Reporting Cryptocurrency Investment Fraud in the Philippines
A comprehensive legal guide for retail investors, lawyers, compliance officers, and law-enforcement personnel
1. Why a special playbook for crypto?
While Bitcoin arrived in the Philippines in 2011, formal regulation lagged until Bangko Sentral ng Pilipinas (BSP) Circular 944-2017 coined the term Virtual Currency and introduced licensing for Virtual Asset Service Providers (VASPs). As the market ballooned, so did fraud—ranging from simple Facebook “double-your-money” schemes to sophisticated cross-border hacks. Because crypto often straddles securities, banking, cyber-crime and anti-money-laundering rules, victims who want their money back (or to put scammers behind bars) must report to several agencies in parallel.
2. Legal foundations you’ll invoke
| Law / Rule | Key Provisions Relevant to Crypto Fraud |
|---|---|
| Securities Regulation Code (SRC), R.A. 8799 | §3.1 (definition of “securities” broad enough to cover many token offerings); §26 (fraudulent transactions); §28 (unregistered brokers/dealers); §73 (penalties) |
| Revised Penal Code (RPC) | Article 315 (Estafa: deceit + damage); Art. 355 (libel if online representations are defamatory) |
| Cybercrime Prevention Act, R.A. 10175 | §4(b)(2) cyber-fraud; §6 increases RPC penalties by one degree when the act is committed through ICT |
| BSP Circular 1108-2021 | Converts “VC” term to “VASP,” imposes licensing, consumer-assistance desk, mandatory transaction monitoring |
| Anti-Money Laundering Act (AMLA), R.A. 9160 as amended | §3(b) now defines virtual assets; VASPs are “covered persons,” triggering Suspicious Transaction Reports (STRs) |
| Data Privacy Act, R.A. 10173 | You will cite this if the exchange leaks your personal data or KYC docs |
| Financial Products and Services Consumer Protection Act, R.A. 11765 (2022) | Gives SEC, BSP, and Insurance Commission explicit visitorial & sanction powers |
Tip: Even if the scammer is abroad, Philippine courts can still assume jurisdiction if any element of the offense (e.g., the victim’s loss) occurred here (Article 2, RPC; §17, Rule 110, ROC).
3. Red flags that trigger a report
- Guaranteed or fixed returns (“20 % monthly, no risk”).
- Unlicensed solicitation—check the SEC’s “Investment Scam Advisories” page.
- Pressure to recruit a downline (Ponzi / pyramid).
- Requests to pay via GCash or remittance to a personal bank account rather than a licensed VASP wallet.
- Fake celebrity endorsements or doctored news-site screenshots.
Document all of these: screenshots, transaction hashes, email headers, chat logs, voice messages, receipts, even TikTok videos.
4. Which agency gets what complaint?
| Scenario | Primary agency | Secondary / parallel |
|---|---|---|
| Token offering or “investment contract” disguised as crypto mining, staking, yield farming | SEC – Enforcement and Investor Protection Department (EIPD) | BSP (if a licensed VASP is involved); AMLC (STR) |
| Fraud committed through an exchange/wallet licensed by BSP | BSP Consumer Protection and Market Conduct Office (CPMCO) | SEC (if it’s also selling unregistered securities); AMLC |
| Pure cyber-hack or phishing that drains your wallet | PNP-Anti-Cybercrime Group or NBI-Cybercrime Division | BSP/SEC for supervisory follow-up |
| Classic estafa without any cyber element (face-to-face misrepresentation) | Local Chief Prosecutor / DOJ (criminal complaint) | Barangay for initial mediation (optional) |
| Cross-border fraud with strong money-laundering angle | AMLC (for asset freeze/ freeze order) | DFA (Mutual Legal Assistance), DOJ OLA |
5. Step-by-step reporting roadmap
Step 1: Preserve evidence immediately
Export CSV transaction logs from your exchange, copy blockchain explorers’ transaction pages (include block height & timestamp), and notarize key screenshots if feasible.
Step 2: Verify licensing status
Search the SEC PHILCRIS or BSP VASP list. If unlicensed, print the result for annexing.
Step 3: Prepare the core complaint packet
| Annex | Contents |
|---|---|
| Affidavit of Complaint | Personal narration, elements of the offense, prayer for relief. Use prescribed DOJ format; notarize. |
| Proof of Investment | Deposit slips, wallet transfers (TXIDs), contracts, chat invites, marketing decks. |
| Identity documents | Government-ID, proof of residence. |
| Additional victims’ sworn statements | Group complaints carry more weight. |
Step 4: File with the lead agency
| Agency | Where / How to file | Fees |
|---|---|---|
| SEC-EIPD | e-mail to epd@sec.gov.ph and hard copy at SEC Main, Mandaluyong | None |
| BSP-CPMCO | consumeraffairs@bsp.gov.ph or www.bsp.gov.ph/ConsumerConcerns portal | None |
| NBI-CCD | NBI HQ Taft Ave.; register, pay ₱ 300-₱ 500 doc stamps | Minimal |
| PNP-ACG | Camp Crame cyber lab; blotter first, then submit gadgets for forensic imaging | None |
You will receive a case reference number; keep it for follow-ups.
Step 5: Parallel actions
- AMLC – If losses ≥ ₱500,000 or hint of layering, request a freeze (Rule 16, AMLC Rules).
- Bank / e-wallet – File a dispute and request a transaction recall citing BSP Memo M-2021-050.
- Social-media takedowns – Send SEC advisory plus demand letter to Meta/TikTok under their Reporting Fraud channels.
Step 6: Preliminary investigation & beyond
- For SEC cases, EIPD may issue a Cease and Desist Order (CDO) within days if public interest requires. Violators face ₱5 M fine + ₱20,000/day until compliance.
- For criminal estafa/cyber-fraud, the DOJ prosecutor will issue subpoenas; attend clarificatory conferences.
- After information is filed, RTC/MeTC issues a warrant; arraignment follows.
6. Choosing civil remedies
- Independent civil action for damages under Article 33, Civil Code.
- Derivative suit if a corporation you invested in is involved.
- Small Claims (≤ ₱ 1 M) if the fraudster is local and you prefer pro-se.
- Asset recovery abroad: Use MLA Treaty requests or the Budapest Convention on Cybercrime (the PH acceded in 2018).
7. Evidentiary gold standards
| Digital Evidence | Best Practice | Authority |
|---|---|---|
| Blockchain TXID | Print screen + notarize printout; keep raw URL | Rule on Electronic Evidence, Sections 1 & 2 |
| Chat logs | Export .txt or HTML with metadata; notarize | same |
| Emails | Use full header view; hash with SHA-256; store in WORM media | DOJ Cybercrime Office circular 2021-02 |
| Devices | Have PNP-ACG image using EnCase; request a Chain-of-Custody form | Rule 7, Cybercrime Warrants |
8. Timelines and prescription
| Offense | Prescriptive period |
|---|---|
| SRC violation | 5 years (R.A. 8799 §63) |
| Estafa over ₱ 1.2 M | 15 years (Art. 90, RPC as amended by R.A. 10951) |
| Cyber-Fraud | Same as underlying felony, but clock starts on discovery (§3(g), R.A. 3326) |
File within 10 days of discovery if you want banks to recall a domestic PESONet/Instapay transfer (BSP-Memorandum M-2021-013).
9. After you file: what to expect
- SEC will issue subpoenas to the promoters, require them to comment, and may freeze bank/crypto wallets via AMLC coordination.
- BSP will audit the licensed VASP’s logs; fines can reach up to ₱ 200,000 per transaction plus revocation.
- AMLC can obtain an ex parte 20-day freeze order from the Court of Appeals within 24 hours; extendable to 6 months.
- Criminal cases go through mediation/plea-bargain only if the amount is low; large-scale estafa (>₱10 M or 20 victims) is non-bailable.
10. Practical survival tips
- Use a dedicated e-mail and cold wallet for evidence preservation; don’t mix daily-use accounts.
- Monitor SEC Advisories weekly—new “KYC-as-a-Service” or crypto-mining fads are added constantly.
- Encourage class-action complaints; judges see pattern and grant TRO/CDO faster.
- Coordinate with private blockchain-analytics firms (e.g., Chainalysis) for tracing—costly but can unmask mixer services.
- Tax impact: You may deduct the loss from capital gains if properly documented (BIR RMC 037-22), but only after a final court ruling confirming the loss.
11. Key contacts (2025)
| Office | Hotline | E-mail / Portal |
|---|---|---|
| SEC-EIPD | (02) 8818-6047 | epd@sec.gov.ph |
| BSP Consumer Assistance | (02) 8708-7087 | consumeraffairs@bsp.gov.ph |
| AMLC Secretariat | (02) 8708-7067 | secretariat@amlc.gov.ph |
| NBI-CCD | (02) 8524-1141 loc 3455 | ccd@nbi.gov.ph |
| PNP-ACG | (02) 8723-0401 | acg@pnp.gov.ph |
(Verify numbers on the agency websites before calling; they sometimes change without notice.)
12. Conclusion
Reporting crypto-investment fraud in the Philippines is multi-layered: you usually file simultaneously with the SEC (securities angle), BSP (consumer-protection angle), AMLC (asset-freeze angle), and either NBI or PNP for cyber-crime. Speed and documentation quality dramatically affect recovery odds. While the maze can feel daunting, the overlapping jurisdictions also mean multiple chances to halt an ongoing scam and to retrieve funds. Equip yourself with notarized digital evidence, cite the right statutes, and push every agency button available—that is how Philippine law is designed to work for crypto-fraud victims.
Disclaimer: This guide is for general information only and does not constitute formal legal advice. Laws and procedures may change; consult a Philippine lawyer or the relevant regulator for case-specific guidance.