Harassment and Threats by Online Lending Apps: How to File Complaints With SEC and NBI (Philippines)

Harassment and Threats by Online Lending Apps in the Philippines: What the Law Says and How to File Complaints with the SEC and NBI

*This guide is written for borrowers and third parties (family, colleagues, references) who are being harassed or threatened by online lending apps (“OLPs”) and their collectors. It explains the legal framework, your rights, practical next steps, and exactly how to file complaints with the Securities and Exchange Commission (SEC) and the National Bureau of Investigation (NBI). Philippine context. Not legal advice.*

1) The problem, in plain terms

Common abusive tactics by some OLPs and third-party collectors include:

  • “Shaming” messages to your contacts, co-workers, or relatives
  • Threats of arrest, criminal cases, or public exposure
  • Doctored photos, doxxing, and defamation on social media
  • Endless calls/SMS at odd hours, obscene or degrading language
  • Accessing/using your phone contacts well beyond what you consented to

These can trigger regulatory consequences (SEC) and criminal/cybercrime liability (NBI, prosecutors’ offices), and often data-privacy violations (NPC). Even if you owe a valid debt, collectors may not use unlawful tactics.

2) Core laws and rules that protect you

  • SEC rules on debt collection (applies to lending/financing companies and their agents) The SEC prohibits unfair debt collection practices (e.g., threats, obscene language, contacting persons not named as co-makers/guarantors, false representations, shaming campaigns). The SEC also licenses lending/financing companies and their online lending platforms; operating without proper registration/authority is unlawful.

  • Lending and Financing Company laws RA 9474 (Lending Company Regulation Act of 2007) and RA 8556 (Financing Company Act of 1998) require registration and a Certificate of Authority. The SEC can fine, suspend, or revoke authority and shut down unregistered/abusive operators.

  • Financial Products and Services Consumer Protection Act (RA 11765) Empowers financial regulators (including SEC) to act against unfair, abusive, misleading practices in financial services.

  • Data Privacy Act (RA 10173) Using your contact list to shame you or process personal data beyond valid, informed, freely-given, specific consent can be unlawful. There are civil, administrative, and criminal penalties. (You may also complain to the National Privacy Commission, see §10.)

  • Cybercrime Prevention Act (RA 10175) & Revised Penal Code Cyber-libel, computer-related identity theft, illegal access, and online threats/coercion may apply. Under the Revised Penal Code: grave threats, grave coercion, and unjust vexation are common charges for abusive collectors.

  • Anti-Wiretapping Act (RA 4200) Do not secretly record live phone calls without consent. It’s generally illegal. Save texts, chats, voicemails, emails, and call logs instead; if you record a call, get clear consent on record first.

  • Other possibly relevant laws (context-dependent) Safe Spaces Act (RA 11313) for gender-based online sexual harassment; Anti-Photo and Video Voyeurism Act (RA 9995) for threats involving intimate images; SIM Registration Act (RA 11934) for tracing numbers.

3) What counts as unlawful harassment or threats?

Red flags you can cite in complaints:

  • Contacting people in your phonebook who are not your co-maker/guarantor, to shame or coerce payment
  • Threats of arrest, barangay raids, or criminal cases without basis, or pretending to be government officers
  • Obscene, profane, or degrading language; discriminatory/sexual remarks
  • False representations (e.g., “we already have a warrant”), fake legal notices, or fake case numbers
  • Posting or threatening to post your photos/data to social media; deepfakes or edited images
  • Harassment at unreasonable hours (e.g., late night/early morning barrage)
  • Disclosing your debt to your employer or colleagues

Even if you borrowed money and are late, these tactics are not allowed. The lender can sue civilly for collection, but cannot abuse or threaten you or your contacts.

4) Immediate steps to protect yourself (before complaining)

  1. Preserve evidence (do not delete).

    • Screenshots of messages/chats with full names/numbers, dates/times, and the app name.
    • Call logs (date/time, caller ID).
    • Voicemails, emails, or public posts/PMs.
    • Copies of the loan agreement, app screenshots (app listing, permissions requested), payment receipts, and ID used.
    • If contacts were harassed, ask them to keep screenshots and prepare short sworn statements.

  2. Stop further data leak.

    • In phone settings, revoke app permissions (contacts, SMS, storage, call logs, etc.).
    • Change passwords and enable 2-factor authentication.
    • Consider uninstalling the app after you finish collecting evidence.

  3. Avoid illegal recordings.

    • If you want to record calls, say upfront: “I will record this call. Do you consent?” Record only if consent is explicit.

  4. Communicate only in writing.

    • If you intend to pay/settle, do it through traceable channels (official account, receipt). Avoid sending IDs or selfies over chat unless necessary and secure.

5) Filing a complaint with the SEC

When to go to the SEC:

  • You were harassed/threatened by collectors of a lending/financing company (including via an online lending app).
  • The app/company is unregistered or lacks a Certificate of Authority.
  • The collector used unfair debt collection practices or misleading claims.

What the SEC can do:

  • Investigate and issue Show-Cause/CEASE orders, fine the company, suspend/revoke its authority, or shut down unregistered operators.
  • Coordinate with app stores and other agencies for takedowns.

Your SEC complaint packet (attach clear copies):

  • Complaint-Affidavit (signed and notarized, see template below)
  • Your valid ID
  • Evidence: screenshots/links of messages; call logs; any audio with consent; social-media posts; emails; witness statements from harassed contacts
  • Loan documents: loan agreement, payment history/receipts, app info (name, developer/company if known), dates of download and use
  • If known: company name, business address, and whether they showed an SEC Registration No. and Certificate of Authority No.

Where/how to file:

  • File at any SEC office/extension office or via SEC’s official complaint channels (online or email, as available).
  • Keep proof of submission (acknowledgment page, stamped copy, ticket number).
  • The case is usually handled by the SEC unit overseeing lending/financing and online lending platforms.

Tip: Procedures, intake forms, and email addresses can change. Check the SEC’s official site or call an SEC office to confirm the current intake channel before filing. Bring both printed and digital copies of your evidence.

What to expect after filing:

  • SEC may acknowledge and assign a reference/case number.
  • The respondent may be required to answer; SEC can issue compliance directives or sanctions.
  • The SEC case is administrative (regulatory). It can run in parallel with a criminal complaint (NBI/prosecutor).

6) Filing a complaint with the NBI (Cybercrime/Regional Office)

When to go to the NBI:

  • You received threats, coercion, defamation, identity theft/impersonation, or data-related intrusions (e.g., unauthorized access) online or via mobile.
  • Your contacts received shaming/harassing messages from collectors.
  • You need law-enforcement help to trace numbers/accounts, preserve platform data, and build a criminal case.

Potential criminal angles (the NBI will assess):

  • Grave threats, grave coercion, unjust vexation (Revised Penal Code)
  • Cyber-libel, computer-related identity theft, illegal access (RA 10175)
  • Data Privacy offenses (RA 10173) – NBI can coordinate with the NPC and prosecutors
  • Other: extortion, falsification, gender-based online sexual harassment, or voyeurism-related offenses if facts fit

Your NBI complaint packet:

  • Sinumpaang Salaysay / Complaint-Affidavit (see template)
  • Valid IDs (2 recommended)
  • Evidence (same list as in SEC filing; include raw files if possible)
  • Witness statements from contacts who were harassed
  • If applicable: proof that the lender/collector pretended to be a public official, lawyer, or law-enforcement agent

Where/how to file:

  • File at the NBI Cybercrime Division or any regional/district NBI office (they can forward to Cybercrime).
  • NBI may also accept e-complaints (online intake) when available.
  • Bring a USB drive with digital copies. Keep printed sets.

What to expect:

  • Initial interview and evidence triage; you may be asked to notarize your affidavit.
  • NBI can issue subpoenas to platforms/telcos to preserve logs, identify accounts, and gather records.
  • The NBI will prepare a referral to the Office of the City Prosecutor (OCP) for preliminary investigation. You’ll receive notices for counter-affidavits and possible hearings.

7) Templates you can reuse

A) Complaint-Affidavit (for SEC or NBI – adjust addressee)

REPUBLIC OF THE PHILIPPINES )
CITY OF ____________        ) S.S.

COMPLAINT–AFFIDAVIT

I, [Full Name], of legal age, Filipino, with address at [Address], after having been duly sworn, state:

1. I obtained a loan from [App Name / Company Name] on [date], amounting to [₱____]. The app identified itself as [details shown in app/ads, if any].

2. Beginning on [dates], I received the following abusive collection acts:
   a. [Describe SMS/calls/chats; attach screenshots with dates/times/senders]
   b. [Describe threats or false representations; e.g., threats of arrest, posting photos]
   c. [If contacts were harassed] My [relationship], [Name], received shaming messages on [date/time]; see Annex __.

3. The collectors contacted persons who are not my co-makers/guarantors, including [names/relationships], revealing my alleged debt and using degrading language. This caused me [stress, reputational harm, workplace issues].

4. These acts constitute unfair debt collection practices prohibited by SEC rules; and may also constitute violations of the Revised Penal Code (grave threats/coercion, unjust vexation), the Cybercrime Prevention Act (e.g., cyber-libel/identity theft), and the Data Privacy Act.

5. I am submitting the following evidence:
   - Annex A: Loan documents (agreement, receipts)
   - Annex B: Screenshots of messages/chats/calls (with timestamps)
   - Annex C: Witness statements from my contacts
   - Annex D: App information and permissions screenshots

PRAYER

I respectfully request that your office: (1) investigate; (2) hold [Company/Agents] accountable; (3) impose appropriate sanctions/reliefs; and (4) coordinate with other agencies/platforms for takedown and preservation of evidence.

I certify that the foregoing is true and correct.

[Signature over printed name]
Affiant

SUBSCRIBED AND SWORN to before me this __ day of ______, 20__, in ____________, affiant exhibiting [ID Type/No./Date/Place].

B) Witness Statement (for harassed contacts)

WITNESS STATEMENT

I, [Full Name], of legal age, [citizenship], [address], state:

1. On [date/time], I received a message/call from [number/account] claiming to be from [App/Company] about [Borrower’s Name].
2. The message/call contained [threats/obscene language/shaming]. Screenshot attached as Annex __.
3. I do not know the sender and I am not a co-maker/guarantor of [Borrower].

[Signature]
(Date)

C) Data Subject Rights request (to send to the app/company)

Subject: Data Privacy Request – Cease Processing and Erasure

Dear [Company/Data Protection Officer],

I am asserting my rights under the Data Privacy Act. Effective immediately, please:
(1) Cease processing my personal data for collection/“shaming” activities;
(2) Delete personal data not necessary or retained beyond lawful basis;
(3) Disclose the sources of my data, recipients you shared it with, and your data retention;
(4) Provide your lawful basis for accessing/using my contacts.

Confirm in writing within 15 days. Continued unlawful processing will be reported to the NPC and other authorities.

[Name, contact details, ID copy if needed]

8) Building a strong case: evidence do’s & don’ts

Do:

  • Capture full-screen screenshots with dates/times, sender IDs, URLs.
  • Export message threads to PDF/HTML if the platform allows.
  • Keep a timeline: when you downloaded the app, granted permissions, first contact, first threat, payments made.
  • Ask your harassed contacts to save originals and give statements.

Don’t:

  • Secretly record calls without consent (RA 4200).
  • Edit/markup screenshots in ways that obscure metadata.
  • Engage in insults or counter-threats—keep replies factual or stop replying.
  • Pay via untraceable channels or to personal accounts of collectors.

9) Civil options (in parallel)

  • Negotiate in writing for a settlement or restructured plan; insist on official receipts.
  • Small Claims (no lawyers required up to the current monetary threshold) for disputes like unauthorized charges or defective billing—useful to recover money or contest unconscionable penalties.
  • Civil action for damages (defamation, invasion of privacy, emotional distress) if losses are substantial.

The validity of the debt and lawfulness of collection are separate. You can dispute abusive acts even if you intend to pay your legitimate principal balance.

10) Parallel complaint to the National Privacy Commission (NPC) (strongly recommended)

When OLPs blast your contacts, scrape your phonebook, or process your data beyond valid consent, that’s a Data Privacy issue. You can file a complaint or request mediation with the NPC. This often produces quick pressure on abusive collectors, while your SEC/NBI cases proceed.

11) Practical FAQs

Q: The app seems foreign/offshore. Can the SEC/NBI still help? Yes. The SEC can still warn, block, and coordinate takedowns affecting Philippine users. The NBI can pursue cybercrime committed in or affecting the Philippines and coordinate internationally. Enforcement may take longer, but complaints still matter.

Q: Collectors say they’ll “issue a warrant” or “arrest me today.” Only courts issue warrants, and law enforcement serves them. Collectors cannot arrest you. That kind of message is a false representation/threat—good evidence for SEC/NBI.

Q: They messaged my boss and HR. What do I do? Ask HR to preserve the messages and give a short statement. Include this in both SEC and NBI complaints—this is classic unfair debt collection and defamation/harassment.

Q: Should I repay while the case is pending? If the loan is valid, consider paying the principal through official channels to stop ballooning charges—but do not pay under threats or to suspicious accounts. Keep proof.

Q: Can I change my number? Yes—but preserve evidence first. Inform close contacts that any harassing messages they receive should be saved for your case.

12) Step-by-step checklists

SEC Filing Checklist

  • Complaint-Affidavit (notarized)
  • Government-issued ID
  • Loan agreement + receipts
  • Evidence (screenshots/logs/links; witness statements)
  • App info (name, developer/company shown in-app/ads)
  • Print + USB copy; submit via current SEC channel; keep acknowledgment

NBI Filing Checklist

  • Complaint-Affidavit (notarized)
  • Two valid IDs
  • Evidence set (same as above) + USB copy
  • List of phone numbers/accounts used by collectors
  • Names of harassed contacts and their statements
  • Prepare to appear for prosecutor’s preliminary investigation later

Digital Hygiene

  • Revoke app permissions; uninstall after backing up evidence
  • Change passwords; enable 2FA
  • Monitor your credit/digital footprint
  • Inform close contacts to save any harassment they receive

13) How SEC and NBI proceedings fit together

  • SEC: Administrative/regulatory—can fine, suspend, revoke, and request takedowns.
  • NBI → Prosecutor → Court: Criminal—can lead to arrest warrants/convictions for specific agents and officers if evidence supports charges.
  • NPC: Data privacy enforcement—orders to cease, delete, secure, compensate (in some cases), and penalize.

Running complaints in parallel often produces the best outcome.

14) Final tips

  • Keep everything organized: a dated folder per platform/number, plus a simple timeline.
  • Be accurate and restrained in your affidavits—facts win cases.
  • Laws and filing portals change over time; before you submit, call or check the official SEC and NBI pages or hotlines to confirm current intake channels and office hours.
  • If you receive a subpoena or notice, attend or consult counsel promptly.

Short, reusable “abuse notice” you can send to collectors

To whom it may concern:

Your agents have engaged in unlawful collection practices (threats, shaming, disclosure to third parties) in violation of SEC rules and Philippine law. Cease all harassment immediately. Further abusive acts will be documented and reported to the SEC, the NBI Cybercrime Division, and the National Privacy Commission.

Communicate only via [email] regarding my account. Do not contact my employer or contacts who are not co-makers/guarantors.

[Your Name]

If you want, I can turn this into printable PDFs (SEC/NBI packet, affidavit templates, and checklists) and pre-fill your details—just tell me the names, dates, and app information you want included.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login