Online lending apps (OLAs) made short-term credit almost instant for millions of Filipinos—but many borrowers soon discovered a dark side: relentless calls, threats, and public shaming aimed at forcing repayment. Below is a 2025-ready, end-to-end guide to everything Philippine law now says—and does—about harassment by online lenders.
1 | Why harassment happens
Digital lenders race to collect before competitors do, so they scrape borrowers’ phonebooks, bombard contacts with “debt-shaming” messages, and issue bogus arrest threats. These acts are cheap to automate, happen mostly online, and are hard for an individual debtor to stop, so regulatory intervention has been heavy since 2019. (RESPICIO & CO.)
2 | Governing statutes & regulations (chronological)
| Year | Instrument | Key anti-harassment provisions |
|---|---|---|
| 2007 | RA 9474 – Lending Company Regulation Act | SEC may suspend or revoke licences for “fraudulent, dishonest or illegal” practices. |
| 2012 | RA 10173 – Data Privacy Act (DPA) | Criminalises unauthorised collection or disclosure of contacts, photos, messages; fines up to ₱5 M + prison. (National Privacy Commission) |
| 2012 | RA 10175 – Cybercrime Prevention Act | Ordinary crimes (libel, threats, coercion) committed “through ICT” carry higher penalties. |
| 2013 | RA 7394 – Consumer Act | Bans deceptive or unfair sales/collection acts; DTI may act. |
| 2019 | SEC Memorandum Circular 18-2019 | First code on Unfair Debt-Collection; outlaws cursing, threats, third-party contact, publishing debts; fines ₱25 k–₱1 M & licence revocation. (SEC Appointment) |
| 2021 | SEC MC 10-2021 + November 2021 moratorium | Extends MC 18 to financing companies and freezes new OLA approvals pending stricter rules. (Philstar.com) |
| 2022 | RA 11765 – Financial Products & Services Consumer Protection Act (FCPA) | Elevates abusive collection to a statutory violation; empowers SEC/BSP/IC/CDA to award damages administratively up to ₱10 M and issue restitution orders. (Judiciary eLibrary) |
| 2022 | BSP Circular 1160 & 1169 (IRRs of RA 11765) | For BSP-supervised lenders: bans “abusive debt-recovery practices”, requires in-house complaint units, creates BSP-CAM/mediation/adjudication. (Bangko Sentral ng Pilipinas, Bangko Sentral ng Pilipinas) |
| 2023 | NPC Circular 20-01 | Tags “excessive or unauthorised collection of personal data for debt collection” as a privacy breach subject to summary penalties. (National Privacy Commission) |
| 2024 | SEC FinTech Office watch-list | Publishes monthly list of licensed/illegal OLAs; issues instant cease-and-desist orders (CDOs) on complaints. (Philstar.com) |
Other special laws can apply—e.g., RA 11313 (Safe Spaces Act) for gender-based online harassment or Revised Penal Code Articles 282 (threats), 287 (unjust vexation), and 355/355 via RA 10175 (cyber-libel).
3 | Typical harassment tactics and their legal exposure
- Contact-scraping & group-texts → Unlawful processing under DPA; unfair collection under SEC MC 18.
- Facebook “wanted” posters → Cyber-libel + DPA disclosure breach; Safe Spaces Act if misogynistic.
- “NBI pick-up” or jail threats → Grave threats (RPC Art 282); unfair collection.
- 50+ calls/day, obscene language → Unjust vexation (RPC Art 287); unfair collection.
- Spoofed court summons → Falsification (RPC Art 171) + cyber aggravation. (RESPICIO & CO.)
4 | Regulatory & enforcement bodies
| Agency | What it can do |
|---|---|
| SEC | Issue CDOs, revoke certificates of authority, fine violators, publish watch-lists, and refer criminal cases. (RESPICIO & CO.) |
| National Privacy Commission (NPC) | Investigate privacy complaints, mediate, impose administrative fines up to ₱5 M/act, and order deletion of unlawfully gathered data. (National Privacy Commission) |
| Bangko Sentral ng Pilipinas (BSP) | For banks/e-money lenders: enforce Circular 1160, adjudicate disputes, order restitution. (Bangko Sentral ng Pilipinas) |
| PNP-ACG / NBI-CCD | File cyber-libel, threats, coercion, identity-theft cases; seize servers under warrant. |
| Courts | Issue injunctions/TROs; award civil damages; impose criminal penalties. |
5 | Step-by-step remedy checklist for borrowers (2025)
- Collect evidence – screenshots with time-stamp, call logs, loan contract, app permission pages.
- Send a demand e-mail/text telling the lender to stop unlawful acts (builds good faith).
- File an SEC complaint (licensed or not) and/or an NPC complaint (privacy angle). Use SEC’s MC 18 form or NPC’s notarised complaint form; both accept e-mail filings. (National Privacy Commission)
- File criminal charges with PNP-ACG/NBI if threats, libel, coercion continue.
- Civil action for damages (Arts 19-21 & 26 Civil Code, Arts 2219-22xx for moral/exemplary).
- Monitor orders – failure to obey an SEC CDO or NPC Decision is contempt and a separate offense. (RESPICIO & CO.)
6 | Notable enforcement milestones
- 2019 – SEC vs. Moola, FDS, et al.: 48 apps shut; ₱4.4 M fines. (RESPICIO & CO.)
- 2020 – NPC decision vs. TukTuk Cash: ₱3 M fines + data-deletion order. (RESPICIO & CO.)
- 2021 – People v. Bala Lending (RTC Pasig): first cyber-libel conviction of OLA staff (on appeal). (RESPICIO & CO.)
- 2025 – SEC “cracks the whip” on erring platforms; new batch of CDOs four days ago. (Philstar.com)
7 | Compliance cheat-sheet for legitimate lenders
- No third-party contact without borrower’s written consent (SEC MC 18 §4-j). (SEC Appointment)
- Disclose Effective Annual Interest Rate (EIR) before loan disbursement (BSP Circular 1133-2022). (Bangko Sentral ng Pilipinas)
- Cooling-off period & complaint desk mandatory (RA 11765 § 6, IRR). (Judiciary eLibrary)
- Data collection limited to what is “necessary and proportionate” (DPA § 18; NPC Circular 20-01). (National Privacy Commission)
8 | Emerging trends & pending bills (2025)
- House Bill 8445 / Senate counterpart (FinTech Consumer Protection Act) – seeks to criminalise APR > 36 % and mandate algorithmic transparency; awaiting Senate plenary. (RESPICIO & CO.)
- AI-driven credit-scoring oversight – NPC Advisory 2024-04 imposes risk-assessment duties on lenders using AI for collections. (National Privacy Commission)
- Continued SEC moratorium on new OLAs until a “fit-and-proper” test for controlling shareholders is finalised. (Philstar.com)
9 | Practical self-defence tips
- Check the SEC list before downloading a lending app.
- Restrict app permissions; deny contacts, location, SMS.
- Keep calm; non-payment of a private debt alone is not a crime.
- Inform your employer/family so they can ignore harassing calls.
- Consider refinancing with a registered micro-finance NGO capped at 33 % EIR. (RESPICIO & CO.)
10 | Bottom line (as of 30 May 2025)
Harassment by OLAs is no longer a legal grey area in the Philippines. A mesh of statutes (RA 9474, DPA, RA 11765, cyber-crime laws), SEC and BSP circulars, and active privacy and fintech regulators now provide civil, criminal, and administrative weapons powerful enough to shutter abusive apps, fine their owners, and compensate victims. Borrowers who document every call and invoke the right forum quickly can stop the abuse and, in many cases, recover damages—while helping regulators keep the Philippine fintech sector fair and trustworthy.
This article is for information only and is not a substitute for personalised legal advice.