How to Report a Lending Company to SEC and Other Authorities

1) Why reporting matters—and what “lending company” means in law

In the Philippines, a “lending company” is generally a corporation engaged in granting loans from its own capital (as distinct from banks taking deposits). Legitimate lending companies are registered with the Securities and Exchange Commission (SEC) and—crucially—must typically hold a Certificate of Authority (CA) from the SEC to operate as a lending company under the Lending Company Regulation Act of 2007 (Republic Act No. 9474).

If a lender is operating without SEC authority, using abusive collection methods, misrepresenting its identity, charging undisclosed or deceptive fees, or mishandling personal data, there are multiple enforcement paths—administrative, civil, and criminal.

This article maps out (a) which authority to go to, (b) what violations to look for, (c) how to build evidence safely, and (d) how to file a complaint that can actually move.

2) Identify the “right regulator” first (because not every “lender” is under SEC)

Before filing, match the entity to the correct supervising agency:

A. SEC (most common for non-bank lenders)

Report to the SEC if the entity is:

  • A lending company (RA 9474), or
  • A financing company (Financing Company Act; often used for consumer/asset financing), or
  • An online lending platform (OLP) or entity offering loans through apps/social media that should be SEC-registered and authorized.

B. Bangko Sentral ng Pilipinas (BSP)

Report to BSP if the entity is:

  • A bank, digital bank, quasi-bank, or otherwise taking deposits, offering e-money services, or regulated financial products typically under BSP supervision.

C. Cooperative Development Authority (CDA)

Report to CDA if the lender is a cooperative offering loans to members.

D. Local government / barangay / courts (civil dispute routes)

If the issue is primarily a private debt dispute (e.g., computation, payment schedules) with no regulatory violations, remedies may be civil: demand letters, settlement, barangay conciliation (when applicable), or court actions.

E. National Privacy Commission (NPC)

Report to NPC if there is misuse of personal data: contact harvesting, doxxing, sending messages to your contacts, threats using your photos, unlawful disclosure, or processing without lawful basis under the Data Privacy Act of 2012 (RA 10173).

F. Law enforcement / prosecutors

Report to the PNP / NBI / City or Provincial Prosecutor if facts indicate crimes (e.g., threats, extortion, identity theft, cyber harassment) potentially under the Revised Penal Code and/or Cybercrime Prevention Act of 2012 (RA 10175) and related laws.

3) Common complaints against lending companies (and what authorities care about)

A. Operating without SEC authority / “colorum” lending

Red flags:

  • No SEC registration details provided (or they refuse to disclose).
  • No Certificate of Authority as lending/financing company.
  • They operate purely via Facebook/Telegram/Viber with no corporate footprint.
  • The entity name on receipts differs from the lender’s claimed name.

Primary forum: SEC (administrative enforcement; cease-and-desist; sanctions).

B. Deceptive loan terms / hidden charges / lack of disclosures

Red flags:

  • You were not given clear written disclosures of principal, fees, interest, and the total amount due.
  • The lender imposes “processing fees,” “service fees,” “membership fees,” or “advance interest” that were not fully disclosed up front.
  • They change terms after disbursement.

Primary forums: SEC (regulated entity conduct), courts (civil remedies), and sometimes prosecutors (if fraudulent scheme is provable).

C. Harassment, threats, shame campaigns, or contacting your employer/friends

Red flags:

  • Threats of violence, arrest, jail (especially for simple nonpayment).
  • Calling your contacts, spamming your workplace, posting your face/name online.
  • Misleading “legal notices” pretending to be from a court, sheriff, police, or “warrant department.”

Primary forums: SEC (if SEC-supervised), prosecutors/PNP/NBI (if criminal), NPC (if data misuse), and possibly civil actions for damages.

D. Data privacy violations (very common in online lending)

Red flags:

  • App demanded excessive permissions (contacts/photos) not necessary for lending.
  • They messaged your contacts or disclosed your debt publicly.
  • They used your ID/selfie beyond the loan purpose or shared it with third parties.
  • They refuse to honor deletion/correction requests, or they cannot explain how they process your data.

Primary forum: NPC (and SEC if the lender is SEC-regulated).

E. Unauthorized debits / abusive auto-debit / account takeover attempts

Red flags:

  • Unrecognized transactions, pressure to share OTPs, links that look like phishing.
  • Coercion to give online banking credentials.

Primary forums: Your bank first (fraud controls), PNP/NBI (cybercrime), NPC (if personal data compromised), and SEC/BSP depending on who is regulated.

4) What to do immediately (practical triage checklist)

Step 1: Preserve evidence—without creating legal problems

Keep:

  • Screenshots of the app page, lender profile, and all chat/SMS/email exchanges.
  • Call logs (time/date/number) and recordings only if obtained lawfully.
  • Loan documents, screenshots of terms, amortization schedules, payment receipts.
  • Bank transfer records, e-wallet confirmations, transaction references.
  • Names/usernames of collectors, their numbers, and any “team” group chats.

Important caution: The Philippines has an Anti-Wiretapping law (RA 4200). Secretly recording private communications can create risk. If you must document calls, safer alternatives include:

  • Documenting dates/times and summarizing what was said immediately after.
  • Saving voicemails.
  • Keeping messages in writing where possible.

Step 2: Identify the entity (real corporate identity, not just the app name)

Try to capture:

  • Exact business name used in contracts/receipts.
  • Any SEC registration number / TIN (if shown).
  • Office address (even if virtual).
  • Name of the corporation on bank account recipient details.

This is important because enforcement hinges on proper respondent identification.

Step 3: Stop the bleeding (privacy and safety)

  • Revoke app permissions (contacts, files, SMS) and uninstall if needed.
  • Tighten privacy settings; warn close contacts not to engage with unknown messages.
  • If there are threats: consider a police blotter entry immediately and preserve evidence.

5) Filing a complaint with the SEC (how it usually works)

A. When the SEC is the best first move

File with the SEC if:

  • The lender claims to be a lending/financing company;
  • It operates as an online lending platform;
  • You suspect it is unregistered/unauthorized; or
  • It is registered but uses prohibited collection practices or deceptive terms.

B. What the SEC typically wants in a complaint

While formats vary, strong complaints usually include:

  1. Caption / Parties
  • Your name and contact details (or counsel’s).
  • Respondent’s corporate name (and app/brand name), address, and known identifiers.
  1. Statement of facts (chronology)
  • Date of loan, amount applied, amount received, charges deducted.
  • Repayment schedule, interest/fees, and what was disclosed vs. what happened.
  • Collection conduct: dates, messages, threats, third-party contact.
  1. Violations alleged You can frame issues as:
  • Operating without SEC authority (if applicable),
  • Misrepresentation/deceptive practices,
  • Unfair/abusive collection practices,
  • Failure to provide proper disclosures,
  • Other unlawful acts tied to lending operations.
  1. Relief requested (“prayer”) Examples:
  • Investigation and regulatory action;
  • Cease-and-desist order (if unauthorized operations);
  • Suspension/revocation of authority (if authorized but abusive);
  • Administrative fines/penalties;
  • Referral to other agencies if warranted.
  1. Attachments
  • Screenshots, receipts, bank records, IDs used by collectors (if any), demand messages, etc.
  1. Verification / affidavit Regulators often take sworn narratives more seriously. A notarized affidavit-complaint with exhibits can strengthen the filing.

C. Where to file

Common routes (choose what is available to you):

  • SEC office / receiving section (physical filing),
  • SEC enforcement department handling lending/financing complaints (administrative),
  • SEC online complaint channels (where available).

If you cannot find the correct channel quickly, file through the SEC’s main public assistance/complaints intake and clearly mark it as a lending company / online lending complaint.

6) Reporting to the National Privacy Commission (NPC)

File with the NPC if the lender:

  • Accessed or used contacts/photos without lawful basis;
  • Disclosed your debt to third parties;
  • Doxxed you (posted personal info publicly);
  • Harassed using personal data.

What to include

  • Description of what data was collected (contacts, photos, location, etc.).
  • How it was used improperly (e.g., messages sent to contacts).
  • Screenshots showing disclosures and harassment.
  • Your attempt (if any) to request deletion/correction/cessation, and their response.

Remedies NPC can pursue (in general)

  • Orders to comply, stop processing, or delete data (depending on findings),
  • Administrative penalties,
  • Potential referrals where criminal liability may exist under privacy/cyber laws.

7) Reporting to PNP/NBI/Prosecutor (criminal angles)

Consider law enforcement/prosecutor routes if you have:

  • Threats (bodily harm, death threats),
  • Extortion (pay or we will expose/shame/harm you),
  • Impersonation (pretending to be police, court officers),
  • Identity theft / fraud (loan in your name),
  • Cyber harassment / coordinated online attacks.

How it often proceeds

  1. Police blotter / initial report (optional but helpful),
  2. Preparation of a complaint-affidavit with exhibits,
  3. Filing with the Office of the Prosecutor for inquest/preliminary investigation (as appropriate),
  4. Parallel complaints with SEC/NPC for regulatory angles.

Practical note: Criminal cases require proof beyond mere “unfairness.” Make sure your evidence ties specific individuals/accounts/numbers to specific acts.

8) Civil remedies (when the dispute is about money, computation, and damages)

Even if you report to regulators, you may still need civil options:

  • Demand letter / negotiation (preferably in writing),
  • Settlement agreements with clear release clauses,
  • Civil action for damages if reputational harm occurred,
  • Defensive strategies if the lender sues (challenge unconscionable terms, lack of disclosure, improper charges—depending on facts).

Barangay conciliation: May be a prerequisite for certain disputes depending on parties and location, with exceptions (e.g., urgency, government parties, some criminal matters, or where parties are in different localities). When in doubt, a quick check with the barangay or counsel helps avoid dismissal on technical grounds.

9) A practical “choose-your-path” decision tree

If you suspect they are unregistered/unauthorized:

  • SEC first, then prosecutors if fraud/extortion is present.

If harassment is the main issue:

  • SEC (if regulated) + Prosecutor/PNP/NBI (if threats/extortion)
  • Add NPC if they used contacts/photos or disclosed your info.

If data privacy is the main issue:

  • NPC first, plus SEC if the lender is a lending/financing company.

If unauthorized debits or account compromise occurred:

  • Your bank immediately, then PNP/NBI, plus NPC as needed.

10) Complaint drafting template (adapt as needed)

Title: Complaint Against [Company Name / App Name] for Unauthorized/Abusive Lending Practices and Related Violations

I. Parties

  • Complainant: [Name, address, contact]
  • Respondent: [Corporate name, app/brand name, address, known IDs/numbers]

II. Facts

  • On [date], I applied for a loan via [app/platform]. The advertised loan amount was [X].

  • I received [Y] on [date] after deductions of [fees] which were not fully disclosed prior to disbursement.

  • The stated due date was [date], but [describe discrepancies].

  • From [date] onward, representatives contacted me through [channels]. They:

    • [Threatened me with…]
    • [Messaged my contacts/employer…]
    • [Posted/disclosed my information…]
    • [Misrepresented themselves as…]

III. Issues / Violations Raised

  • Potential lack of SEC authority / improper operation as a lending entity; and/or
  • Abusive/unfair collection practices; and/or
  • Deceptive or insufficient disclosures on total cost of credit; and/or
  • Data privacy violations involving unauthorized processing/disclosure of personal data.

IV. Relief Requested

  • Investigation and appropriate enforcement action;
  • Immediate cessation of prohibited collection conduct;
  • Administrative penalties and other relief deemed proper;
  • Referral to appropriate agencies if warranted.

V. Attachments

  • Annex “A” – Screenshots of loan terms and deductions
  • Annex “B” – Proof of disbursement and payment records
  • Annex “C” – Messages/call logs/harassment evidence
  • Annex “D” – Evidence of third-party disclosures (contacts/employer)
  • Annex “E” – IDs/profile pages/numbers/accounts used

Verification / Affidavit

  • Include a sworn statement attesting the truth of facts based on personal knowledge, signed and notarized.

11) Safety and strategy tips that often decide outcomes

  • Do not ignore deadlines if you receive actual court papers. Many fake “legal notices” exist, but real summons/orders require prompt action.
  • Don’t send OTPs or banking credentials. Regulators and legitimate lenders do not need your OTP.
  • Keep communications in writing where possible. Written threats and disclosures are powerful evidence.
  • Document harm: screenshots of posts, witness statements from contacted coworkers/friends, and dates/times of incidents.
  • Parallel filing can be effective: SEC (regulatory), NPC (privacy), prosecutor (crime) can proceed on separate tracks.

12) When to consult a lawyer (and what to prepare)

Seek legal advice if:

  • There are threats/extortion, large sums, or identity theft;
  • You were publicly shamed and suffered job consequences;
  • You want to pursue damages or obtain restraining relief.

Bring:

  • A one-page timeline,
  • All evidence organized by annex,
  • A list of known respondents (company name, collector numbers, bank accounts used),
  • Copies of IDs/receipts/messages.

Bottom line

In the Philippine context, reporting a problematic lender is rarely “one-and-done.” The most effective approach is usually evidence-first and multi-agency: SEC for authority and lending conduct, NPC for privacy abuses, and prosecutors/PNP/NBI for threats, extortion, fraud, or cyber harassment. The better your documentation and respondent identification, the higher the chance of meaningful enforcement.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login