How to Check If an Online Lending App Is SEC-Registered in the Philippines

How to Check If an Online Lending App Is SEC-Registered in the Philippines

This guide explains, in practical and legal terms, how to verify that a lending app operating in the Philippines is properly authorized by the Securities and Exchange Commission (SEC), what documents and registrations to look for, common pitfalls (like brand names vs. corporate names), and what to do if you suspect an illegal lender. It is written for consumers, compliance teams, and fintech partners.

1) Why SEC registration matters

In the Philippines, lending to the public is a regulated activity. Two core statutes apply:

  • Republic Act No. 9474 — the Lending Company Regulation Act of 2007 (LCRA) and its IRR, which require any entity “engaged in the business of granting loans from its own funds” to secure a Certificate of Authority (CA) from the SEC in addition to ordinary corporate registration.
  • Republic Act No. 8556 — the Financing Company Act of 1998, covering financing companies (e.g., those providing credit facilities like consumer or business financing). Financing companies also need an SEC CA.

“Being with the SEC” is not just having a company registered. A lawful lending or financing business must have:

  1. SEC corporate registration (Articles of Incorporation, SEC Registration Number), and
  2. a valid SEC Certificate of Authority to operate as a Lending Company or Financing Company.

For apps, there’s an added layer: the SEC has issued circulars regulating Online Lending Platforms (OLPs) and debt-collection practices, requiring disclosures, proper conduct, and—in practice—registration of the platforms used by authorized companies.

Operating without a CA, using unapproved online platforms, or engaging in abusive collection are grounds for enforcement, including cease-and-desist orders, criminal/administrative sanctions, and takedowns from app stores.

2) The essentials you must verify

A. Corporate registration vs. Certificate of Authority (CA)

  • Corporate Registration shows the entity exists as a corporation under Philippine law.
  • Certificate of Authority (distinct document) shows the SEC has authorized that corporation to do lending/financing business.
  • Both are required to legally lend to the public.

B. Correct type of authority

  • A company lending retail/personal loans should have a CA as a Lending Company (LCRA).
  • A company offering broader credit products (e.g., installment financing, BNPL via balance sheet) may be a Financing Company (RA 8556).
  • Some apps are brokers/marketplaces matching borrowers with partner lenders. Brokers do not themselves lend; the actual lender(s) must hold a CA.

C. Online Lending Platform (OLP) compliance

  • SEC issuances on OLPs require that each domain/app brand used by a lending/financing company be properly disclosed/registered with the SEC.
  • The brand name in the app store frequently differs from the corporate name on the CA. You must tie the brand to the authorized company.

D. Debt-collection rules

  • SEC circulars prohibit unfair debt-collection (e.g., threats, harassment, doxxing, “shaming,” unauthorized contact-list harvesting).
  • The Data Privacy Act (DPA) also applies: any collection/processing of personal data must be lawful, proportionate, and consent-based.

3) Step-by-step: How to check if an app is SEC-registered

Goal: Confirm the corporate identity, Certificate of Authority, and platform/app registration match what the app claims.

Step 1: Identify the true corporate name behind the app

  • Open the app listing (App Store/Play Store) and the in-app “About,” “Developer,” “Terms,” or “Privacy Policy” page.
  • Note the corporate name, principal office address, and contact details stated there.
  • If only a brand is given, look for phrases like “operated by,” “powered by,” or “issued by” to find the corporate entity.

Tip: The developer name in the app store should be consistent with the corporate name or a legally related entity (parent/subsidiary). If not, this is a yellow flag—dig deeper.

Step 2: Check the SEC corporate registration

  • Search the SEC’s public registry for the exact corporate name (watch spelling and punctuation).
  • Confirm: SEC Registration Number, Date of Registration, and status (active).
  • This step only proves the company exists—it does not prove it can lend.

Step 3: Check for a Certificate of Authority (CA)

  • Look up the SEC list of companies with valid CA for Lending Companies or Financing Companies.
  • Confirm the company’s exact name appears and that its CA is active (not suspended/revoked).
  • If the company is absent from the CA list—or appears on revoked/suspended lists—it cannot legally lend.

Document to request from the app: A copy of its SEC CA (it will show the corporate name, authority type, and date of issuance). Screenshots inside the app or on their website are fine for preliminary checks, but the SEC public lists are the authoritative source.

Step 4: Verify Online Lending Platform disclosure/registration

  • Check if the app brand, website domain(s), and platform are registered/disclosed by the same CA-holding company.
  • Many illegal apps borrow or mimic the names of legitimate companies—your check must match corporate name ⇄ CA ⇄ platform/brand.

Step 5: Cross-check for SEC advisories/cease-and-desist orders

  • Review the SEC’s public Advisories and Enforcement pages for the app brand and the corporate name.
  • If the app or operator appears in advisories (e.g., “not authorized to solicit investments or lend”) or is subject to a CDO, treat as red flag.

Step 6: Check for DPA and collection-conduct compliance

  • Review the app’s Privacy Policy and Permissions (contacts, photos, messages).
  • Apps should not require phonebook/contact access to enforce loans—this is a hallmark of abusive collection.
  • If you experienced harassing calls/texts, threats, or “shaming,” these likely violate SEC rules and the DPA.

Step 7: (If applicable) Payments & partners

  • If the app processes payments, check who the payment partners are (banks/e-wallets). While not determinative, legitimate lenders typically use reputable, regulated payment channels.
  • If the app claims “BSP-licensed lender,” be cautious: lending authority comes from the SEC, not the BSP. (BSP licenses banks/e-money/OPS, not lending authority under LCRA/RA 8556.)

4) Red-flags checklist (quick triage)

  • No SEC CA (only corporate registration shown).
  • Mismatch between app brand and corporate name on the CA.
  • Unverifiable address or shell office.
  • Demands contact-list access or threatens to message your contacts.
  • Harassment/shaming during collection; abusive or threatening language.
  • Hidden or changing developer names across app updates.
  • Fake “government permits” (e.g., barangay permits presented as lending authority).
  • Unclear pricing (no APR/effective interest disclosure; excessive fees).
  • Short-lived rebrands (apps disappear and reappear under near-identical names).

5) What lawful apps typically display

A compliant lending app commonly provides:

  1. Corporate details: exact corporate name, SEC Registration No., principal office, and SEC CA No.
  2. Type of authority: Lending Company or Financing Company.
  3. Pricing disclosures: interest rate, fees, penalties, and effective interest (APR or equivalent).
  4. Privacy: DPA-compliant policy, data retention, third-party processors, and lawful bases.
  5. Complaints channels: email/phone, address, and escalation paths (SEC, NPC).
  6. OLP disclosure: the app/website is the official platform of the named CA-holder.

6) If you suspect an illegal lender

Preserve evidence:

  • Screenshots of the app listing, in-app pages (About, Privacy), chats/texts, call logs, and payment proofs.
  • Copies of any threatening or shaming messages.
  • The loan agreement or in-app terms (screens or PDFs).

Report to the proper authorities (depending on the misconduct):

  • SEC (Enforcement and Investor Protection): for unlicensed lending, misrepresentation, OLP violations.
  • National Privacy Commission (NPC): for privacy/data abuses (contact scraping, public shaming, doxxing).
  • PNP–Anti-Cybercrime Group or NBI–Cybercrime Division: for threats, extortion, cyber harassment.
  • DTI (consumer complaints) and app stores (policy violations), if relevant.

Consumer actions:

  • You may demand deletion of unlawfully collected personal data (DPA rights).
  • If subjected to illegal collection practices, you can formally complain to SEC/NPC and request investigation and sanctions.
  • Consider independent legal advice for contract disputes or damages claims.

7) Special cases and nuances

  • Marketplace/Broker apps: If the app is merely a broker, it should clearly disclose the actual lender(s) extending credit and those lenders must each have a valid CA.
  • Group structures: Some groups use one entity to hold the CA and another to operate the tech. That’s acceptable only if the CA-holder is clearly identified as the lender, and the OLP disclosure ties the platform to the CA-holder.
  • Name changes: Corporate renamings occur; the SEC lists will reflect the new corporate name. Apps should update their disclosures accordingly.
  • Revocations/suspensions: A company once on the CA list may get suspended/revoked—always check current status, not historic presence.

8) Due-diligence workflow you can reuse (one-pager)

  1. Capture the app brand and developer name (from the store and in-app).
  2. Find the exact corporate name operating the app.
  3. Confirm SEC corporate registration for that name.
  4. Confirm SEC Certificate of Authority (lender/financier) is active.
  5. Match the app/website (OLP) to the CA-holding company.
  6. Screen SEC advisories/CDOs for the brand and the corporation.
  7. Review privacy & collection practices against SEC/NPC rules.
  8. Document findings and retain evidence.

9) Frequently asked questions

Q1: Is a DTI or LGU business permit enough? No. Those are general business permits. Lending to the public requires the SEC CA.

Q2: The app says the lender is “BSP-licensed.” Is that sufficient? No. The SEC grants lending/financing authority. BSP licenses other activities (banks, e-money, OPS) but not LCRA/RA 8556 authority.

Q3: The app’s brand is missing from SEC lists, but the company name appears. Is that okay? Only if the brand/platform is properly disclosed/registered under the same CA-holding company. Brand-to-company mismatch is a red flag.

Q4: Can a sole proprietorship legally operate a lending app? No. Lending/financing must be conducted by a corporation with an SEC CA.

Q5: What if the app was once legal but the CA is now revoked/suspended? It must stop lending. Continuing to lend or collect as if authorized exposes it to enforcement and potential criminal/administrative liability.

10) Bottom line

To be lawful in the Philippines, a lending app must have:

  • A Philippine corporation (SEC-registered), and
  • An active SEC Certificate of Authority (as a Lending Company or Financing Company), and
  • Properly disclosed/registered online platform(s) aligned with that CA, and
  • Compliant collection and privacy practices.

Anything less places the app—and anyone partnering with it—at regulatory risk. When in doubt, verify the CA and make sure the brand ⇄ platform ⇄ corporate name all line up.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login