How to Report Harassing Online Lending Apps to the SEC and NBI (Philippines)

How to Report Harassing Online Lending Apps to the SEC and NBI (Philippines)

Updated for Philippine law and practice as commonly applied through 2024. This guide covers the legal basis, evidence you need, where and how to file, and what outcomes to expect when reporting abusive or harassing conduct by online lending apps.

I. Why this matters

Online lending applications (OLAs) can fill a real credit gap—but some use aggressive, shaming, and privacy-invasive tactics to collect debts. Philippine regulators treat these as unfair debt-collection practices, privacy violations, and in some cases criminal acts. Two primary venues for complaints are:

  • Securities and Exchange Commission (SEC) – for misconduct by lending and financing companies, including those operating through apps or social media, whether or not they hold a valid Certificate of Authority (CA).
  • National Bureau of Investigation (NBI) – for criminal complaints, especially when you experience threats, extortion, doxxing, or other cyber-enabled abuse.

You may also have parallel remedies with the National Privacy Commission (NPC) (for contact-list scraping, unauthorized disclosure, etc.), the Philippine National Police–Anti-Cybercrime Group (PNP-ACG), and civil actions for damages.

II. Legal grounds at a glance

1) Unfair collection practices (SEC oversight)

  • Lending Company Regulation Act of 2007 (R.A. 9474) and Financing Company Act (R.A. 8556) require SEC registration and a Certificate of Authority to operate. Operating without a CA is illegal.

  • SEC rules and circulars prohibit unfair collection practices, including:

    • Use of obscene or profane language, insults, or humiliating conduct.
    • Public or “contact-list” shaming (messaging your employer, family, or friends).
    • Threats of violence, arrest, or criminal cases for mere nonpayment of a civil debt.
    • False, deceptive, or misleading representations about legal consequences.
    • Unreasonable or excessive collection calls (e.g., late-night barrage).

Key idea: Even if you owe money, collectors must follow the law. Debt does not authorize harassment.

2) Privacy and data-protection violations (NPC oversight)

  • Data Privacy Act of 2012 (R.A. 10173) prohibits processing personal data beyond lawful, declared purposes and mandates proportionality and consent.

  • Typical violations by abusive OLAs:

    • Forcing broad device permissions (e.g., full contact-list, photos) unrelated to the loan.
    • Disclosing your debt to third parties (your contacts) without lawful basis.
    • Retaining or repurposing data beyond what is necessary.

3) Possible criminal offenses (NBI / PNP-ACG)

Depending on behavior and evidence, abusive actors may violate:

  • Anti-Photo and Video Voyeurism Act (if they threaten to publish private images).
  • Revised Penal Code provisions (e.g., grave threats, grave coercion, unjust vexation, libel/slander by deed).
  • Cybercrime Prevention Act (R.A. 10175) – same crimes when committed through ICT (online posts, mass messages, doxxing, etc.).

III. Before you file: build your case

Strong documentation is the difference-maker. Gather the following:

  1. Identity of the App / Entity

    • App name (as shown in the app store), website/FB page, in-app company name, and any addresses shown in terms/privacy policy.
    • Screenshots of any SEC registration/CA claims or logos used in marketing.

  2. Your Transaction Trail

    • Loan application details, approval notifications, contract/terms (PDF, screenshots), loan amount disbursed, repayment schedule, and payment proofs (receipts, bank/GCash statements).

  3. Harassment Evidence

    • Screenshots (entire screen, with timestamps) of abusive messages or calls; export chat logs if possible.
    • Audio recordings/voicemails (if any) and call logs showing frequency/time.
    • Messages to third parties (co-workers, family): obtain their screenshots and short signed statements indicating how and when they were contacted and by whom.

  4. Privacy Violations

    • Evidence that the app scraped contacts/photos or threatened disclosure.
    • Copies of permissions requested at install/while in use.

  5. Your Identity & Authority

    • Government-issued ID; if filing for a minor or another person, bring proof of authority (SPA, parent/guardian proof).

  6. Affidavit-Complaint

    • Prepare a sworn narrative detailing the timeline, people involved, specific acts (who said what, when, and where), and attach exhibits labeled Annex “A,” “B,” ….

Practical tip: Preserve original digital files and keep a read-only backup (USB/cloud). Do not edit metadata. Name files systematically (e.g., 2024-11-03_SMS_Collector1.png).

IV. Filing with the Securities and Exchange Commission (SEC)

What the SEC can do

  • Investigate lending/financing companies and online lending platforms (OLPs).
  • Order cessation of abusive practices, suspend/revoke Certificates of Authority, block domains/apps in coordination with platforms, and impose administrative fines.
  • Refer criminal aspects to law enforcement.

Who you report to

  • SEC Enforcement/Investor Protection and the units overseeing Lending/Financing Companies. (Exact routing may vary; in practice, any SEC complaint intake for OLAs will reach the appropriate department.)

What to submit

  • Complaint letter or SEC complaint form, signed and dated.

  • Affidavit-Complaint (notarized if possible) with annexes:

    • KYC (valid ID, contact details).
    • Proof of loan and payments.
    • Evidence of harassment/unfair practices.
    • Any proof the entity is unregistered or misrepresenting SEC authorization.

  • Indicate your requested actions, e.g., investigation of unfair collection practices; verification of registration/authority; and takedown/blocking of abusive OLP operations.

After filing

  • SEC may acknowledge, request more documents, or invite you for clarification.
  • Expect the SEC to verify registration status and examine the collection conduct against its rules.
  • Outcomes can include warnings, fines, suspension/revocation, and referrals to NPC/NBI.

V. Filing with the National Bureau of Investigation (NBI)

When to go to the NBI

  • You experienced threats, extortion, doxxing, defamation campaigns, or mass harassment executed online.
  • The app or its agents demand money under threat of public shaming or fabricated criminal cases.
  • There are fake legal notices, forged documents, or impersonation of government officers.

Where and how

  • File at the NBI Cybercrime Division (or regional NBI offices) and state that the unlawful acts were committed through online channels.

  • Bring:

    • Two valid IDs.

    • Affidavit-Complaint with the same evidence bundle described above, plus:

      • Exported message archives (e.g., WhatsApp/FB Messenger/Telegram exports).
      • Device information (phone model/OS), and if requested, consent for forensic imaging.

  • The NBI may:

    • Take your sworn statement.
    • Preserve digital evidence and issue subpoenas.
    • Coordinate with platforms for data requests.
    • File criminal complaints with the DOJ.

Practical tip: If you feel physically unsafe or receive threats of violence, also make a police blotter at your local precinct and notify PNP-ACG.

VI. Parallel and complementary remedies

  1. National Privacy Commission (NPC) File a complaint for unauthorized processing and disclosure of your personal data or that of your contacts, and for failure to implement adequate security measures. NPC can order cease-and-desist, erasure, and impose administrative penalties.

  2. App stores / platforms Report the app for policy violations (harassment, privacy abuse, deceptive conduct). Attach your SEC/NPC/NBI filing references when available.

  3. Civil action for damages You may claim actual, moral, and exemplary damages for tortious acts (harassment, defamation, privacy invasion). Consult counsel about venue, defendants (company and responsible officers/agents), and preservation of evidence.

  4. Employer and school protocols If your workplace or school is contacted, request that HR/administration log and preserve the messages and refrain from engaging with the collector; such third-party disclosure generally lacks lawful basis.

VII. Special issues and FAQs

A. “They say I’ll be jailed if I don’t pay by 5 PM.”

Nonpayment of a civil debt is not a criminal offense. Threats of arrest for a consumer loan are deceptive unless there is an independent crime (e.g., fraud with evidence). Report such threats.

B. “They messaged my contacts with edited photos and insults.”

That supports multiple violations: unfair collection, privacy breaches, and cybercrime (e.g., libel, unlawful processing). Capture originals; ask contacts to keep unmodified copies and provide brief statements.

C. “The app forced access to my contacts before I could proceed.”

This raises data-privacy concerns. Take screenshots of permission prompts and the privacy policy screens. Include them in your NPC and SEC filings.

D. “The company says they’re SEC-registered.”

SEC registration of a corporation is not the same as a Certificate of Authority to operate as a lending/financing company. Ask SEC to verify both.

E. “Do I still have to pay?”

Your valid debt remains payable, but you may:

  • Dispute illegal charges and abusive fees.
  • Demand a statement of account and lawful modes of payment.
  • Insist on written communications and stop harassing calls/messages. Harassment does not legalize nonpayment; but it strengthens your regulatory and civil claims.

VIII. Step-by-step checklist (printable)

  1. Secure your devices

    • Change passwords; revoke app permissions (Contacts, SMS, Files, Photos).
    • Enable screen-time limits to reduce anxiety and preserve logs.

  2. Collect evidence

    • Screenshots of app pages, threats, third-party messages (with timestamps).
    • Payment proofs and contracts; export chats; back up to cloud/USB.

  3. Draft your Affidavit-Complaint

    • Parties involved; detailed timeline; exact words used; attach Annexes.

  4. File with SEC

    • Submit complaint + affidavit + annexes; request investigation for unfair collection practices and authority verification.

  5. File with NBI (and PNP-ACG if needed)

    • Bring IDs, affidavit, full digital bundle; ask for cybercrime case evaluation.

  6. File with NPC (if privacy was abused)

    • Focus on unauthorized disclosure/contact-list scraping and harm suffered.

  7. Notify your contacts & HR

    • Short advisory to ignore harassing messages and forward copies to you.

  8. Plan repayment safely (if the debt is valid)

    • Use traceable channels; request official receipts; avoid meeting collectors alone.

IX. Sample Affidavit-Complaint (template)

Republic of the Philippines [City/Municipality] x------------------x

AFFIDAVIT-COMPLAINT

I, [Full Name], Filipino, of legal age, with address at [Address], after having been duly sworn, depose and state:

  1. On [date], I installed the mobile application [App Name] operated by [Company, if known].
  2. On [date], I obtained a loan of ₱[amount] payable on [due date]. Copies of the confirmation and terms are attached as Annex “A”.
  3. Beginning [date], the respondents engaged in unfair collection practices, including [e.g., repeated late-night calls, threats of arrest, insults]. Screenshots are attached as Annex “B”.
  4. On [date], they messaged [name/relationship], a contact from my phone, disclosing my alleged debt and posting [insults/edited images] (Annex “C”).
  5. These acts violate the Lending/Financing laws and SEC rules on unfair collection, the Data Privacy Act, and may constitute offenses under the Revised Penal Code and Cybercrime Prevention Act.
  6. I respectfully pray that your office investigate, impose appropriate sanctions, and refer criminal aspects for prosecution.

[Signature over printed name] Affiant

SUBSCRIBED AND SWORN to before me this [date] at [city]. [Notary/Officer Administering Oath]

(Attach copies of IDs and all annexes.)

X. Outcomes and timelines

  • SEC: Administrative actions (warnings, fines, suspension/revocation, platform takedown referrals).
  • NBI/DOJ: If probable cause is found, criminal complaints may be filed in court.
  • NPC: Compliance orders, cease-and-desist, and administrative penalties.
  • Civil courts: Damages for harassment and privacy invasion.

Keep realistic expectations: regulators prioritize well-documented complaints and patterns of abuse. Your evidence pack and clear affidavit substantially increase the likelihood of meaningful enforcement.

XI. Practical safeguards (going forward)

  • Prefer lenders with verifiable SEC CA and transparent terms.
  • Read permissions; deny contact and file access unless strictly necessary.
  • Use a separate email/number for financial apps; maintain two-factor authentication.
  • Keep all communications in writing and save copies of every transaction.
  • If collectors call, say “Please put all communication in writing. Further calls will be documented.” Then end the call.

Final note

This article offers a comprehensive procedural and legal roadmap in the Philippine context. For case-specific strategy, especially if you are facing acute threats or a high-value dispute, consult a Philippine lawyer to tailor filings, protect your privacy, and quantify damages.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login