How to Verify a Lending Company With the SEC Before Borrowing (Philippines)

How to Verify a Lending Company With the SEC Before Borrowing (Philippines)

This guide explains, in plain but precise terms, how a prospective borrower can confirm whether a lender is duly authorized by the Philippine Securities and Exchange Commission (SEC), and what to check beyond SEC status. It reflects the framework under the Lending Company Regulation Act (Republic Act No. 9474) and related rules, plus other cross-cutting laws (e.g., the Truth in Lending Act, Data Privacy Act, AMLA, and the 2022 Financial Products and Services Consumer Protection Act). It is not a substitute for legal advice.

The Regulatory Baseline

  1. Who the SEC regulates here

    • Lending Companies (LCs) – corporations whose primary business is granting loans from their own funds, usually to individuals or MSMEs.
    • Financing Companies (FCs) – corporations providing credit (including consumer or business financing, installment plans, receivables purchase, etc.). Both must secure (a) SEC corporate registration and (b) a separate SEC Certificate of Authority (CA) before operating.

  2. Who the SEC does not regulate in this space

    • Banks and pawnshops – primarily supervised by the Bangko Sentral ng Pilipinas (BSP).
    • Cooperatives lending to members – supervised by the Cooperative Development Authority (CDA).
    • Microfinance NGOs – covered by a separate law and certification regime. If an entity claims to be any of the above, verify with the right regulator.

  3. Key legal consequences

    • Operating a lending/financing business without a CA is unlawful and may lead to SEC enforcement actions (cease-and-desist, revocation, fines) and potential criminal liability under special laws and the Revised Penal Code (e.g., estafa if there is fraud).

The Five-Step Verification Workflow (Do This Before You Borrow)

Step 1: Capture the lender’s exact identity

Ask for—and write down—the following:

  • Exact corporate name (as appears on SEC papers)
  • SEC Company Registration Number
  • SEC Certificate of Authority (CA) Number (and date of issuance)
  • Principal office address (not just a P.O. box)
  • Landline and official domain email (not just messaging apps)
  • For apps: the publisher/developer name shown in the app store and a link to their privacy notice

Tip: Legit lenders readily provide a scan or photo of the SEC Certificate of Authority. The corporate name on the CA must match exactly the name they use in contracts, receipts, websites, and app stores.

Step 2: Check the SEC’s public information

Perform these cross-checks:

  • Is the corporation registered? Confirm that the exact corporate name and registration number exist and are active.
  • Is there a valid SEC Certificate of Authority (CA)? Verify that the entity is listed as an LC/FC with a CA that has not been revoked, suspended, or denied. (CAs generally do not have a fixed term but can be revoked.)
  • Any SEC advisories or orders? Search for SEC Advisories, Cease-and-Desist Orders, Revocation Orders, or Show-Cause/ Summons involving the entity, its owners, or its app brand.

Red flag: If the company is registered as a corporation but not in the SEC list of licensed LCs/FCs, it is not allowed to do lending/financing business.

Step 3: Confirm the regulator, if they market themselves differently

  • If they use “Bank,” “Rural Bank,” “Thrift Bank,” “Digital Bank,” “EMI,” or “Pawnshop” in branding, verify they’re BSP-supervised and that the corporate identity matches BSP records.
  • If they say they are a cooperative, verify with CDA and ensure that you are a member (coops generally lend to members).

Step 4: Screen the app and data-privacy posture (for online lenders)

  • App publisher match: The developer/publisher name on the app store should match the SEC-licensed corporation (or a clearly disclosed subsidiary/affiliate). Beware of shell “publishers.”
  • Permissions hygiene: Overbroad permissions (e.g., contact scraping, gallery access) are red flags. The Data Privacy Act requires purpose limitation, proportionality, and consent.
  • Privacy notice: Must state the corporate identity, data uses, retention, sharing, and a contact channel for rights requests.
  • Complaints trail: Repeated reports of contact-harassment, public shaming, threats, or doxing indicate potential violations of SEC debt-collection rules and the Data Privacy Act.

Step 5: Inspect the contract and disclosures (Truth in Lending compliance)

A lawful lender must disclose, in writing before you are bound:

  • Total loan amount (principal)
  • Finance charges (interest, fees, charges)
  • Effective interest rate (EIR) or annual percentage rate (APR) calculation basis
  • Installment schedule, amortization table (if applicable), and due dates
  • Default/penalty charges and how they accrue
  • All non-interest fees (processing, disbursement, collection, late fees)
  • Right to prepay and any prepayment charges
  • Cooling-off or cancellation rules, if offered
  • Complaints channel (including email/landline and regulator contacts)

Refuse any loan where the contract is blank, unsigned, or replaced by screenshots/chat promises. Oral assurances are not a substitute for statutory disclosures.

Practical Red Flags (Walk Away If You See These)

  • No SEC CA; offers excuses like “processing,” “sister company has a license,” or “DTI certificate is enough.” (A sole proprietorship/DTI registration is not a lending license.)
  • Mislabeling the business (e.g., calling itself a “bank” or “BSP-approved” without proof).
  • Advance fee scams (“release fee,” “insurance,” or “facilitation fee” payable before cash out).
  • Personal accounts for disbursement/repayment (GCash/bank under private names).
  • Guaranteed approvals with no KYC, or demands for collateral you never see again (IDs, ATM cards, passbooks, signed checks).
  • Harassing collection tactics (threats, public shaming posts, contacting your employer/relatives, fake “subpoenas” or “warrants”).
  • Unclear or shifting fee tables; promoted rate that excludes multiple “mandatory” add-ons.
  • Pressure to transact only via chat; refusal to provide a registered office or landline.

Special Notes on Names, Capital, and Corporate Form

  • A legitimate LC/FC is a stock corporation. (A sole proprietorship or partnership cannot be an LC/FC.)
  • The corporate name typically reflects the business (e.g., includes “Lending” for LCs or “Finance/Financing” for FCs). Using “Bank” or “Savings and Loan” is restricted.
  • LCs and FCs are subject to minimum paid-in capital requirements under SEC rules (figures may vary by category and location; confirm the current threshold if relevant to your due diligence).

Your Borrower Rights and Lender Duties (Snapshot)

  • Fair collection: Lenders and their agents must follow fair collection standards. Threats, obscenities, public shaming, or disclosing your debt to unrelated persons are prohibited.
  • Data protection: You have the right to informed consent, access, rectification, erasure, and to complain to the National Privacy Commission (NPC) for abuses.
  • Transparent pricing: Under the Truth in Lending Act, charges must be clear and itemized, enabling you to compare offers.
  • Complaint handling: The Financial Consumer Protection Act (FCPA, 2022) requires internal dispute resolution and gives regulators stronger powers to act on abusive practices.
  • Anti-Money Laundering: LCs/FCs are covered persons; they must conduct KYC and report suspicious transactions.

Quick Checklist (Print This)

  1. Exact corporate name and SEC registration number obtained.
  2. SEC Certificate of Authority (CA) verified; no revocation/suspension/advisory.
  3. Right regulator confirmed (SEC vs BSP vs CDA).
  4. Office address and landline validated; staff can show IDs and licenses.
  5. App publisher matches the licensed corporation; privacy notice reviewed.
  6. Contract reviewed: principal, all fees, EIR/APR, penalties, schedule, complaint channel.
  7. No advance fees before disbursement; fund flows use the company’s official accounts.
  8. No harassment history in public complaints or credible forums.
  9. Repayment math fits your budget; prepayment terms clear.
  10. Keep copies: IDs of dealing officers, CA, contract, receipts, chat logs.

Sample Scripts You Can Use

Email/Chat to request documents

“Before I proceed, please send the SEC Certificate of Authority, your SEC registration number, and the registered office address. Kindly confirm that the corporate name on the CA is the same name that will appear on our loan agreement and official receipt.”

If pressured to pay an ‘advance fee’

“Charging any fee before loan release was not disclosed in a signed contract. I will not proceed without complete written disclosures compliant with the Truth in Lending Act.”

If collection turns abusive

“Please communicate only through the channels in my contract. Public shaming or threats violate SEC collection rules and the Data Privacy Act. Further violations will be documented and reported.”

Where to Complain (and What to Bring)

  • SEC Enforcement and Investor Protection – for unlicensed lending, abusive collection by LCs/FCs, or deceptive practices. Bring: screenshots of ads/chats, the CA (or refusal to show it), IDs of agents, payment proofs, receipts.
  • National Privacy Commission (NPC) – for contact scraping, disclosure to third parties, doxing, or other privacy violations. Bring: app permission screenshots, privacy policy, call/SMS logs, message screenshots.
  • BSP Consumer Assistance – if the entity is a bank, pawnshop, or EMI.
  • Local Government/BIR – to check or report business permits and BIR registration irregularities.
  • PNP-ACG/NBI – for cyber harassment, identity theft, or fraud.
  • Small Claims Court – for straightforward monetary claims (no lawyers required up to the current threshold).

Frequently Asked Questions

1) Is a DTI certificate enough? No. That is for trade names/sole proprietorships. Lending/financing requires an SEC-registered corporation and a Certificate of Authority.

2) Do Certificates of Authority expire? They are continuing unless revoked/suspended; continued compliance (reports, fees, governance) is required.

3) Are high interest rates illegal per se? The general usury cap was lifted decades ago, but lenders are still bound by disclosure, unfairness/abuse prohibitions, and special caps that may exist for certain products under specific regulators. Always compare the effective cost (EIR/APR), not just the nominal rate.

4) Can online lenders call my contacts? Contacting your relatives/employer or shaming you publicly can violate SEC debt-collection rules and the Data Privacy Act. Report such conduct.

5) The company says it “uses a partner” to lend. Is that okay? Only the entity with an SEC CA (or BSP license, as applicable) may conduct the lending business. Cross-check who is the actual lender of record in the contract and receipt.

Bottom Line

Before borrowing, verify the SEC Certificate of Authority and look for advisories or orders. Ensure the corporate identity is consistent everywhere (contract, receipts, app store, website), the pricing is fully disclosed, and collection practices are lawful. If something feels off—walk away. There is no bargain good enough to justify dealing with an unlicensed or abusive lender.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login