How to Check Legitimacy of Lending Companies in the Philippines

How to Check the Legitimacy of Lending Companies in the Philippines

Updated for Philippine law and practice; general guidance only and not a substitute for legal advice.

1) Why “legitimacy” matters

Borrowing from an illegitimate lender can expose you to:

  • void or unenforceable contracts,
  • abusive and unlawful collection practices,
  • identity theft and data privacy violations,
  • difficulty disputing charges or securing remedies.

Legitimacy is primarily a question of regulatory authority, corporate status, and compliance with conduct rules.

2) Regulatory map: who supervises whom

  • Securities and Exchange Commission (SEC) – registers corporations and licenses (issues a Certificate of Authority, “CA”) to Lending Companies (LCs) under the Lending Company Regulation Act of 2007 and to Financing Companies (FCs) under the Financing Company Act of 1998. SEC also regulates online lending platforms/apps and enforces rules against abusive collection.
  • Bangko Sentral ng Pilipinas (BSP) – supervises banks, quasi-banks, pawnshops, and money service businesses. If the entity is a bank (e.g., thrift/rural/universal bank) or a pawnshop, legitimacy is checked with BSP, not the SEC.
  • National Privacy Commission (NPC) – enforces the Data Privacy Act for all personal-data processing (including lending apps).
  • Local Government Units (LGUs) – issue business permits and mayor’s permits for local operations/branches.
  • Credit Information Corporation (CIC) – receives borrower credit data from submitting entities (many legitimate lenders submit).

Key takeaway: A legitimate non-bank lender must be a SEC-registered corporation with a valid SEC Certificate of Authority to operate as a lending/financing company. Registration alone is not enough; the CA is the license.

3) The quick, practical legitimacy checklist

Use this as a step-by-step due-diligence flow:

  1. Identify the entity type

    • If it calls itself a bank or pawnshop → check BSP supervision.
    • If lending/financing company → check SEC registration and a valid CA.

  2. Corporate existence

    • Must be a corporation (not a sole proprietorship/partnership) if it is an LC/FC.
    • Verify exact corporate name, SEC Registration Number, date of incorporation, and principal office.

  3. License to operate

    • Ask for the SEC Certificate of Authority (CA) specific to lending or financing.
    • Check status (valid/suspended/revoked), issue date, and trade/brand names used in advertising.

  4. Online/app operations (if any)

    • Their app/website name should match a registered online lending platform tied to the licensed company.
    • App permissions must be proportionate (e.g., no broad, unnecessary phone contact scraping); intrusive permissions are a red flag.
    • Look for a privacy notice, DPO (Data Protection Officer) contact, and a lawful basis for processing.

  5. Disclosure and documents

    • Truth in Lending disclosures: finance charge, effective interest rate, all fees and penalties must be clear, written, and given before you commit.
    • Contract quality: corporate name (not just a brand), CA number, office address, signatures, and clear repayment schedule.
    • Receipts: official receipts and lawful collection channels (no personal e-wallets of collectors).

  6. Business permits/branch transparency

    • For physical branches, look for current mayor’s/business permits posted on-site.

  7. Conduct rules

    • No harassment or doxxing in collections, no threats, no public shaming, no contacting your entire phonebook, no profanity.
    • No misrepresentation (e.g., pretending to be law enforcement).

  8. Reputation and enforcement history

    • Check if the company (or its app name) has been subject to prior SEC actions (e.g., suspensions, cease-and-desist orders).
    • Review complaint channels activity and resolution patterns.

  9. Credit reporting

    • Ask whether they submit to CIC; while not dispositive, compliant lenders often do.

  10. Pricing and fairness

  • There is no general usury cap (interest ceilings were lifted), but unconscionable interest/penalties can be voided or reduced by courts.
  • Watch for stacked fees (processing, service, convenience) and excessive penalty rates.

4) Understanding the main legal pillars

4.1 Lending Company Regulation Act (LCRA)

  • Requires anyone “engaged in the business of granting loans from their own funds” as a lending company to be:

    • a Philippine corporation,
    • SEC-registered, and
    • licensed via a Certificate of Authority before operating.

  • Imposes minimum paid-in capital and other corporate governance requirements.

  • Violations can lead to revocation of CA, fines, and criminal liability.

4.2 Financing Company Act (FCA)

  • Covers financing companies (e.g., installment purchases, credit facilities, leasing).
  • Similar regime: SEC registration as a corporation plus a CA to operate as an FC.

4.3 Truth in Lending Act (TILA)

  • Mandates clear disclosure of the true cost of credit (finance charges, effective interest), before consummation.
  • Non-compliance can be a defense in disputes and a basis for regulatory complaints.

4.4 Data Privacy Act (DPA)

  • Lenders must have:

    • lawful basis (e.g., contract, consent, legitimate interests),
    • privacy notice, purpose limitation, data minimization, security measures,
    • a Data Protection Officer (DPO) and breach protocols.

  • Unnecessary contact scraping, public shaming, and non-consensual disclosure of debt violate DPA and SEC conduct rules.

4.5 Debt collection standards

  • SEC rules prohibit threats, profanity, humiliation, and third-party disclosures.
  • Contacting borrowers must be reasonable in time, place, and manner; workplace contact requires care; contacting references is limited.

4.6 Interest, fees, and penalties

  • The Usury Law ceilings are suspended, but courts may strike down unconscionable rates (case law has repeatedly reduced high monthly rates and penalty stacking).
  • Transparency and reasonableness remain key; hidden or cascading charges are red flags.

5) Red flags that usually indicate illegitimacy

  • No SEC CA (only shows a basic SEC registration or none at all).
  • Uses sole proprietorship/DTI certificate to present as a lending company.
  • Brand/app name not traceable to the licensed corporate name.
  • Collectors demanding payment to personal e-wallets or accounts.
  • Harassing messages, “contact-list blasting,” threats of arrest or public shaming.
  • No written contract or contracts missing required disclosures.
  • Unrealistic promises (instant large loans, “0% for everyone,” guaranteed approvals with upfront “activation” fees).

6) How to do a thorough verification (playbook)

  1. Ask for documents: SEC Certificate of Incorporation, Articles/By-laws, and, crucially, the SEC Certificate of Authority (CA) to operate as an LC/FC. Note the CA number.

  2. Match names: The brand, app, or storefront name should map to the corporate name on the CA; if not, ask for proof the brand is officially used by the licensed company.

  3. Confirm branch legitimacy: Request the branch’s mayor’s permit. Check it contains the same corporate name and address.

  4. Review disclosures: Prior to disbursement, the lender must give a written TILA disclosure: principal, total finance charges, effective rate, schedule, all fees/penalties.

  5. Contract sanity check:

    • Clear repayment schedule and grace/penalty terms,
    • Data privacy clause with DPO contact,
    • Complaint/appeal procedures.

  6. Test the collection channel: Ask for the official payment channels (company bank account, official e-wallet merchant account). Refuse to pay to personal accounts.

  7. Ask about CIC: Whether they submit credit data (builds credibility and helps your credit history).

  8. Try a small transaction first (if you must) and verify official receipts.

7) Special cases

  • Online-only lenders/apps: Must still be SEC-licensed (CA) and the app must be part of the licensed operation. Extra care on permissions and privacy.
  • Buy-Now-Pay-Later (BNPL): Often structured via a licensed financing company or bank partnership; legitimacy comes from the licensed entity behind it.
  • Microfinance NGOs: Governed by a separate law; not “lending companies,” but still subject to disclosure and privacy rules.
  • Employers/Co-ops: Loans via cooperatives are covered by cooperative rules; check CDA (Cooperative Development Authority) registration instead of SEC.
  • Pawnshops: BSP-supervised; check pawn ticket disclosures and BSP compliance, not SEC CA.

8) What borrowers should receive and keep

  • Pre-contract TILA disclosure (keep a copy).
  • Loan agreement signed by both parties; include corporate name/CA.
  • Privacy notice and consent record (or other lawful basis notice).
  • Official receipts for all fees and payments.
  • Repayment schedule and statement of account upon request.
  • Customer service contacts and DPO email/phone.

9) Remedies and where to complain

  • SEC – abusive collection, operating without a CA, deceptive practices by LCs/FCs, unlicensed online lending apps, false advertising.
  • NPCprivacy violations (contact harvesting, unauthorized disclosures, breaches).
  • BSP – complaints against banks/pawnshops/MSBs.
  • LGU – business permit issues for local branches.
  • CIC – disputes over reported credit data.
  • Courts/Small Claims – to contest unconscionable interest/fees, illegal penalties, or to stop harassment (e.g., injunction, damages). Keep evidence: screenshots, call logs, documents, receipts.

Documentation tips: Keep a timeline, copies of all messages, recordings where lawful, screenshots of app permissions, and IDs of collectors. This materially strengthens any regulatory complaint or court action.

10) Frequently asked questions

Q1: Is an SEC registration enough? No. You need to see a Certificate of Authority specifically authorizing lending/financing operations.

Q2: Can a sole proprietor be a “lending company”? No. LCs/FCs must be corporations. A sole proprietor may extend credit, but cannot operate as a statutory “lending company.”

Q3: Are sky-high interest rates automatically illegal? Not automatically, but unconscionable rates and punitive penalty stacking can be struck down by courts. Lack of disclosure also creates liability.

Q4: Can lenders contact my employer or relatives? Only within limited, lawful purposes and with respectful, non-harassing conduct. Public shaming, threats, and doxxing are prohibited.

Q5: The app wants my contacts and photos—should I allow it? If the purpose is unclear or disproportionate to lending, deny and reconsider the lender. Excessive permissions can violate the Data Privacy Act.

11) Model borrower’s script (verification request)

“Before I proceed, please email me: (1) your SEC Certificate of Authority to operate as a lending/financing company, (2) your SEC Registration and Articles, (3) current mayor’s permit for this branch, (4) your TILA disclosure with all fees, interest, and penalties stated, and (5) your privacy notice with DPO contact. Kindly confirm that payments are made only to the company’s official accounts and that your app/brand name is registered under the same corporation.”

12) Bottom line

A legitimate Philippine lender is properly licensed (SEC CA or BSP-supervised), transparent in pricing and terms, respectful in collections, and privacy-compliant. If any link in that chain is missing—walk away or seek counsel.

If you want, I can turn this into a one-page printable checklist or a borrower’s due-diligence template you can hand to clients.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login