How to Report a Fake Lending Company in the Philippines: SEC Complaint and Recovery Options

Philippine legal context. This is general information, not a substitute for advice from a Philippine lawyer.

Quick action plan (first 24–48 hours)

Stop transacting and preserve everything: screenshots, call logs, chat threads, app pages, receipts, bank/e-wallet references, IDs you sent, and the app’s permissions page.
List all money movements (date, amount, channel, reference number, account name/number of the recipient).
Report immediately to the right places (details below): SEC for unregistered lenders/abusive collectors; your bank/e-wallet for recalls and account flags; NPC for data-privacy harassment; PNP-ACG/NBI for threats/extortion.
Tell your contacts (if the app scraped your phonebook) not to engage and to forward any threats to you for evidence.

Who regulates what (and why it matters)

Securities and Exchange Commission (SEC) – registers lending and financing companies and polices unfair collection practices and illegal online lending platforms (OLPs). It can issue cease-and-desist orders, revoke authorities, and refer cases for prosecution.
Bangko Sentral ng Pilipinas (BSP) – supervises banks, e-money issuers, and remittance/transfer companies; handles consumer complaints about payment transfers, card chargebacks, and wallet disputes (through its public complaint channels).
National Privacy Commission (NPC) – enforces the Data Privacy Act. It handles complaints about doxxing/shaming, contact-list scraping, excessive data collection, and harassment via your personal data.
PNP Anti-Cybercrime Group (PNP-ACG) / NBI Cybercrime Division – for threats, extortion, identity theft, online harassment, SIM/SMS scams, and other cybercrime angles.
Telecom providers/NTC – for spam/scam numbers and SIM-related abuse.
App stores & platforms – to take down fake apps/pages (submit your SEC/NPC/PNP reports as supporting proof).

A “fake lending company” typically means unregistered or unlicensed to operate as a lender/financier (no SEC Certificate of Authority), or a sham that pretends to lend to harvest fees/data, often via abusive collection and threats.

How to check legitimacy (fast)

Look for the company’s exact legal name and SEC registration number on its website/app/FB page/receipt.
A legitimate lender/financier must have:
1. SEC company registration, and
2. a Certificate of Authority to Operate as a Lending Company or Financing Company.
Red flags: no legal name or address, uses personal bank/e-wallet accounts to receive payments, asks for advance fees to “unlock” the loan, pressures you to pay before release, demands full phonebook access, or threatens public shaming.

Reporting to the SEC (step-by-step)

What the SEC can do: investigate, order take-downs/CDOs, penalize violators, and build cases for criminal prosecution under the Lending Company Regulation Act/Financing Company Act and related rules.

1) Prepare your evidence pack

Your ID and contact details.
Name of the company/app/page, links/handles, and any registered or claimed business address.
Narrative: how you were approached, terms offered, what you paid (if any), and what happened next.
Proof: screenshots of chats/calls/texts, app pages (About/Permissions), loan terms/receipts, bank/e-wallet proof of payment, and any threats/shaming materials.
If they claim to be SEC-registered, capture where/how they said it.

2) Draft a Complaint-Affidavit

Identify the respondents (company and responsible officers/agents if known).
State the violations (e.g., operating without a Certificate of Authority; unfair/abusive collection; misrepresentation).
Attach your Annexes (numbered) and index of evidence.
Sign before a notary (complaints that will be used for criminal referral typically require a sworn statement).

3) File with the SEC

Submit to the SEC’s enforcement/investor protection arm at the Main/Extension Offices or via the SEC’s public reporting channels (in person or electronically, as available).
Keep your stamped/acknowledged copy or electronic reference.

4) What to expect

SEC may ask for clarifications, issue Show-Cause or Cease-and-Desist Orders, coordinate with platforms, and refer to prosecutors.
You can request case status updates using your reference/acknowledgment.

Tip: If the entity is legit but abusive, still report. Unfair collection practices (e.g., threats, obscene language, contacting your contacts/co-workers, public shaming, false criminal accusations) are prohibited and sanctionable.

Parallel reports you should file

A) National Privacy Commission (NPC) – for data-privacy abuses

Grounds: unauthorized processing, excessive data collection (full phonebook access), disclosure to third parties, ‘shaming’ messages to your contacts, threats.
File a Data-Privacy Complaint with your narrative, screenshots, and IDs. Ask for orders to stop processing, delete unlawfully obtained data, and sanction the company.

B) PNP-ACG or NBI Cybercrime – for threats/extortion/harassment

Bring your evidence pack. File a blotter and a cybercrime complaint (e.g., grave threats, extortion, unjust vexation/harassment, and relevant cybercrime violations).
Ask for guidance on digital evidence preservation and possible subpoenas to platforms.

C) Your bank/e-wallet/remittance provider – for money recovery attempts

File a fraud/dispute/recall request with all transaction references.
If the recipient is with another institution, your provider usually sends an inter-bank recall/freeze request; outcome depends on fund availability and investigation.

D) BSP consumer complaint (if a regulated payment channel was involved)

If your bank/e-wallet doesn’t act or denies relief, escalate to BSP through its public complaint portal. Request trace/freeze (if possible), merchant blacklisting, and consumer redress for any lapses in handling.

E) Platforms

Report the app/page to Google Play/App Store/Facebook/Instagram with your SEC/NPC/PNP references to speed up takedown.

F) Telco/NTC

Report scam/threat numbers via your telco’s spam reporting channels (and 7726 for SMS spam where supported). Request blocking.

Can you get your money back?

Short answer: Sometimes—but it depends on speed, traceability, and where the money went.

Bank/e-wallet recall: If you transferred to an account/wallet, immediately request a recall/hold from your provider. If the funds are still in the recipient account, there’s a chance to freeze and return them; if withdrawn, recovery becomes difficult but not impossible if authorities intervene.
Card chargeback: If you paid via card (e.g., “processing fee”), ask your bank for a chargeback (reason: fraud/misrepresentation).
Regulatory redress: Under the Financial Consumer Protection framework, regulators can direct restitution against supervised institutions that mishandled your complaint. This won’t bind a truly fake (unregulated) entity, but it can address lapses by your bank/e-wallet.
Civil remedies:
- Nullity/Rescission of void/voidable contracts; recovery of amounts paid and damages (moral, exemplary) if you prove illegality, fraud, or unconscionable terms.
- Small Claims (MTC) for money claims up to ₱1,000,000, no lawyer required; file the standard Statement of Claim with your evidence.
Criminal route: Filing for estafa or related offenses can lead to restitution as part of criminal judgment, but this takes time and proof.

Courts often strike down unconscionable interest/fees. Even if a borrower may still owe principal, abusive rates and penalties can be voided or reduced.

Your rights as a borrower/consumer

To clear, truthful terms; no hidden or deceptive charges.
To privacy; apps cannot weaponize your contacts or humiliate you.
To fair collection; no threats, obscene language, false criminal accusations, or contacting unrelated third parties.
To redress; you can escalate unresolved disputes to regulators and the courts.

Evidence: what “good” looks like

Unedited device-level screenshots with visible timestamps, names/numbers, and URLs.
Screen recordings of app behavior (permissions requested; in-app terms; payment instructions).
Original files: PDFs, images, audio, APK hashes if you have them.
Transaction proofs: bank/wallet receipts with reference numbers.
Witness statements: if your contacts received harassment, ask them for sworn statements (or at least dated screenshots).

Preserve properly

Don’t uninstall the app until you’ve captured evidence.
Back up your phone.
Save files in a dated folder; keep a simple chain-of-custody log (who handled what, when).
If you expect a criminal case, avoid editing/annotating originals; keep working copies for redaction.

Practical FAQs

Do I have to keep paying a fake lender? If the entity is unlicensed/illegal, any “loan” may be void or voidable. You can dispute the obligation, especially usurious/unconscionable charges. Get counsel before paying further—continuing to pay often doesn’t stop harassment.

They’re threatening to file a criminal case if I don’t pay. Debt non-payment is generally not a crime by itself. Threats of fabricated criminal charges are part of abusive collection—report them.

They messaged my boss/family and posted about me. That’s a privacy violation and unfair collection. File with NPC and SEC, and include it in your PNP/NBI complaint.

I gave them my ID and contacts. What now? File with NPC for data-privacy relief (stop-processing/delete). Ask your bank/e-wallet to flag your account for unusual activity. Consider replacing compromised IDs and enable 2FA everywhere.

I signed an e-contract. Is it valid? Electronic contracts/signatures are generally recognized in PH law, but illegality/misrepresentation/unconscionable terms can still void or invalidate parts of it.

Templates you can reuse (fill in the blanks)

1) SEC Complaint-Affidavit (skeleton)

COMPLAINT-AFFIDAVIT

I, [Full Name], of legal age, Filipino, with address at [Address], after being duly sworn, state:

1. Respondents: [Company/App Name], [Known Officers/Agents if any], with claimed address at [Address/Links].
2. Facts: On [date], respondents offered me a loan via [app/page]. They [describe pitch, terms, payments made].
3. Violations: Respondents operate as a lending/financing company without a Certificate of Authority; engaged in unfair/abusive collection; and misrepresented their registration.
4. Evidence: Annex “A” – screenshots of chats; Annex “B” – app pages/permissions; Annex “C” – transaction receipts; Annex “D” – harassment messages; etc.
5. Relief: I pray that the SEC investigate, issue cease-and-desist orders, take down online platforms, impose penalties, and refer criminal charges as warranted.

[Signature over printed name]
Affiant

2) Bank/e-Wallet Recall/Dispute Letter

Subject: URGENT – Fraud Recall/Dispute Request
I request a recall/freeze of funds for the following transaction(s) tied to a suspected fake lending scam:
- Date/Time:
- Channel (InstaPay/PESONet/Wallet/Card):
- Amount:
- Sender Account/Wallet:
- Recipient Account/Wallet & Name:
- Reference No.:

Attached are my ID, screenshots, and narrative. Please escalate to your Fraud Team and coordinate with the receiving institution.

3) NPC Privacy Complaint Narrative (key points)

What data the app took (contacts, photos, ID).
How it was used (harassment/shaming to third parties).
Lack of lawful basis/consent; excessive collection; failure to protect data.
Your requests: stop processing, delete data, sanction, and notify you of compliance.

4) Evidence Log

Annex  Description                          Date/Time Captured  Source/Device
A-1    Chat with agent “X”                  2025-08-12 14:03    Android phone
B-1    App permissions (Contacts, Storage)  2025-08-12 14:05    Screen recording
C-1    InstaPay receipt #123456789          2025-08-12 14:10    Bank app
D-1    Threat message to my sister          2025-08-13 09:22    Messenger screenshot

Legal bases you can invoke (high level)

Lending Company Regulation Act / Financing Company Act – requires SEC Certificate of Authority and compliance with rules; penalizes illegal operations.
SEC rules on unfair/deceptive collection – prohibit threats, obscene language, contacting third parties, public shaming, and similar abuses by lenders/collectors.
Data Privacy Act – prohibits unauthorized or excessive processing and unlawful disclosure of personal data; provides for complaints and sanctions.
Financial Consumer Protection framework (RA 11765 and regulators’ rules) – sets standards for handling complaints and allows redress against supervised institutions.
Revised Penal Code/Cybercrime law – for estafa, grave threats, extortion, unjust vexation/harassment, and cyber-enabled offenses.
Civil Code – actions on written contracts (10-year prescriptive period), unwritten contracts (6 years), quasi-delicts (4 years); courts may void unconscionable interest/penalties.

Smart safety practices (going forward)

Use separate email/number for financial apps; limit permissions (deny Contacts, Storage, Camera unless essential).
Never pay “processing” or “unlocking” fees.
Verify licenses before engaging; use only official payment channels with the merchant’s legal name.
Turn on 2FA for email, banks, and wallets.
Keep a fraud kit: copies of IDs, proof of address, and a template dispute letter for rapid filing.

When to get a lawyer

Significant losses, threats of litigation/arrest, or continued harassment after regulator reports.
To file Small Claims, negotiate refunds, or pursue civil/criminal cases (especially if you’re considering damages).
To manage data-privacy remedies (e.g., urgent stop-processing or takedown demands).

If you’d like, tell me what you’ve already filed (and your transaction references), and I’ll help you sequence next steps and refine your affidavits and evidence list.