How to File Complaints Against Online Loan Apps in Philippines

How to File Complaints Against Online Loan Apps in the Philippines

Executive summary

Online lending apps (OLAs) are regulated in the Philippines. If you experience harassment, unauthorized data use, unfair collection tactics, hidden fees, or lending by unregistered entities, you can (and should) complain. Start with the provider, then escalate to the correct regulator—SEC for lending/financing companies and their apps, BSP for banks and other BSP-supervised institutions, and NPC for privacy abuses—while preserving evidence. Depending on the facts, you may also go to PNP-ACG/NBI for cybercrime, the courts/Small Claims for monetary disputes, or your barangay for immediate relief from harassment.

The legal framework (Philippine context)

  • Lending and financing regulation

    • Republic Act (RA) 9474Lending Company Regulation Act of 2007
    • RA 8556Financing Company Act
    • SEC rules (including circulars on online lending platforms and on unfair collection practices) apply to lending/financing companies and their OLAs. Operating without the required SEC authority, or using abusive collection tactics, can trigger administrative, civil, and criminal liability.

  • Consumer protection for financial services

    • RA 11765Financial Products and Services Consumer Protection Act (FPSCPA): sets standards for fair treatment, transparency, responsible pricing, and accessible redress; empowers the Bangko Sentral ng Pilipinas (BSP) and SEC to act on complaints and sanction supervised entities.

  • Disclosure of loan costs

    • RA 3765Truth in Lending Act: requires clear disclosure of finance charges, interest rates, and other costs prior to loan consummation.

  • Data privacy and debt-shaming

    • RA 10173Data Privacy Act of 2012 (DPA): prohibits unauthorized processing of personal data and penalizes excessive or disproportionate data collection/processing. “Debt-shaming,” scraping your contacts, and broadcasting your debt without a lawful basis can constitute privacy violations. The National Privacy Commission (NPC) handles complaints.

  • Cybercrime/harassment

    • RA 10175Cybercrime Prevention Act: covers threats, libel, identity theft, phishing, and related acts done through ICT; enforced by PNP-Anti-Cybercrime Group (ACG) and NBI-Cybercrime Division.

  • Collection harassment and other offenses

    • Depending on conduct: Grave threats/coercion, unjust vexation, libel/slander, violation of the Safe Spaces Act (if gender-based), and other offenses in the Revised Penal Code and special laws may apply.

Key jurisdiction rule of thumb

  • SEC: lending/financing companies and OLAs (licensing, unfair collection, illegal lending).
  • BSP: banks, e-money issuers, and other BSP-supervised financial institutions (consumer protection, fees, conduct).
  • NPC: any entity (bank or OLA) that misuses personal data (contact scraping, debt-shaming).
  • DTI: general consumer issues not involving regulated financial products (rare for OLA disputes).
  • PNP-ACG/NBI: crimes (threats, doxxing, identity theft, phishing).

Common violations by OLAs (and what they mean legally)

  1. Operating without registration or authority (SEC issue).
  2. Harassment and unfair collection practices: calling employers/relatives, group chats, public posts, threats of arrest or property seizure without court order (SEC/BSP conduct violations; possible criminal acts).
  3. Excessive or undisclosed fees/interest: hidden handling fees, automatic “service charges,” rollovers without consent (Truth in Lending + FPSCPA).
  4. Unauthorized data scraping/processing: forcing address book/gallery access; debt-shaming posters (DPA; NPC jurisdiction).
  5. Misleading ads/claims: “0% interest” that isn’t, “guaranteed approval” with add-on fees (FPSCPA; possibly DTI for general ads).
  6. Phishing/identity theft/loan fraud: accounts opened in your name (Cybercrime + DPA).

Evidence you should gather (do this before you complain)

  • Screenshots of app pages (rates, fees, permissions requested), chats, texts, call logs, in-app notices, and any “debt-shaming” posts.
  • Copies of contracts/loan agreements, disclosure statements, receipts, and payment transaction records.
  • Entity identity: app name, developer name, corporate name (if stated), email, hotline, and—if available—SEC registration/Certificate of Authority (CA) details.
  • Timeline: when you applied, approved, disbursed, billed, collected, and harassed.
  • Witness statements: coworkers/family contacted by collectors.
  • Preserve metadata: URLs, message headers, phone numbers, and device details.

Caution on recordings: The Anti-Wiretapping Act (RA 4200) generally prohibits recording private communications without all parties’ consent. Do not secretly record calls. Keep voicemails, texts, and written communications instead.

Step-by-step: Where and how to file

Step 1 — Complain to the provider (required by regulators)

  • Use in-app help, email, or the “complaints” address. State:

    • Your name, loan/account number, and contact details
    • Clear description of the issue and the relief you seek (e.g., stop harassment, remove fees, correct balance, delete unlawfully obtained data, issue a written apology, or close account)
    • Deadline to respond (e.g., 15 calendar days is reasonable)

  • Keep the ticket/reference number and their full reply. This proves prior resort when you escalate.

Step 2 — Escalate to the right regulator

A) SEC (lending/financing companies and OLAs)

File when:

  • The app is a lender/financing company (not a bank/e-money issuer), or appears unregistered/without SEC authority
  • You suffered unfair collection (e.g., debt-shaming, threats, workplace calls)
  • Fees/interest were not disclosed, or terms were deceptive

What to include:

  • Identity of the app/company, screenshots, contract, payment proof, your Step-1 complaint and the provider’s response (or lack thereof), and a concise prayer for relief (e.g., investigate, sanction, order cessation of unfair practices, compel rectification/refund)

Where it leads:

  • SEC can investigate, order takedowns/cease-and-desist, impose administrative fines, and coordinate with platforms for app removal. You may pursue civil damages separately.

B) BSP (banks, EMI, other BSP-supervised FIs)

File when:

  • The loan product is from a bank, neobank, EMI/wallet, or BSP-licensed lender
  • Issues: undisclosed fees, wrongful debits, improper collection, failure to address complaints

What to include:

  • Same core evidence; emphasize Truth in Lending/FPSCPA violations and consumer harm.

What BSP can do:

  • Direct the FI to rectify, refund, correct records, and sanction for breaches of consumer protection standards.

C) NPC (privacy breaches and debt-shaming)

File when:

  • The app accessed your contacts/photos without clear, voluntary, informed, and specific consent
  • The app broadcasted your debt, messaged your contacts, or retained excessive data
  • There’s a security breach exposing your data

Process highlight:

  • Show you attempted to resolve with the entity (Step 1). Submit evidence of unlawful processing and harm (embarrassment, job issues).

Outcomes:

  • NPC may order cease-and-desist, data erasure, access/rectification, and impose penalties. You can also sue for damages under the DPA.

D) Criminal complaints (if applicable)

  • PNP-ACG/NBI-Cybercrime for threats, doxxing, identity theft, phishing, extortion, or libel.
  • Bring printed evidence and IDs. Request inquest or file a regular complaint with the Office of the Prosecutor.

How to write a strong complaint (template you can adapt)

Subject: Complaint vs. [App/Company] for Unfair Collection, Undisclosed Fees, and Data Privacy Violations Complainant: [Full name, address, mobile, email] Respondent: [Company name, app name, business address if known] Facts:

  1. On [date], I downloaded/used [App]. I was offered a loan of ₱[amount] at [stated rate/term].
  2. The app required access to [contacts/photos/location], which I did not freely consent to / which was disproportionate to the service.
  3. On [date], the company [harassed/contacted my employer/created a group chat/sent threats/posters].
  4. The company imposed [undisclosed fees/rollovers], contrary to TILA and FPSCPA. Legal grounds: RA 11765; RA 3765; RA 10173; RA 9474/RA 8556; SEC/BSP rules on unfair collection; relevant provisions of the Revised Penal Code/Cybercrime Act. Evidence: Screenshots (Annexes A-F), contract (Annex G), payments (Annex H), list of contacts messaged (Annex I), prior complaint and response (Annex J). Relief sought: (a) Immediate cessation of unfair collection and debt-shaming; (b) rectification of account and refund of unlawful charges; (c) deletion of unlawfully processed data; (d) investigation and sanctions; (e) written confirmation to me within 15 days.

Frequently asked tactical questions

1) How do I know if the app is SEC-registered or BSP-supervised?

  • Check the company disclosures in the app/website and your contract. Banks and e-money issuers fall under BSP; lending/financing companies under SEC. If the company name is missing, inconsistent, or unverifiable, treat as suspect and escalate to SEC and NPC.

2) Can they legally message my contacts?

  • Generally no. Messaging your contacts to pressure repayment typically lacks a lawful basis under the DPA and is an unfair collection practice. Complain to NPC (privacy) and SEC/BSP (conduct).

3) Can they threaten arrest or case filing over chat?

  • Arrest without a warrant is not lawful for mere debt. Threats, intimidation, or public shaming can be criminal and regulatory violations.

4) Should I keep paying while I complain?

  • If the loan is valid and funds were received, you remain liable for the lawful principal and agreed interest/fees that were properly disclosed. You may pay under protest and seek refunds/adjustments for unlawful charges. Do not pay “facilitation” or “settlement” fees to collectors via personal accounts.

5) What if the loan was opened without my consent?

  • File with PNP-ACG/NBI (identity theft/fraud), NPC (breach/misuse of your personal data), and the regulator of the provider (BSP/SEC). Ask for account freeze, reversal, and a fraud affidavit process.

6) Can I sue for damages?

  • Yes. Under the DPA and civil law, you can claim moral/actual damages. For pure money claims ≤ ₱1,000,000 (subject to current rules), you may use the Small Claims procedure—fast, no-lawyer-required. For defamation/harassment, you may file separate criminal/civil actions.

Practical playbook (checklist)

  1. Secure your data

    • Revoke app permissions; change passwords/OTP settings.
    • Inform your contacts not to engage with collectors; give them a short statement to use if contacted.

  2. Document everything

    • Save screenshots, messages, and notices chronologically in a single PDF/drive folder.

  3. Write and send a formal demand (Step-1 letter/email).

  4. Escalate

    • SEC for OLA misconduct/illegal lending.
    • BSP for banks/EMIs/BSFIs issues.
    • NPC for privacy/debt-shaming.
    • PNP-ACG/NBI for crimes.

  5. Consider parallel remedies

    • Barangay blotter for immediate harassment.
    • Small Claims for refunds/overcharges.

  6. Monitor retaliation

    • New threats or posts = fresh evidence. Update your complaints.

  7. Protect your credit/records

    • Ask the provider/regulator to correct negative reporting made in bad faith.

Do’s and don’ts

Do

  • Use official channels only; keep receipts and reference numbers.
  • State a specific remedy and deadline in every complaint.
  • Preserve mental well-being: let a trusted person monitor your messages if harassment spikes.

Don’t

  • Secretly record calls (RA 4200 risk).
  • Share OTP, PINs, or full ID images over chat.
  • Pay to personal wallets/GCash numbers of “agents.”
  • Engage in arguments in group chats—collect evidence, don’t debate.

Sample one-page complaint to the provider (fill-in)

To: [Compliance/Support Email of App/Company] Date: [_] Subject: Formal Complaint and Demand to Cease Unfair Collection and Data Misuse I, [Full Name], holder of Loan/Account No. [__], complain that on [dates] your representatives: [describe harassment/debt-shaming/undisclosed fees]. This violates RA 11765 (FPSCPA), RA 3765 (Truth in Lending), and RA 10173 (DPA), as well as SEC/BSP rules on unfair collection. Demands: (1) cease all harassment and contact with my employer/contacts; (2) correct my account by removing unlawful fees and provide a detailed computation; (3) erase unlawfully processed data and confirm in writing; (4) send your written response within 15 days. Attached: evidence Annexes A-E. Signed: [Name, mobile, email, address]

Final notes

  • Pick the right venue: SEC for OLAs/lenders; BSP for banks/EMIs; NPC for privacy; PNP-ACG/NBI for crimes. You can file simultaneously when issues overlap (e.g., privacy + unfair collection).
  • Relief is cumulative: administrative sanctions (regulators), criminal liability (prosecutors/courts), and civil damages (courts/Small Claims) can all proceed based on the same facts.
  • Stay factual, organized, and persistent: well-documented complaints get action faster.

If you want, I can turn this into filled-out complaint letters and a simple evidence checklist you can print.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login