How to Check a Lending Company’s SEC Registration Status in the Philippines

How to Check a Lending Company’s SEC Registration Status in the Philippines

This practical legal guide explains how to verify—properly and defensibly—whether a Philippine “lending company” is duly registered and authorized by the Securities and Exchange Commission (SEC). It’s written for consumers, in-house teams, compliance officers, and counsel. Philippine law cited is current as of mid-2025, but always confirm if rules have changed.

1) Why this matters (the legal baseline)

  • You need two things, not one. Under the Lending Company Regulation Act of 2007 (Republic Act No. 9474) and its IRR, a corporation that does lending as a business must have: (a) a Certificate of Incorporation (general SEC registration), and (b) a Certificate of Authority (CA) to Operate as a Lending Company issued by the SEC. The CA—not just the incorporation—is what legally allows the company to lend to the public.

  • Who does not fall under “lending companies”?

    • Financing companies (Republic Act No. 8556) are similar but governed by a separate law; they also need an SEC Certificate of Authority—just under the financing regime.
    • Banks and quasi-banks are licensed by the Bangko Sentral ng Pilipinas (BSP), not the SEC.
    • Cooperatives are registered with the Cooperative Development Authority (CDA) and may lend to members under coop rules.
    • Microfinance NGOs remain corporations with SEC registration but are certified under the Microfinance NGOs Act (RA 10693) through the MNRC.

  • Sole proprietors and partnerships cannot be “lending companies.” RA 9474 requires the entity to be a corporation. If someone claims to be a “lending company” but gives you a DTI business-name certificate (for a sole prop) or a partnership certificate, that’s a red flag.

2) What “good standing” usually looks like

A legitimate, active lending company can typically show you, within minutes:

  1. Corporate name (exact SEC-registered name), and any registered business/brand names (DBAs);
  2. SEC Registration No. (from the Certificate of Incorporation);
  3. SEC Certificate of Authority No. as a Lending Company (with issuance date);
  4. Principal office address (must match what appears on SEC filings);
  5. Latest General Information Sheet (GIS) filed with SEC, naming directors/officers; and
  6. If operating digitally, registered Online Lending Platform (OLP) name(s) that match the app/website branding, with required disclosures (corporate name, SEC Reg. No., CA No.) visible in the app/site and marketing materials.

Tip: A CA is generally effective until suspended/revoked; there’s no “annual renewal sticker.” You verify current validity by checking for revocation/suspension orders or advisories and by matching current operations to what the SEC has on file.

3) Step-by-step: How to verify status (defensible workflow)

Step A — Gather the exact identifiers

Ask the company to write (email/letterhead) the following and attach copies:

  • Exact corporate name and any DBA/trade names used in ads/apps;
  • SEC Registration No. (from incorporation certificate);
  • SEC Certificate of Authority No. (as a Lending Company, not “Financing” unless it truly is one);
  • Principal office;
  • Names of directors/officers and compliance contact;
  • If digital: Official app/website name(s) and any third-party service company operating the app.

Legitimate lenders provide these routinely. Reluctance is a warning sign.

Step B — Check public SEC records (two angles)

  1. Company existence & profile. Use the SEC’s public company lookup / document-request portal to confirm:

    • The corporate name exists and the SEC Reg. No. matches;
    • The company type/classification indicates “Lending Company” (or “Financing Company,” if that’s what they actually are). You can also request copies of filings (e.g., Articles, GIS, Audited FS).

  2. Authority to operate & enforcement status.

    • Look for the Certificate of Authority in their filings or request a certified copy.
    • Search SEC advisories / orders for any revocation, suspension, or show-cause actions naming the company or its app/brand names.
    • For online lenders, check whether the OLP/app name is disclosed by the corporation and appears in SEC postings/advisories.

Practice point: Match brand/app names to the corporate name. Many noncompliant apps hide the true corporation or misuse another company’s numbers.

Step C — Validate documents & details

  • Compare numbers and dates. The CA should identify the same corporation and address as the incorporation/GIS.
  • Look for SEC security features (e.g., QR or control numbers on newer certificates). When in doubt, obtain a fresh SEC certification of records.
  • Cross-check the office. A lending company is required to have a physical principal office; “virtual office only” is suspect for retail lending.

Step D — Confirm OLP compliance (if there’s a mobile app/site)

  • SEC rules require prominent disclosure of the corporate name, SEC Reg. No., and CA No. in the app, website, and advertisements.
  • The loan agreement inside the app must identify the registered corporation as the lender. If the counterparty in the e-contract is a different entity (e.g., a service contractor or foreign company), stop—this often indicates noncompliance.

4) What to ask from the lender (documents checklist)

  • Certificate of Incorporation (SEC).
  • Certificate of Authority to Operate as a Lending Company (SEC).
  • Latest GIS (names of directors/officers; principal office; trade names).
  • Sample loan agreement / disclosure statement (to confirm correct lender name).
  • If digital: Statement listing all OLP/app names used in PH, plus app store links.
  • Optional but helpful: Mayor’s/Business Permit, BIR registration, and confirmation of AMLC enrollment (many lending/financing companies are AMLA “covered persons”).

Red flag: “We are licensed by the BSP” (but they’re not a bank). Non-banks doing lending to the public need an SEC CA. BSP authority does not substitute for the SEC CA.

5) Common red flags (treat as high-risk until disproved)

  • Uses only a DTI Business Name (sole prop) or partnership docs but markets itself as a “lending company.”
  • Cannot produce a Certificate of Authority or gives a CA that belongs to a different company.
  • App name or Facebook page shows a brand that doesn’t match the corporate name disclosed in the contract.
  • Hidden address (no physical office), or address that differs from SEC filings with no documented change.
  • Harassing or doxxing collection practices and “access to contacts/photos” permissions—often a sign of unregistered/rogue OLPs.
  • Claims that “the CA expired but we are renewing”—CAs are generally until revoked/suspended; there’s no routine “expiry.”
  • Foreign platform saying Philippine regulation doesn’t apply while targeting PH borrowers.

6) Special situations & how to handle them

  • Financing company vs lending company If the entity is actually a financing company, it needs a CA under RA 8556. Some market to consumers like lenders—that’s fine only if their SEC records say “Financing Company” and they hold the financing CA. Verify which they are.

  • Cooperatives lending to the public Coops may lend primarily to members under CDA rules. If a coop is lending to the general public, seek legal advice—this may stray into activities requiring SEC/BSP oversight.

  • Agents or service companies Tech or collection service providers may operate the app or call center—but the lender of record in the contract must be the SEC-authorized corporation. Ask for the services agreement (redacted) if roles are unclear.

7) How to document your verification (for audit & disputes)

Create a short due-diligence memo with:

  • Screenshots/PDFs of the SEC lookup result and any SEC certifications obtained;
  • Copies of the CA and incorporation certificate, and the latest GIS;
  • Evidence that the app/site displays the required disclosures;
  • If applicable, copies of SEC advisories showing no adverse actions (or noting any and how they were resolved);
  • A one-page conclusion: “As of [date], [Company] appears/does not appear to be duly registered and authorized by the SEC as a Lending Company. Basis: [list].”

This file becomes your defense if something later proves wrong.

8) If you suspect an unregistered or abusive lender

  • Stop transacting. Do not pay fees or grant data permissions.
  • Preserve evidence. Save screenshots, chat logs, contracts, payment slips, and caller IDs.
  • Report to the SEC (Enforcement/Investor Protection) and to your LGU and/or the National Privacy Commission if there’s data harassment.
  • Consider criminal/civil remedies with counsel—RA 9474 sets penalties for operating without a CA and for other violations; SEC memoranda also prohibit unfair debt collection practices (e.g., harassment, shaming).

9) Quick reference: What you should see (at a glance)

  • Corporate name: “_____ Lending Corp.” (exact, not just a brand)
  • SEC Registration No.: e.g., “CS20xx-xxxxx” (incorporation)
  • SEC CA No.: present, labeled for Lending Company
  • Address: matches filings and disclosures
  • Directors/Officers: per latest GIS
  • App/Website (if any): prominently shows corporate name, SEC Reg. No., CA No. and loan disclosures; the contracting party is the same corporation.

10) FAQs

Q: Is a copy of the CA enough? A: It’s necessary but not sufficient. Also check authenticity (fresh SEC certification if unsure) and current status (no SEC revocation/suspension/advisories).

Q: The lender says, “We’re only a platform; the loans are from a partner.” A: Then the partner making the loans must be the corporation with the SEC CA, and the loan contract should be between you and that corporation. Verify both entities.

Q: Do I need a lawyer? A: Basic checks are DIY. Engage counsel if the amounts are material, the structure is complex (e.g., cross-border app), or you find any red flag.

Bottom line

To be legally allowed to lend to the public in the Philippines, a corporation needs both SEC registration and an SEC Certificate of Authority as a Lending Company. Verify the corporate identity, the CA, current enforcement status, and—if digital—the OLP disclosures and contracting party. Anything less than that is a risk you don’t need to take.

If you want, I can turn this into a printable checklist or a one-page SOP with signature blocks for your team.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login