Illegal and abusive lending remains common in the Philippines—especially online. The safest way to protect yourself is to verify (1) that the entity exists as a legitimate business and (2) that it has the specific authority to engage in lending/financing (because mere business registration is not the same as permission to lend).

This article explains the legal landscape and gives a practical, step-by-step verification method you can apply to lending companies, financing companies, online lending platforms/apps, and other “lenders” you may encounter.

1) Start with the right question: “Registered” or “Authorized to Lend”?

Many scams rely on a half-truth: “SEC-registered kami.” A company can be SEC-registered as a corporation and still be illegal as a lender if it lacks the required authority/license (often called a secondary license or Certificate of Authority) to operate as a lending or financing company.

Two separate legal checkpoints

Entity registration (existence)
- SEC registration (corporation/partnership) or DTI registration (sole proprietorship).
- This answers: “Does this business legally exist?”
Authority to operate as a lending/financing business (permission)
- For lending/financing businesses under SEC jurisdiction, this is typically a Certificate of Authority to Operate as a Lending Company or Financing Company (and related SEC approvals for online operations).
- This answers: “Is it legally allowed to lend as its business?”

Key point: Most public-facing lenders should be both “registered” and “authorized.” A lender that can’t show (or you can’t verify) its authority is a major red flag.

2) Identify what kind of “lender” you’re dealing with

Different lenders are regulated by different agencies. Verifying the right license depends on the lender type.

Lender / Arrangement	Typical Regulator	What you must verify
Lending company (business of granting loans from own capital)	SEC	SEC corporate registration and Certificate of Authority to Operate as a Lending Company (and status: not suspended/revoked)
Financing company (extends credit, leases, installment financing, etc.)	SEC	SEC corporate registration and Certificate of Authority to Operate as a Financing Company
Online lending platform / mobile lending app	SEC (for lending/financing companies using online platforms)	Same as above plus SEC compliance for online platform/app registration/approval requirements (as applicable)
Bank / rural bank / thrift bank	BSP	BSP authority to operate (bank charter/license)
Cooperative offering loans to members	CDA (and sometimes other rules depending on structure)	CDA registration; confirm lending is within cooperative authority (often member-restricted)
Pawnshop	BSP	BSP pawnshop license/authority
“Salary loan” through employer, in-house employee program	Varies	Verify employer identity; written policy; disclosures; ensure no disguised public lending operation
Informal individual lender (“5-6”, private individual)	May be unlicensed	High risk; verify identity and contract; legality depends on facts; abusive collection can still be unlawful

If a business presents itself as a public lender (especially through ads/apps) but cannot identify which regulator governs it and what authority it holds, treat it as high risk.

3) The governing laws you’ll hear cited (and why they matter)

These are the most commonly relevant legal foundations in the Philippines:

Lending Company Regulation Act of 2007 (Republic Act No. 9474) Framework for SEC regulation/oversight of lending companies (and related rules on authority to operate, supervision, sanctions).
Financing Company Act of 1998 (Republic Act No. 8556) Framework for financing companies and their SEC oversight.
Truth in Lending Act (Republic Act No. 3765) Requires clear disclosure of the true cost of credit (interest, fees, charges) to protect borrowers from hidden costs.
Data Privacy Act of 2012 (Republic Act No. 10173) Limits how lenders can collect, use, store, and share your personal data. Harassment and contact-list shaming often intersects with unlawful processing.
Financial Products and Services Consumer Protection Act (Republic Act No. 11765) Strengthens consumer protection and market-conduct enforcement across financial regulators (including SEC-supervised entities where applicable).

There are also SEC rules and memorandum circulars that evolve over time, especially for online lending (disclosures, prohibited acts, app governance, interest/fee presentation, collections conduct, and platform registration requirements).

4) What a legitimate SEC-authorized lender should readily show you

Ask for these before you apply, pay any fee, or share sensitive data:

Exact registered legal name (not just the brand/app name)
SEC registration number and proof of SEC registration (corporate documents)
SEC Certificate of Authority to Operate as a Lending Company or Financing Company
Business address (verifiable office location) and working contact channels
Borrower disclosures (Truth in Lending): written breakdown of principal, interest rate, fees, penalties, total cost, and repayment schedule
For online lenders: privacy notice and data processing details; app permissions limited to what’s necessary

Red flag: “SEC-registered kami” but they refuse to provide the Certificate of Authority (or provide a blurry/altered image without verifiable details).

5) Step-by-step: How to verify SEC registration and authority (practical checklist)

Step 1 — Collect identifiers (do this first)

Get a screenshot/photo or copy of:

Exact legal name (watch spelling, punctuation, “Inc.”, “Corp.”, “Lending”, etc.)
SEC registration number (if provided)
Names of officers/signatories
Office address, landline, email domain
App name + developer name (for apps)
Website and official social pages

Why: Verification fails when scammers give a similar-sounding name.

Step 2 — Verify the entity exists in SEC records

Use SEC’s official verification/record-request channels to confirm:

The entity is registered
The registration details match what the lender claims (name, address, officers)

What you’re looking for:

Confirmation that the company exists
Whether it has compliance issues (e.g., delinquent status) that may affect legitimacy

Practical tip: If you can only verify that a corporation exists, you still have not verified it can legally operate as a lender.

Step 3 — Verify the lender’s “authority to operate” (the crucial step)

Ask for the lender’s Certificate of Authority to Operate and validate it through SEC channels.

Check the certificate for:

Exact legal name matching SEC registration
Type: Lending Company or Financing Company
Certificate number/date and SEC signatory/seal elements
Any conditions, scope, or notes
Whether it appears altered, inconsistent fonts, missing seals, or mismatched names

Then verify the status:

Is the authority active, or has it been suspended/revoked?
Is the company in good standing with reportorial requirements?

Why this matters: A company may have once had authority but later lost it; continuing to lend can still be unlawful.

Step 4 — If it’s an online lending app/platform, verify the app-to-company link

Online scams often impersonate real companies or use a “shell” corporation.

Do these cross-checks:

App store “Developer” name matches (or is clearly linked to) the legal name on SEC records
Official website and app list the same legal name, office address, and contact channels
Loan documents and disclosures show the same legal entity as the one holding the Certificate of Authority
No “personal GCash/bank accounts” for payments unless clearly documented as official company accounts (and even then, be cautious)

Major red flag: The app brand is different and no clear disclosure identifies the legal entity responsible for the loan.

Step 5 — Verify local business legality (LGU and BIR)

Even with SEC authority, legal operation typically requires:

Mayor’s/Business Permit (city/municipality where operating)
Barangay clearance (often part of business permitting)
BIR registration (Certificate of Registration, authority to issue receipts/invoices)

Borrower practical check:

Ask for a copy/photo of the business permit and BIR registration.
Verify the address is a real office (not just a vague location or residential unit used as a front).

Step 6 — Confirm you’re not dealing with the wrong regulator

If they claim to be:

a bank → verify with BSP, not SEC
a cooperative → verify with CDA (and confirm lending scope—often member-based)
a pawnshop → verify with BSP

Scammers often misuse regulatory language (“licensed,” “registered,” “regulated”) without naming the correct regulator and license type.

6) Legality is more than a license: operational compliance you can spot

A lender can be registered and still violate borrower-protection laws. Here are compliance indicators that matter to borrowers.

A) Truth in Lending (RA 3765): required disclosures

A legitimate lender should provide a written disclosure that clearly states:

Amount financed (principal)
Interest rate and how it’s computed
All fees/charges (processing, service, documentary stamps if applicable, etc.)
Penalties, default interest, collection fees
Total amount payable and schedule
Any security/collateral terms (if any)

Red flags:

“Processing fee” deducted upfront without clear written breakdown
Vague “service fee” that effectively hides interest
No total cost disclosed; only daily/weekly repayment shown
Borrower asked to sign blank or incomplete forms

B) Data Privacy (RA 10173): limits on app permissions and shaming tactics

High-risk signs:

App asks for access to contacts, call logs, SMS, photos beyond what’s necessary
Threats to message your contacts/employer/friends
Public posting, doxxing, or humiliating messages
Collecting data about non-borrowers (your contacts) without lawful basis

Even if a lender is licensed, abusive data processing can expose it to complaints and penalties.

C) Collection conduct: harassment and threats

Watch for:

Threats of violence or arrest without lawful process
Pretending to be police/courts
Excessive calls/texts to you and third parties
Using obscene language, public humiliation, or misinformation

Civil remedies and criminal complaints may be possible depending on the conduct and evidence.

7) Common “legal-looking” scams (and how to detect them)

Scam 1: “SEC-registered corporation” but no authority to lend

They show SEC incorporation papers but no Certificate of Authority as a lending/financing company.

Detection: Ask for the Certificate of Authority and verify its status.

Scam 2: “Advance fee” or “deposit before release”

They demand payment first for “insurance,” “processing,” “membership,” “tax,” etc.

Detection: Legitimate lenders may charge fees, but the structure must be disclosed in writing and not used as a pretext to collect money without releasing the loan. Treat “pay first to get the loan” as high risk.

Scam 3: App impersonation (piggybacking on a real company name)

An app uses a name similar to a legitimate lender.

Detection: Match the app’s developer/legal entity and loan contract entity to the SEC-authorized company.

Scam 4: Payment to personal accounts

They instruct payments to a personal GCash number or personal bank account.

Detection: Demand official billing/payment channels tied to the company, supported by documentation and proper receipts.

Scam 5: “Too good to be true” approvals + instant harassment

They approve instantly, then impose extreme penalties, auto-deductions, or contact-shaming.

Detection: Review disclosures, privacy notice, and app permissions before granting access.

8) What to do if you suspect the lender is illegal or abusive

A) Preserve evidence

Screenshots of ads, app pages, permissions requested
Loan contract and disclosures
Payment records and receipts
Texts, call logs, emails, threats, contact-shaming messages
Names/handles/phone numbers used

B) Report to the proper authorities (based on the issue)

SEC: for unregistered/unlicensed lending/financing operations and violations by SEC-supervised lenders
National Privacy Commission (NPC): for data privacy violations (contact harvesting, shaming, unlawful disclosure)
PNP / NBI / local law enforcement: for threats, extortion, cyberharassment, impersonation, other crimes
LGU: for businesses operating without local permits
BSP / CDA: if the entity is falsely claiming to be a bank/pawnshop/cooperative or violating rules under those regulators

C) Know the practical borrower stance

Demand written accounting (principal, lawful charges, payments applied)
Avoid signing new documents under pressure
Communicate in writing where possible
Do not share third-party data (contacts/employer lists) unless truly necessary and lawful

9) One-page borrower checklist (fast screening)

Before applying:

I know the exact legal name of the lender (not just brand/app).
I verified the entity exists in SEC records (or DTI if sole prop, but public lending is typically not run as a sole prop).
I verified the lender has an SEC Certificate of Authority to operate as a Lending Company or Financing Company.
I checked that the authority is not suspended/revoked and the lender is in good standing.
I confirmed a real office address and working contact channels.

Before signing/accepting:

I received a written Truth in Lending disclosure: principal, interest, fees, penalties, total cost, schedule.
The contract entity name matches the SEC-authorized entity.
Fees are clearly explained; no vague “service fees” hiding interest.
For apps: permissions are limited; privacy notice is clear; no contact harvesting.

Red flags (walk away):

“SEC-registered” but no Certificate of Authority to lend/finance.
Advance fees demanded before release without clear lawful structure.
Payments to personal accounts.
Threats, shaming, or pressure to grant invasive phone permissions.

10) Bottom line

To check if a lending company is SEC-registered and operating legally in the Philippines, verify both (1) SEC registration (existence) and (2) SEC authority to operate as a lending/financing company (permission)—and then confirm the lender’s actual practices comply with borrower protections like Truth in Lending and Data Privacy. The most reliable approach is a name-matching, document-matching, status-checking process that connects the brand/app you see to the exact legal entity that holds the authority to lend.