The proliferation of online lending applications in the Philippines has transformed access to credit, particularly for unbanked and underbanked individuals seeking immediate financial relief. However, this digital convenience has been accompanied by widespread reports of predatory practices, most notably aggressive debt-collection tactics that constitute harassment and systematic violations of Securities and Exchange Commission (SEC) registration requirements. These issues have raised profound concerns under Philippine regulatory, consumer-protection, and criminal frameworks, prompting sustained government intervention by the SEC, Bangko Sentral ng Pilipinas (BSP), Department of Trade and Industry (DTI), and other agencies.

Legal Framework Governing Lending Activities

Lending companies in the Philippines are strictly regulated to protect borrowers and maintain financial-system integrity. Republic Act No. 9510, otherwise known as the Lending Company Regulation Act of 2007, mandates that any entity engaged in the business of granting loans or credit facilities must register with the SEC and secure a license. The law defines a “lending company” as one whose principal business is extending loans to the public, and it explicitly prohibits operation without SEC accreditation. Complementary rules are found in the SEC’s Revised Rules and Regulations on Lending Companies, as well as Memorandum Circulars that address digital and fintech lending platforms.

In addition, Republic Act No. 10881 amended certain provisions to strengthen supervision, while BSP Circular No. 922 (Series of 2016) and subsequent issuances govern electronic payment and lending activities that interface with the formal banking system. The Consumer Act of the Philippines (Republic Act No. 7394) further prohibits deceptive sales acts and practices, including misleading representations about loan terms, interest rates, and collection methods. The Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations impose strict obligations on the processing and disclosure of personal information, including contact lists uploaded by borrowers during loan applications.

Operating an online lending platform without SEC registration therefore constitutes a direct violation of RA 9510. Unlicensed operators—frequently foreign-owned entities using Philippine shell companies or nominees—engage in unauthorized public solicitation of funds and extension of credit. Such activities expose them to administrative sanctions, including cease-and-desist orders, fines, license revocation (where a license was fraudulently obtained), and potential criminal prosecution for estafa or violations of the Corporation Code.

Nature and Patterns of Harassment by Online Lending Apps

Harassment by these platforms typically manifests after a borrower misses a repayment deadline. Common tactics include:

• Mass contact of third parties: Borrowers are required, as a condition of loan approval, to grant access to their mobile-phone contact lists. Collectors then send SMS, Messenger, or Viber messages to family members, friends, employers, and even colleagues, disclosing the existence and amount of the debt, often accompanied by threats of legal action, salary deduction, or reputational damage.
• Public shaming and digital humiliation: Debt collectors post screenshots of loan agreements, edited images, or fabricated narratives on social-media platforms, group chats, or public walls. Some apps have employed deepfake technology or voice-altering software to impersonate authorities.
• Persistent and invasive communication: Calls and messages are sent at all hours, including midnight to early-morning intervals, using multiple SIM cards or virtual numbers to evade blocking. Language is frequently abusive, invoking criminal liability or physical harm.
• False threats of criminal prosecution: Collectors routinely claim that non-payment constitutes estafa or that a warrant of arrest has been issued, despite the purely civil nature of most loan defaults.
• Salary and employer pressure: Direct communication with human-resources departments, accompanied by demands for payroll deduction without court order, violates labor-law protections and the principle of privity of contract.

These practices exploit the power imbalance between financially distressed borrowers and anonymous, often offshore operators. They also circumvent the traditional collection limits imposed on licensed lending companies, which are required to observe fair-debt-collection standards.

Specific Regulatory and Criminal Violations

SEC Registration Violations
Unregistered platforms breach Section 3 of RA 9510, which requires a Certificate of Authority from the SEC before engaging in lending. The SEC has repeatedly published lists of unregistered lending apps and issued cease-and-desist orders. Continued operation after such orders constitutes contempt and may trigger criminal liability under the Securities Regulation Code for fraudulent solicitation.

Data Privacy Violations
Uploading and sharing contact lists without explicit, informed consent violates the Data Privacy Act. The National Privacy Commission (NPC) has jurisdiction to impose fines of up to ₱5 million per violation and may pursue criminal complaints under Section 32 of RA 10173 for unauthorized disclosure.

Consumer Protection and Deceptive Practices
The DTI and the Consumer Act prohibit unconscionable interest rates and hidden fees. Many apps charge effective annual interest rates exceeding 100 percent when annualized, compounded daily, and inclusive of “service fees,” yet disclose only a low monthly rate. Such practices amount to usurious and deceptive conduct, even after the repeal of the Usury Law by Central Bank Circular No. 905.

Criminal Liabilities
Harassment may rise to the level of grave threats (Article 282, Revised Penal Code), grave coercion (Article 286), or unjust vexation (Article 287). When false criminal accusations are made publicly, libel or cyber-libel under Republic Act No. 10175 (Cybercrime Prevention Act) may apply. Repeated, malicious contact through electronic means also falls within the purview of the Anti-Cybercrime law’s provisions on illegal access and misuse of computer data.

Government and Regulatory Responses

The SEC, in coordination with the BSP, DTI, National Telecommunications Commission (NTC), and Department of Information and Communications Technology (DICT), has undertaken multi-agency crackdowns. Google Play Store and Apple App Store have removed hundreds of flagged applications following SEC requests. The SEC maintains a public “Watchlist of Unregistered Online Lending Platforms” and encourages borrowers to verify registration status through the SEC’s official website before transacting.

In 2021–2023, the SEC issued multiple advisory circulars requiring all digital-lending platforms to display their SEC Certificate of Authority, BSP license (if applicable), and Data Privacy compliance seals. The Inter-Agency Task Force on Illegal Online Lending has facilitated the takedown of server infrastructure and the blocking of associated bank accounts and e-wallets.

Law enforcement agencies, including the Philippine National Police (PNP) Anti-Cybercrime Group, have conducted entrapment operations and raided call centers linked to these apps. Convictions have been secured in select cases involving large-scale operations, resulting in imprisonment and substantial fines.

Remedies Available to Victims

Borrowers subjected to harassment possess multiple avenues for redress:

1. Administrative Complaints – File with the SEC’s Enforcement and Investor Protection Department using the official online portal. Provide screenshots, call logs, and loan agreements. The SEC can issue immediate cease-and-desist orders and refer matters for prosecution.
2. Data Privacy Complaints – Submit to the NPC via its website or hotline. Victims may claim damages and seek deletion of unlawfully processed data.
3. Consumer Complaints – Lodge with the DTI’s Consumer Affairs Office or the local government unit’s consumer arbitration office for refund of excessive charges and cessation of collection.
4. Criminal Complaints – Swear an affidavit before the prosecutor’s office or PNP for violations of the Revised Penal Code, Cybercrime Law, or Data Privacy Act.
5. Civil Action – Institute a suit for damages in the appropriate Regional Trial Court, including claims for moral damages, exemplary damages, and attorney’s fees under Articles 19–21 of the Civil Code (abuse of rights) and the Consumer Act.
6. Temporary Protective Measures – Request barangay protection orders or apply for a temporary restraining order to enjoin further harassment pending resolution of the main case.

Victims are advised to preserve all digital evidence—screenshots, audio recordings, and transaction histories—while avoiding further engagement with collectors to prevent escalation.

Broader Policy and Legislative Implications

The phenomenon underscores gaps in the regulatory architecture for fintech lending. While the Innovative Startup Act (Republic Act No. 11337) encourages digital innovation, it does not exempt lending platforms from licensing. Proposed amendments to RA 9510 seek to impose stricter capital requirements, mandatory credit-risk assessment, and real-time reporting obligations on digital lenders. The BSP’s digital-banking framework and the forthcoming Digital Assets and Virtual Asset Service Providers framework further aim to bring shadow lending within the formal financial system.

Consumer-education campaigns by the SEC and BSP emphasize the importance of verifying lender credentials, reading the fine print on interest computation, and understanding that legitimate platforms never require access to entire contact lists or engage in public shaming.

Conclusion

Harassment by unregistered online lending apps and concomitant SEC registration violations represent a convergence of regulatory evasion, data-privacy breaches, and abusive collection practices that undermine public trust in digital finance. Philippine law provides robust mechanisms—rooted in RA 9510, the Data Privacy Act, the Consumer Act, and the Revised Penal Code—to sanction erring operators and afford relief to victims. Continued vigilance by regulators, coupled with proactive enforcement and public awareness, remains essential to ensuring that technological innovation serves borrowers rather than exploits them. The Philippine legal system continues to evolve toward a balanced fintech ecosystem that protects vulnerable consumers while fostering responsible credit access.