How to Check If a Lending App Is Legit in the Philippines: SEC Registration and Your Consumer Rights

Philippine legal guide (practical, plain-English). This is general information, not legal advice.

---

1) Why this matters

Lending apps are convenient, but many operate illegally—charging abusive fees, harvesting contacts, and shaming borrowers. In the Philippines, legitimate consumer-lending apps must be operated by companies authorized by the Securities and Exchange Commission (SEC) and must observe strict conduct and data-privacy rules. Knowing the checklist—and your rights—helps you avoid scams and stop harassment.

---

2) The legal framework (quick map)

• Lending Company Regulation Act of 2007 (R.A. 9474) and its IRR → Requires a Certificate of Authority (CA) from the SEC to operate a lending company.

• Financing Company Act of 1998 (R.A. 8556) → Similar CA requirement for financing companies (often larger ticket/longer-term credit).

• Financial Products and Services Consumer Protection Act (R.A. 11765, “FCPA”) → Bill of rights for financial consumers; empowers the SEC to enforce fair treatment, transparency, and redress.

• Data Privacy Act of 2012 (R.A. 10173) and NPC rules → Limits what borrower data can be collected/used; protects you from doxxing and contact-shaming.

• SEC regulations on online lending → Include: (a) registration/notification of online lending platforms (OLPs); and (b) prohibition of unfair or abusive collection practices (e.g., threats, public shaming, contacting your phonebook).

• Interest/fee caps for small, short-term unsecured loans → The SEC has set specific ceilings for certain “payday-style” loans (e.g., maximum nominal monthly interest and total cost caps, plus limits on late penalties). Always compare the app’s stated rates to the latest SEC caps.

Banks and e-money issuers are supervised by the BSP (not the SEC). Most non-bank lending apps are SEC-regulated. If an app claims to be “just a marketplace” but actually offers/collects loans, it still needs the proper authority.

---

3) The legitimacy checklist (step-by-step)

A. Identify the legal entity behind the app

• Find the exact corporate name (not just the brand). Look in:

  • App listing (“Developer” or “Offered by”)
  • Website footer/“About”
  • In-app “Terms” or “Privacy Policy”

• Red flag: Only a brand name or a foreign shell with no Philippine address.

B. Verify SEC Registration and the Certificate of Authority (CA)

• A corporation may be SEC-registered without being authorized to lend. You need both:

  1. SEC Company Registration (e.g., “SEC Reg. No. CS20xx-xxxxx”), and
  2. Certificate of Authority to Operate as a Lending/Financing Company (CA No. …).

• These identifiers should appear prominently in the app/website and borrower documents.

  • If missing, that’s a major red flag.

C. Confirm the app/platform itself is registered/notified with the SEC

• SEC requires companies to register or notify their online lending platforms (OLPs)—including app names and websites.
• Red flag: The company is legit, but the particular app name you’re using isn’t in its list of registered/approved platforms.

D. Check for SEC advisories or orders

• Even registered companies can be subject to Advisories, Show-Cause, Cease-and-Desist, or Revocation orders for violations (e.g., harassment, unlawful data use, excessive fees).

E. Match the disclosures

• Corporate name and SEC/CA numbers must match across:

  • App store listing
  • App splash/about screens
  • Loan agreement / e-contract
  • Official receipts and repayment instructions (avoid paying to personal e-wallets or accounts)

• Contact details: Philippine principal office address, hotline, and complaint channels.

---

4) What a legit lending app must show you before you borrow

Under SEC rules, the FCPA, and good-practice standards, you should see:

1. Clear pricing

   • Principal, interest rate (per month and per annum), all fees/charges, APR or Effective Interest Rate where applicable, total amount due, and repayment schedule.
   • For short-term micro-loans, verify compliance with SEC rate/total cost caps and late-penalty limits.

2. Fair terms

   • No hidden “processing” fees deducted after quoting the loan.
   • No abusive prepayment penalty (prepayment should generally reduce interest on remaining term).

3. Proper consent and privacy

   • A plain-language privacy notice: what data are collected, why, how long, who they share with.
   • Only necessary permissions. Contact scraping, photo gallery access, and SMS reading are not needed to process a small loan and indicate risk of harassment.
   • Data retention and deletion policies; a channel to withdraw consent and request erasure when appropriate.

4. Complaint handling

   • An internal consumer assistance and redress process with response timelines.
   • Escalation paths to the SEC/NPC (and law enforcement for threats).

---

5) Interest, fees, and penalties: what’s allowed?

• Usury ceilings were lifted decades ago, but the SEC imposes caps for small, short-term, unsecured loans (the typical “payday” app loan).

• Expect to see:

  • A maximum monthly interest rate (nominal) and a cap on the total cost of credit (interest + allowable fees) for loans within the scope of the SEC circular.
  • Late penalties capped (commonly expressed as a % per month of the unpaid amount).

• If the quoted numbers exceed those caps—or are unclear/omitted—treat that app as non-compliant.

Tip: Focus on the Total Cost of Credit and APR to compare offers fairly. A “0% interest” claim with big “processing” or “service” fees is misleading.

---

6) Collections: what they may not do

The SEC prohibits unfair or abusive debt-collection practices. Illegal acts include:

• Harassment, threats, or profane/obscene language
• Public shaming: posting on social media, mass texts, or contacting your phonebook, employer, or relatives to shame you
• False representations: pretending to be a lawyer/police, threatening criminal cases for mere non-payment (ordinary loan default is civil, not criminal)
• Contacting you at excessive frequency or at unreasonable hours
• Adding unauthorized fees or charging interest beyond caps
• Retaining or misusing your personal data beyond what’s necessary/consented to

Data Privacy angle: Even if you granted broad permissions in a hurry, consent must be informed, freely given, and specific. Bulk-messaging your contacts is not a legitimate purpose and is sanctionable under the Data Privacy Act.

---

7) If you’re already dealing with a suspicious or abusive app

A. Preserve evidence

• Screenshots of the app listing, terms, in-app messages, threats, caller IDs, payment instructions, receipts.
• Loan contract, disclosures, fee breakdowns.
• Dates and times of calls/texts; copies of messages sent to your contacts.

B. Cut data access safely

• Revoke app permissions (Contacts, SMS, Storage, Camera).
• If necessary, uninstall; keep backups of evidence first.

C. Complain and escalate (parallel tracks help)

1. Company complaint desk: Demand a written response, citing R.A. 11765 and the SEC rules on abusive collections.
2. Securities and Exchange Commission (SEC): File a complaint about unregistered lending, OLP violations, rate-cap breaches, or abusive collections.
3. National Privacy Commission (NPC): Report contact-shaming/doxxing, over-collection, or unlawful processing of personal data.
4. Law enforcement (PNP-ACG / NBI-Cybercrime): For extortion, threats, identity theft, or other crimes.
5. Telco/Platform reporting: Report spam/abuse to your carrier and report the app in the app store.

Keep communicating in writing and ask for a case/reference number from each agency.

D. Negotiate what you actually owe

• You remain liable for the principal plus lawful charges—not junk fees or illegal penalties.
• Request a recalculation consistent with SEC caps and the written contract.
• If they refuse, you may consign payment of the lawful amount or seek help from a lawyer or a legal aid clinic.

---

8) Practical due-diligence routine (borrower’s workflow)

1. Confirm the entity: Corporate name, SEC Reg. No., CA No., address, hotline.
2. Confirm the platform: App/website name appears in the company’s SEC-registered OLPs.
3. Scan disclosures: Total cost, sample amortization, late fees, prepayment policy.
4. Check advisories: Any SEC actions against the entity/brand?
5. Test support: Email/chat hotline, response time, standard repayment channels (no personal accounts).
6. Privacy check: Minimal permissions; plain-language privacy policy; data retention and deletion.
7. Decide: If anything feels off, walk away.

---

9) Common red flags

• No CA number, or refusal to show it
• Entity name on the contract doesn’t match the app store “Developer”
• Payment to personal bank/e-wallet accounts
• “0% interest” but huge “processing/service/fast-cash” fees
• Requires Contacts/SMS access to “verify” you
• Shaming tactics in reviews or social posts about the app
• Impossible repayment windows (e.g., 5–7 days) with compounding penalties
• Threats of criminal cases for mere late payment

---

10) Your rights as a financial consumer (highlights under R.A. 11765 & DPA)

• Right to disclosure and transparency: Clear pricing and terms before you borrow.
• Right to fair treatment: No harassment, deception, or unfair contract terms.
• Right to data privacy: To be informed, object, access, correct, erase/block data, and claim damages for violations.
• Right to redress: Access to internal complaints handling and to regulators.
• Right to suitable products: No predatory targeting of clearly unsuitable borrowers.
• Right to security: Reasonable safeguards against data breaches.

---

11) FAQs

Q: Is SEC “company registration” enough? No. Lending and financing require a Certificate of Authority. Ask for the CA number.

Q: The app is on Google Play/App Store—does that mean it’s legit? No. Store presence is not regulatory approval.

Q: Can they message my boss or family if I’m late? No. That is an abusive collection practice and a likely data-privacy violation.

Q: I tapped “Allow Contacts.” Did I waive my rights? No. Consent must be informed and necessary. Bulk-shaming your contacts is unlawful.

Q: What interest is “legal”? Courts may void unconscionable rates, and the SEC has specific caps for small, short-term unsecured loans. Compare the app’s numbers to those caps and to what’s in the contract.

---

12) Simple complaint template (you can adapt)

Subject: Complaint re: Unfair Collection / Privacy Violations – [Your Name], [Loan/App Name] To: Compliance Officer / Customer Support

I am a borrower under [Company Legal Name] (SEC Reg. No. [•], CA No. [•]). Since [date], your representatives have [threatened/harassed/contacted my employer/contacts], which is prohibited under SEC rules on unfair collection practices and the Data Privacy Act (R.A. 10173).

I demand that you (1) cease all unlawful collection acts; (2) delete unlawfully obtained or unnecessary personal data (including data from my contacts); (3) confirm in writing within 5 business days; and (4) provide a revised statement of account reflecting only lawful charges, consistent with SEC caps.

Failure to comply will result in formal complaints with the SEC and NPC, and referral to law enforcement for any threats.

Name / Mobile / Loan Ref. / Dates

---

13) Pre-loan safety tips

• Borrow only what you can repay; prefer payroll deductions with your employer or reputable lenders you can visit.
• Use official payment channels; keep receipts.
• Never send selfies/IDs through chat to “agents.” Upload only through the app’s secure KYC flow.
• Read user reviews for patterns of harassment and hidden fees (treat one-star clusters as smoke).
• Keep a paper trail: screenshots, emails, receipts.

---

14) One-page quick check (save this)

1. Company: Legal name + SEC Reg. No. + CA No. (must all exist and match)
2. Platform: App/website name is registered/notified with SEC under that company
3. Pricing: Clear total cost; within SEC caps; no junk fees
4. Privacy: Minimal permissions; no contact scraping
5. Collections: No threats/shaming; proper complaint desk

---

If you want, I can turn this into a printable checklist or fillable complaint letter you can use right away.