How to Check if a Lending Company is Legitimate in the Philippines

Philippine legal context • Practical, step-by-step guide • For informational purposes only (not legal advice). Laws and rules change—verify details with official regulators before you sign anything.

1) Know who regulates what

Different institutions supervise different types of lenders in the Philippines:

Securities and Exchange Commission (SEC) – regulates lending companies and financing companies (including many online lending apps tied to a Philippine corporation).
Bangko Sentral ng Pilipinas (BSP) – supervises banks, quasi-banks, electronic money issuers, payment system operators, pawnshops, and digital banks.
Cooperative Development Authority (CDA) – supervises cooperatives that lend only to their members.
Microfinance NGOs – accredited under the Microfinance NGOs Act and overseen by the Microfinance NGO Regulatory Council (MNRC).
National Privacy Commission (NPC) – enforces the Data Privacy Act (applies to all lenders handling personal data).
Department of Justice/NBI/PNP – for criminal acts (e.g., threats, extortion, identity theft).

Bottom line: a Philippine lender must be under the right regulator (SEC, BSP, CDA, or MNRC) and hold the proper license/authority—mere business registration is not enough.

2) The quick legitimacy checklist (10-minute self-audit)

Ask: “What kind of entity are you?”
- Lending/financing company? → Should be an SEC-registered corporation with a Certificate of Authority (CA) to operate as a lending or financing company (the CA is separate from the incorporation certificate).
- Bank, pawnshop, EMI? → Must be BSP-supervised.
- Cooperative? → Must be CDA-registered and may lend only to members.
- Microfinance NGO? → Must show MNRC accreditation.
Get the exact license details (and write them down).
- For SEC-regulated entities: Company name (exact spelling), SEC Registration No., CA No., date issued, head office address, and branch address you’re dealing with.
- For BSP-supervised: bank/pawnshop license and principal office/branch.
- For coops: CDA Registration No. and proof you’re a member.
Confirm identity documents.
- BIR Certificate of Registration (Form 2303), Mayor’s/Business Permit for the location, and official receipts bearing the same registered name and TIN.
- Names and IDs of authorized signatories; if a representative is signing, ask for a Board Resolution/Special Authorization.
Check the name vs. paperwork vs. app/website.
- The corporate name on the certificate, receipt, contract, app/website, and branch signage should match. Mismatches are red flags.
Demand the legally required disclosures (before you sign).
- Under the Truth in Lending Act, you must receive a Disclosure Statement (or equivalent) showing all finance charges, total amount of obligation, schedule of payments, and the effective cost of credit. Refusal is a red flag.
Review privacy & permissions.
- No blanket access to your contacts, photos, call logs, or location without a clear, necessary purpose and freely given consent. You have rights to access, correct, and delete data under the Data Privacy Act.
Inspect collection policies.
- Harassment, shaming, threats, or contacting your relatives/employer without lawful basis are unfair collection practices. Legitimate lenders have written, compliant collection policies and a customer complaints process.
Refuse incomplete or blank documents.
- Never hand over blank post-dated checks, signed blank forms, or IDs/ATMs to be “held” by the lender.
Watch out for “advance release fees.”
- Be wary if asked to pay up-front before any verifiable approval with written terms.
Ask for a sample amortization table.

Make sure installments add up to the disclosed total cost; look for hidden add-ons disguised as “processing,” “service,” or “app” fees.

3) Deep-dive: What documents a legitimate lender should show you

Corporate credentials (depending on regulator):
- SEC lending/financing company:
  - Certificate of Incorporation and Articles of Incorporation/By-Laws
  - Certificate of Authority (CA) to operate as a Lending/Financing Company
  - Latest General Information Sheet (GIS) or public details of directors/officers
- BSP-supervised entities: Approval/authority/registration appropriate to the business (bank, pawnshop, EMI, PSO).
- CDA-registered cooperative: CDA certificate and your membership records.
- Microfinance NGO: MNRC accreditation.
Local compliance: Mayor’s/Business Permit, BIR Form 2303, Official Receipt series.
Contract set you can take home before committing:
- Loan Agreement/Promissory Note, Disclosure Statement, Schedule of Payments, Data Privacy Notice & Consent, Collection policy summary, and Complaint handling procedure.

4) Special notes for online lending apps (OLPs)

An app must be tied to a Philippine-registered entity (usually an SEC-licensed lending/financing company).
Look for full corporate name, SEC Reg. No., and CA No. within the app, not just on ads or social pages.
Data Privacy: Legit apps provide a clear privacy notice, list of data collected, purpose, retention period, and contact details of their Data Protection Officer (DPO).
Permissions should be proportionate (e.g., ID capture and selfie for KYC is reasonable; scraping contact lists to “guarantee” collections is not).
Collections must be professional—no shaming, no threats, no contacting third parties except as allowed by law.

5) Pricing, interest, and fees—what’s “legal” vs. “fair”

The old Usury Law ceilings are not in force (interest caps were long suspended), but courts can still strike down unconscionable interest and penalties.
Truth in Lending requires clear, written disclosure of every charge (interest, service/processing fees, late charges, collection fees, insurance, taxes like documentary stamp, etc.).
Many regulators have issued guidance and, at times, caps/limits for specific products or segments (e.g., certain small-value/short-term consumer loans, credit cards). These change over time—ask the lender to cite the rule they follow and show it in writing.

Practical check: If the lender advertises “0% interest” but loads “processing,” “platform,” or “convenience” fees so your total cost is high, that can still be misleading or unfair even if “interest” is labeled as zero.

6) Red flags (often seen in scams or illegal lending)

No SEC/BSP/CDA/MNRC credentials, or they only show a DTI certificate (DTI alone is not enough for lending to the public).
Name mismatch between the company certificate, receipts, contracts, and the app/website or branch signage.
Advance payment required before release “to expedite.”
Keeping your ATM card, PIN, passbook, or IDs (“sangla-ATM” and similar).
Blank/undated documents, or pressure to sign without copies.
Harassment/shaming via texts, calls, or social media; contacting your phonebook.
“Guaranteed approval” with no KYC (legitimate lenders perform KYC/identity checks).
Foreign entity only, no Philippine presence or license, but actively lending to residents.

7) Your rights as a borrower (key Philippine laws to know)

Truth in Lending Act (RA 3765) – right to clear, prior disclosure of all loan costs.
Financial Products and Services Consumer Protection Act (RA 11765) – bans abusive collection, misrepresentation, and unfair practices; requires complaints handling by regulated entities; empowers regulators to sanction violators.
Data Privacy Act (RA 10173) – protects your personal data; you can withdraw consent, access/correct/erase data in many cases, and complain to the NPC for violations.
Revised Corporation Code (RA 11232), Lending Company Regulation Act (RA 9474), Financing Company Act (RA 8556) – set licensing/operating requirements for corporate lenders.
E-Commerce Act (RA 8792) – recognizes electronic documents and signatures, subject to authenticity and consent.

8) How to verify—step-by-step (offline plan you can follow today)

Goal: Collect evidence that the lender is under the right regulator and is following core consumer-protection rules.

Collect identifiers from the lender: full legal name, SEC/BSP/CDA/MNRC numbers, CA No., office/branch address, DPO contact, and hotline. Take photos/scans of certificates shown to you.
Ask for the full loan pack: draft Loan Agreement/PN, Disclosure Statement, Amortization Schedule, Privacy Notice/Consent, Collection Policy, and Customer Complaints procedure.
Read the disclosures: confirm the total amount you will pay, all fees, and late-payment charges; compare ad claims vs. documents.
Cross-check names on permits and receipts vs. the contract and app/website.
Decline if: they can’t produce a CA (for SEC-regulated lenders), refuse disclosures, pressure you to sign immediately, or demand access to your contacts/photos without clear necessity.
Keep copies (digital and printed). Photograph the office signage and any posted licenses.

9) If something feels off—where to complain

SEC (for lending/financing companies) – report unlicensed activity, fake CA, unfair practices, or online lending abuse.
BSP (for banks/pawnshops/EMIs/PSOs) – for conduct of BSP-supervised entities.
CDA (for cooperatives) – especially if a coop lends to non-members.
National Privacy Commission (NPC) – for privacy violations, phonebook scraping, doxxing/shaming.
NBI/PNP/DOJ – for criminal harassment, threats, extortion, identity theft, or fraud.

Tip: When you complain, attach screenshots, contracts, receipts, and the lender’s stated license numbers. A crisp timeline (dates, amounts, who said what) speeds up action.

10) FAQs

Q: Is a DTI Business Name certificate enough? A: No. Lending to the public requires the proper license/authority from the correct regulator (e.g., SEC CA for lending/financing companies). DTI alone is not sufficient.

Q: Are “5-6” lenders legal? A: Only if they are properly licensed and follow the law (disclosures, fair collection, data privacy, etc.). Most informal “5-6” setups are unlicensed.

Q: The app says it’s “partnered” with a licensed company. Is that okay? A: The entity actually offering the loan must itself be properly licensed, and the app/platform must accurately represent that relationship. Partnerships don’t substitute for the lender’s own license.

Q: Can they contact my employer or relatives? A: Only under lawful, limited circumstances (e.g., verifying employment if you consented). Harassment/shaming is prohibited.

Q: They say interest is “0%” but there are big fees. A: All charges must be clearly disclosed; “0% interest” with heavy fees can still be misleading or unfair.

11) One-page borrower toolkit (copy/paste checklist)

Before I apply:

I identified the regulator (SEC/BSP/CDA/MNRC) and got the exact license/authority number.
The company/app/branch name matches the license and receipts.
I received a Disclosure Statement with all fees and full payment schedule.
I saw the Data Privacy Notice, and permissions are proportionate (no phonebook scraping).
I understand late fees/penalties and complaint handling steps.
No advance fee required before verifiable approval.
I keep copies of certificates, permits, and the loan pack.

If problems occur:

Preserve screenshots, contracts, receipts, and messages.
File complaints with the proper regulator and, for privacy/harassment, the NPC; escalate to NBI/PNP for criminal conduct.

12) Final reminders

Only corporations can engage in public lending as lending companies under Philippine law; sole proprietorships/partnerships aren’t allowed to operate as such.
A Certificate of Authority (CA) (for SEC lenders) is separate from the incorporation certificate and is essential.
Disclosures and privacy are not optional; refusal is a walk-away signal.
Court doctrine allows reduction of unconscionable interest/penalties, but avoiding a bad contract is far better than litigating later.

If you want, share the company/app name and the license details they provided—I can walk through the checklist line-by-line and help you spot gaps or risky terms.