Harassment from Online Lending Apps in the Philippines
A 2025 legal primer for practitioners, compliance officers, and consumers
1. The problem in numbers
- 1,700 + complaints (2018-2024) were lodged with the National Privacy Commission (NPC) alleging “contact-list scraping, public shaming, and threat messages” by online-lending apps (OLAs). A single case against PondoPeso generated 113 separate complaints.
- The Securities and Exchange Commission (SEC) has revoked or suspended 547 lending-company licences since 2019 and, in May 2025 alone, shut down Magic Peso, Peso Wallet and Credit Cash for debt-collection harassment. (Diskurso)
- Google now requires every Philippine-facing lending app to post its SEC Certificate of Authority (CA) in the Play-Store listing—no CA, no listing.
2. What counts as “harassment”?
SEC Memorandum Circular 18-2019 expressly black-lists:
| Prohibited act | Illustrative examples |
|---|---|
| Obscene, profane or insulting language | “Ibubuyangyang ko sa FB ang utang mo!” |
| Threats of violence or criminal prosecution | “Expect the police at your office tomorrow.” |
| Public disclosure of personal data | Mass-texting the borrower’s contact list |
| False representation | Collector posing as “Atty. Reyes, RTC” |
| Contacting non-guarantors | Sibling or HR officer receives threat |
| Calls/texts before 06:00 or after 22:00 | “11 p.m. follow-up” |
First offence → ₱25 k–₱50 k fine; third offence → up to ₱1 M plus CA revocation. (Credit Information Corporation)
The NPC Loan Circular 20-01 (as amended by 2022-02) mirrors these acts and adds a categorical ban on “unbridled processing of contact lists… that leads to harassment.”
3. Statutory armoury
| Cluster | Key statute / issuance | Core protections |
|---|---|---|
| Licensing | RA 8556 (Financing-Company Act) & RA 9474 (Lending-Company Regulation Act) | SEC Certificate of Authority required before an entity—online or offline—may lend. |
| Consumer market-conduct | RA 11765 Financial Products & Services Consumer Protection Act (2022) | Empowers SEC/BSP/IC/CDA to impose cease-and-desist orders, disgorge profits, fine up to ₱10 M, and adjudicate money claims ≤ ₱10 M. (ACCRALAW, Lawphil) |
| Unfair collection | SEC MC 18-2019 (debt-collection blacklist); MC 10-2021 (moratorium & “white-list” for new apps) | Enumerates harassing acts; each build of an OLA must be individually cleared. (Credit Information Corporation, RESPICIO & CO.) |
| Data privacy | RA 10173 + NPC Circular 20-01/2022-02 | Outlaws forced contact-harvest; NPC may fine up to ₱5 M per violation or issue a processing ban. |
| Cost-of-borrowing caps | BSP Circular 1133-2021 & SEC MC 3-2022 | For loans ≤ ₱10 k, tenor ≤ 4 mo: 6 % nominal / 15 % EIR per month + non-interest fees ≤ 5 % of principal. (Bangko Sentral ng Pilipinas, lpr.adb.org) |
| Criminal back-stop | Revised Penal Code (Art 282 threats, 287 unjust vexation, Arts 353-355 libel); RA 10175 cyber-libel; RA 11313 Safe Spaces Act; RA 9995 Anti-Photo-Video Voyeurism | Threats, doxxing, deep-fake nudes, or gender-based online harassment can trigger imprisonment of up to 12 years. (RESPICIO & CO.) |
4. Regulators and their playbooks
| Regulator | Jurisdiction | Recent headline action |
|---|---|---|
| SEC | Licensing & market-conduct of lending/financing companies and their OLAs | May 2025 shutdown of Magic Peso & Peso Wallet for harassment; ongoing moratorium on new OLAs. (Diskurso) |
| NPC | Data-privacy violations, particularly contact-list scraping & public shaming | 2023 decision In re Populus Lending upheld a processing ban; 2024 CDO against JuanHand. (RESPICIO & CO.) |
| BSP | Interest-rate ceilings, prudential rules for banks and non-banks | Implemented 6 %/15 % cap via Circular 1133; issued Circular 1164-2023 on Fair Treatment of Financial Consumers. (Bangko Sentral ng Pilipinas, Bangko Sentral ng Pilipinas) |
| Google / Apple | Platform gatekeepers | Requires SEC CA disclosure in app store metadata (2022 policy). |
| Law-enforcement | PNP Anti-Cybercrime Group / NBI Cybercrime Division | Regular service of cyber-libel and grave-threats warrants against rogue collectors. (RESPICIO & CO.) |
5. Remedies for borrowers
- Preserve evidence – screenshots of texts, call logs, call-recordings, group-chat posts.
- SEC complaint – e-mail CGFD@sec.gov.ph citing MC 18-2019 / MC 10-2021. Attach evidence. (RESPICIO & CO.)
- NPC complaint – complaints@privacy.gov.ph for data-privacy breaches (contact-list scraping, doxxing).
- Police/NBI – file cyber-libel, grave-threats, unjust-vexation, or gender-based-harassment complaints.
- BSP/SEC/IC adjudication (RA 11765) – money claims up to ₱10 M; six-to-eight-month track. (Bangko Sentral ng Pilipinas)
- Civil damages – Arts 19-21 & 26 Civil Code (abuse of rights & privacy), plus moral/exemplary damages.
- Barangay conciliation – optional but may speed recovery of small sums (RA 7160).
6. Liability of corporate officers & third-party collectors
- Solidary liability: Under RA 8556/RA 9474 and MC 18-2019, personal liability extends to directors, officers and outsourced collection agents who order or allow unfair practices. (Credit Information Corporation)
- Data-privacy penalties: Individual officers may face prison up to 7 years and fines up to ₱5 M for privacy offences. (National Privacy Commission)
7. Compliance checklist for lenders
| Must-have | Source |
|---|---|
| SEC CA & separate approval for each APK/TestFlight build | MC 10-2021 (RESPICIO & CO.) |
| Board-approved Fair-Debt-Collection Manual aligned with MC 18 | MC 18-2019 (Credit Information Corporation) |
| Privacy Impact Assessment & granular consent flow | NPC Circular 20-01 / 2022-02 |
| Consumer-assistance unit, single-hotline rule | RA 11765 IRR (ACCRALAW) |
| Interest & fee schedules within BSP caps, disclosed in-app and in contract | BSP 1133 + SEC 3-2022 (Bangko Sentral ng Pilipinas, lpr.adb.org) |
8. Legislative & policy horizon (2025-2026)
- Senate Bill 2407 (filed April 2025) would criminalise doxxing-based debt collection, with prisión correccional and fines up to ₱500 k. (RESPICIO & CO.)
- The SEC’s draft BNPL Guidelines will extend MC 18-style collection rules to “zero-interest pay-later” merchants (public consultation closed May 2025). (RESPICIO & CO.)
- NPC “Administrative-Fines” Rules (2024) tier penalties up to 5 % of global turnover for repeat privacy offenders. (RESPICIO & CO.)
9. Practical tips for borrowers and counsel
| Do | Don’t |
|---|---|
| Check the SEC white-list before installing an app (checkwithsec.sec.gov.ph). | Grant “Contacts” or “Storage” permission by default—legit apps cannot require it. |
| Send a written cease-and-desist invoking MC 18-2019; it helps prove bad faith later. | Pay field collectors in cash without a receipt. |
| Escalate immediately to PNP-ACG if you receive violence-order or nude-photo threats. | Ignore summons—RA 11765 compels mediation first and works to a tight timeline. |
| Monitor your credit report; dispute unlawful negative-listing with CIC/BSP. | Assume harassment will “just stop”; regulators act fastest when evidence is fresh. |
10. Conclusion
The Philippine regime now deploys administrative teeth (SEC/NPC), monetary caps (BSP), and robust criminal statutes against abusive online lenders. Enforcement is accelerating—store takedowns, licence revocations, and processing bans are weekly news—but borrowers must still document early and invoke the correct forum. As regulators push out BNPL rules and Congress mulls stiffer penalties, the compliance bar for digital credit will only rise.
This primer is for information only and does not constitute legal advice. Always consult qualified counsel for advice on specific facts.