
    • Specific harm (e.g., messages to contacts, workplace disclosure);
    • Your data-subject requests (access, erasure, blocking, restriction, objection); and
    • Their failure to comply within a reasonable period.

  2. Attach evidence: permission prompts, contact-list screenshots, messages to third parties, your demand letter, and their response (or lack thereof).

  3. Relief you can request: order to cease processing, delete data, notify third parties of correction/deletion, and administrative sanctions/fines.

C. If the provider is BSP-regulated (bank/e-money issuer)

  1. Use the provider’s IDR (required by R.A. 11765).
  2. If unresolved, escalate to BSP via its consumer complaints channel.
  3. Relief: correction of charges, refund, sanctions for unfair collection/sales practices, and compliance orders.

D. Criminal reports (PNP-ACG or NBI)

  • For threats, extortion, cyber-libel, identity theft, or doxxing: execute a sworn statement, submit your evidence, and identify the suspect accounts/numbers/handlers as far as possible. Criminal and administrative complaints can proceed in parallel.

E. Credit reporting (CIC)

  • Obtain your CIC credit report to check entries. If the lender reported inaccurate data, file a dispute with CIC and the reporting entity.

7) Sample structures you can adapt

A. Incident timeline (one-page)

  • Date/TimeChannelWhat happenedScreenshots/File refsLaw/Rule implicated

B. Short demand letter (to the lender/OLP)

Subject: Unlawful Collection Practices and Data-Privacy Violations – Demand to Cease and Delete

I am [Name], borrower under Account/Reference No. [____]. Your representatives have engaged in
unlawful collection practices and unauthorized processing of my personal data, including [brief facts].
These acts violate the Data Privacy Act (RA 10173), the Financial Consumer Protection Act (RA 11765),
the Truth in Lending Act (RA 3765), and SEC rules on unfair debt collection.

Demands:
1) Immediately cease harassing communications and any disclosure to my contacts/employer;
2) Delete unlawfully obtained data (including my contact list) and confirm deletion in writing;
3) Identify your corporate entity, DPO, and lawful basis for processing;
4) Provide complete disclosures of charges/fees and my updated account status; and
5) Rectify any inaccurate credit reporting.

Unless complied with within [5/10] days, I will file complaints with the SEC and NPC, and pursue other remedies.
[Signature, Date, Contact details]

C. SEC complaint outline

  • Parties: Complainant; Respondent company/app; collection agency (if any).
  • Facts: Loan details; collection timeline; harassment/abuse specifics.
  • Violations alleged: (1) Unfair debt collection; (2) Non-registration/OLP non-registration; (3) Over-charging/undisclosed fees; (4) Misrepresentations.
  • Evidence list: numbered annexes.
  • Relief sought: CDO, penalties, restitution/refund, app takedown, referral to NPC/ACG.

D. NPC complaint outline

  • Complainant details and standing (you or your contacts as affected data subjects).
  • Respondent (company/app developer/third-party collector).
  • Data processing acts challenged (collection/use/disclosure/retention).
  • Violations (lawful basis, transparency, proportionality, security, data-subject rights).
  • Harm suffered.
  • Relief requested.
  • Annexes (evidence, prior demands, proof of non-response).

8) Practical FAQs

Q1: I never borrowed, but I’m being harassed because I’m in someone’s contacts. Can I complain? Yes. You’re a data subject under the Data Privacy Act. File with the NPC (and optionally SEC if a lending/financing company is involved). Attach the messages you received.

Q2: Can a collector call my boss or co-workers? Not lawfully. Disclosure to third parties for pressure is generally prohibited. Document it and complain.

Q3: Will complaining erase my debt? No. Regulators can sanction the lender and order takedowns/refunds/corrections, but valid principal amounts remain (courts may reduce unconscionable interest/penalties).

Q4: They threaten arrest or “subpoena” today if I don’t pay. Real? Private lenders cannot arrest you. Fake legal threats are deceptive and sanctionable. Save the message and include it in your complaint.

Q5: The app says it will report me to the CIC “blacklist.” CIC does not maintain a “blacklist.” Only authorized entities can submit data, and you can dispute inaccuracies.

Q6: I paid a “collector” via a personal e-wallet. Safe? Risky. Demand official payment channels/receipts. If scammed, file with PNP/NBI and your e-wallet provider immediately.

Q7: Do I need a lawyer? Not strictly for SEC/NPC complaints or small claims (up to the current small-claims threshold). A lawyer helps if you seek injunctions/damages or face complex facts.

9) Strategy tips that strengthen your case

  • Lead with IDR (short, dated complaint through the app/email). It shows good faith and triggers duties under R.A. 11765.
  • Be specific: point to exact messages, dates, and rules violated.
  • Compute the money: table of principal, interest, fees, penalties paid/charged; highlight over-cap/undisclosed items.
  • Name the actors: app name, developer, company, collection agency, phone numbers, email handles, social profiles.
  • Parallel tracks: it’s fine to file SEC + NPC + PNP/NBI simultaneously when facts overlap.
  • Mind your own posts: avoid retaliatory public posts that could expose you to counter-claims; channel everything into formal complaints.
  • Health first: if harassment causes distress, consult a professional and keep the medical certificate—it supports damages.

10) What outcomes to expect

  • From SEC: cease-and-desist orders; app takedowns; fines; revocation of license/authority; directives on refunds/restitutions; referrals to prosecutors/NPC.
  • From NPC: orders to cease processing, delete data, and notify third parties; administrative fines; compliance monitoring.
  • From BSP (if applicable): corrective actions, refunds, sanctions on supervised institutions.
  • From PNP/NBI/Prosecutors: criminal charges for threats, cyber-libel, identity theft, extortion, etc.
  • From courts: damages and injunctions; reduction of unconscionable interest/penalties; enforcement of privacy and consumer rights.

11) Checklist (print-ready)

  • Screenshots of all harassment (timestamps visible)
  • Loan contract/disclosures/receipts
  • Proof of lender identity/app listing
  • Written IDR complaint + proof of sending
  • Demand letter (privacy + unfair collection)
  • List of affected contacts + their statements
  • Table of charges/fees/interest vs. legal caps
  • Valid ID; your contact details
  • Drafts: SEC complaint | NPC complaint | (optional) PNP/NBI affidavit
  • Telco spam/number-blocking request filed
  • CIC report requested (if credit reporting is threatened/involved)

12) Final notes & cautions

  • Interest/penalty caps and filing portals/forms are updated from time to time. Because you asked me not to search, I’ve avoided quoting current hotlines, emails, or exact cap percentages. Before filing, quickly verify the latest SEC/NPC submission channels and any current caps that apply to your loan type.
  • Keep communications calm and factual. Regulators prefer concise timelines and well-labeled exhibits.
  • If harassment is severe or safety is at risk, prioritize a criminal report and consider seeking injunctive relief.

If you want, I can turn this into filled-out templates (SEC and NPC) using your facts and evidence list—just share the specifics you’re comfortable providing.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login