How to Verify a Philippine Lending Company’s SEC License and Report Advance-Fee Loan Scams

How to Verify a Philippine Lending Company’s SEC License and Report Advance-Fee Loan Scams

Philippine legal guide (general information only; not a substitute for legal advice).

Executive summary

Before you borrow, verify two things:

  1. the company is a Philippine corporation; and
  2. it holds a Certificate of Authority (CA) to operate as a Lending Company or Financing Company issued by the Securities and Exchange Commission (SEC).

If anyone asks you to pay money upfront (a “processing fee,” “insurance,” “BIR tax,” “activation” or “release” fee) before your loan is approved and released, treat it as a major red flag. That pattern is typical of advance-fee loan scams—often criminal estafa, plus violations of financial consumer protection, truth-in-lending, and data privacy rules.

This guide explains the law, a step-by-step verification process (including for lending apps), red flags, what to do if you already paid, and how and where to file reports (with evidence checklists and complaint templates).

The legal framework (Philippines)

  • Lending Company Regulation Act of 2007 (LCRA; R.A. 9474). Only corporations may engage in the lending business (unless they are banks, insurance companies, or cooperatives governed by other laws). A lending company must obtain a Certificate of Authority (CA) from the SEC in addition to its corporate registration. Operating without a CA is unlawful and punishable.

  • Financing Company Act of 1998 (R.A. 8556). Similar CA requirement for financing companies (entities engaged in extending credit, e.g., through leasing, factoring, discounting, etc.). Many consumer-facing lenders are either “lending companies” or “financing companies”; both are under the SEC.

  • Financial Consumer Protection Act of 2022 (R.A. 11765). Prohibits unfair, abusive, or deceptive practices; empowers regulators (including the SEC) to investigate and sanction violators; gives consumers the right to redress and fair treatment.

  • Truth in Lending Act (R.A. 3765). Requires clear pre-contract disclosure of the total cost of credit (interest, fees, and the effective interest rate). Hidden or misleading charges are unlawful.

  • Data Privacy Act of 2012 (R.A. 10173). Bars misuse of personal data (e.g., debt shaming, indiscriminate access to contact lists) and requires lawful, proportional processing.

  • Revised Penal Code — Estafa (Art. 315) & Cybercrime Prevention Act (R.A. 10175). Advance-fee schemes and online impostors may be prosecuted criminally (estafa, computer-related fraud, identity theft, etc.).

Important distinctions

  • SEC vs. BSP vs. CDA. Banks and pawnshops are regulated by the BSP, cooperatives by the CDA, while lending/financing companies are regulated by the SEC. Verify with the right regulator.
  • Corporate registration ≠ license to lend. An SEC Certificate of Incorporation merely creates the corporation. To operate a lending/financing business, it must also have a CA specifically authorizing that activity.
  • Sole proprietors cannot be “lending companies.” A “DTI business name certificate” for an individual is not a license to operate a lending company under R.A. 9474.

Step-by-step: How to verify a lending company’s SEC license

1) Gather exact identifiers

Ask for (and write down) the following before giving any ID or money:

  • Full corporate name (not just a brand/app/trade name)
  • SEC Registration No. and Date of Incorporation
  • Certificate of Authority (CA) No. and date of issuance
  • Principal office address in the Philippines
  • Landline and corporate email domain (not a free webmail if possible)
  • Names of directors/officers and website/app name(s) actually used in the market

Refusal to provide any of these is a red flag.

2) Confirm corporate existence and purpose

Check that the primary purpose in the Articles of Incorporation is lending/financing under the relevant law (R.A. 9474 or R.A. 8556). If the primary purpose says something unrelated (e.g., “trading,” “IT services”), the entity is not licensed to lend—even if incorporated.

3) Confirm the Certificate of Authority (CA)

A compliant firm will show you its SEC CA to operate as a Lending Company or Financing Company. Verify that:

  • The corporate name on the CA matches the company dealing with you.
  • The CA is valid (not suspended/revoked) and covers the service offered (online or physical).
  • The address and contact details on the CA align with what you were given.

Tip: Scammers often flash a random SEC document or a CA belonging to a different corporation. Exact name matching is essential.

4) If it’s an app or website

  • Match the app/brand name to a licensed operator. Apps often use marketing names; the CA belongs to a corporation. There must be a clear, public mapping between the app and the licensed company operating it.
  • Check if the app/operator discloses the corporate name, CA number, office address, and effective interest rate/fees in its storefront or website documentation. Omission is a red flag.

5) Check for other inconsistencies

  • Trade names vs. corporate names. A trade/brand name registered with DTI must still be tied to a licensed SEC corporation for lending.
  • Branch claims. If the branch lists a different legal name or refuses to show the CA, walk away.
  • Unusual payment channels. Legit lenders typically deduct fees from proceeds or collect upon release. Being asked to send fees to a personal e-wallet or to a person (not the corporation) before approval is an advance-fee red flag.

How advance-fee loan scams work (and the tell-tale signs)

Modus operandi:

  1. Lure: Social media/DMs/texts promising “guaranteed approval,” “no credit check,” “low interest,” “same-day release.”
  2. Gatekeeping: “Pay a processing/insurance/tax/clearance fee first so we can approve/release.”
  3. Escalation: After you pay, new “unexpected fees” appear (“system error,” “wrong account,” “re-activation”).
  4. Vanish or harass: The scammer blocks you or demands more money; there is no loan.

Red flags:

  • Any fee demanded before approval/release (especially via personal GCash/PayMaya/e-wallet, load, or remittance to an individual)
  • No verifiable CA; or documents with mismatched names
  • Generic email (free webmail), only mobile numbers, no landline
  • Refusal to provide Disclosure Statement (R.A. 3765) showing total cost of credit
  • Debt shaming threats (“we’ll text your contacts”) or requests for contact-list access
  • We process with SEC/BIR/DTI first”—SEC does not “process” your individual loan; it licenses companies, not transactions
  • Guaranteed approval” despite missing KYC; real lenders follow KYC and anti-fraud checks

What legitimate lenders typically do

  • Identify themselves with the exact corporate name and CA
  • Provide a pre-contract Disclosure Statement showing all charges and the effective interest rate
  • Collect fees properly (official receipt) and generally from loan proceeds, not through random personal wallets before approval
  • Maintain a physical office and official channels (corporate email/landline/website)
  • Follow fair collection standards; no harassment or public shaming

If you’re being asked to pay upfront: what to do before paying

  1. Stop and verify the CA and the operator’s identity (see steps above).
  2. Ask for the Disclosure Statement (R.A. 3765). If they won’t provide it, walk away.
  3. Check payment instructions. Paying a person (not the licensed corporation) is a serious red flag.
  4. Search your gut: “Too good to be true” offers almost always are.

If you already paid an advance fee

Act immediately:

  1. Preserve evidence. Screenshots, chat threads, emails, caller IDs, social media posts, app pages, the CA they showed you, receipts/e-wallet reference numbers, bank slips, names, numbers, and any voice notes. Export or print now.

  2. Notify your bank/e-wallet. File a fraud/dispute to attempt a recall/chargeback or to flag/freeze the recipient account. Provide timestamps and reference numbers.

  3. Report to the platforms.

    • Social media / marketplace: report the account/page for fraud.
    • App store: report the app if applicable.

  4. File regulatory and criminal complaints (see next section). Doing both increases your options: administrative action through the SEC and criminal action through the prosecutor’s office (with the help of PNP-ACG or NBI).

  5. Protect your data. If you installed a shady app or shared IDs, change passwords, revoke permissions, enable two-factor authentication, and monitor your credit/e-wallet activity. Consider a complaint to the National Privacy Commission (NPC) if your contacts were spammed or your data was misused.

Where and how to report

You can file with multiple bodies at once. Keep your submissions consistent. When in doubt, prioritize SEC (for licensing and unfair practices) and law enforcement (for estafa/cybercrime).

A) Report to the SEC (licensing, unfair/abusive practices)

When:

  • The entity has no CA or uses a different corporation’s license
  • Unfair/abusive debt collection (harassment, shaming, threats)
  • Misleading disclosures, hidden fees, non-compliance with R.A. 3765
  • Undisclosed/unauthorized online lending platforms

What to include:

  • Your narrative (dates, what was promised, what you paid, who you spoke with)
  • Corporate/app names used and any CA they presented
  • Proof (screenshots, receipts, links, ads, terms, phone numbers)
  • Your ID and contact info
  • Relief sought: Investigation, cease-and-desist, administrative sanctions, referral for prosecution

Note: SEC action is administrative/regulatory; it may stop the illegal activity and penalize the company, but it does not automatically refund your money. For recovery, pursue criminal and/or civil remedies.

B) Report to law enforcement (criminal estafa / cybercrime)

Agencies:

  • PNP Anti-Cybercrime Group (PNP-ACG) or the NBI-Cybercrime Division
  • City/Provincial Prosecutor’s Office (for a criminal complaint-affidavit)

What to include:

  • Detailed complaint-affidavit (facts, timeline, elements of estafa)
  • Evidence (as above) and your IDs
  • Names, numbers, account identifiers, and how the money moved

Why:

  • To investigate, identify real persons behind the accounts, and file criminal charges (estafa, computer-related fraud, identity theft).

C) Report to the National Privacy Commission (NPC) (data privacy)

When:

  • Debt shaming, mass-messaging your contacts, unauthorized data harvesting
  • Coercion via exposure of your personal information

What to include:

  • The app’s permissions, screenshots of messages to your contacts, and your narrative on harm suffered.

D) Notify your bank/e-wallet and telco

  • File a fraud/dispute immediately to attempt recovery or to block the recipient account/SIM. Provide reference numbers to regulators and police so they can coordinate faster.

Evidence checklist (keep originals and digital copies)

  • Conversation logs (full threads, not cropped)
  • Screenshots of ads, app pages, storefront listings
  • SEC documents shown to you (CA, registration) and why they don’t match
  • Receipts, transaction reference numbers, bank/e-wallet statements
  • Phone numbers, email addresses, social media profiles, URLs
  • Names/IDs/photos sent to you; call recordings (if any)
  • Your affidavit (signed and notarized, if filing with the prosecutor)

Templates you can use

1) Short complaint to the SEC (administrative)

Subject: Complaint re: Unlicensed Lending / Advance-Fee Scheme Complainant: $Your full name, address, mobile, email$ Respondent: $Exact corporate/app/brand names used$ Facts:

  • On $date$, I was offered a loan of $₱ amount$ via $app/FB page/phone$ by $name$.
  • They required me to pay $“processing/insurance/tax”$ of $₱ amount$ before approval/release to $name/e-wallet number$. I paid on $date$, Ref. No. $xxx$.
  • They refused to provide a valid SEC Certificate of Authority matching their corporate name. The name on the document they sent does not match.
  • I never received the loan. Further fees were demanded. Violations Alleged: R.A. 9474 / R.A. 8556 (operating without CA), R.A. 11765 (unfair/deceptive practices), R.A. 3765 (truth-in-lending), SEC rules on online lending platforms and unfair collection. Relief Sought: Investigation, cease-and-desist order, administrative sanctions; referral for criminal prosecution as appropriate. Attachments: IDs, screenshots, receipts, chat logs, any SEC documents sent to me.

2) Complaint-affidavit (criminal estafa) — bare-bones structure

  1. Your identity (name, age, address)
  2. Jurisdiction (where the acts happened / money was sent)
  3. Narrative of facts in chronological order (who, what, when, where, how much)
  4. Elements of estafa (false pretenses; reliance; payment; damage)
  5. Attachments (Annex “A,” “B,” etc.)
  6. Prayer (filing of appropriate criminal information)
  7. Verification and jurat (subscribe and swear before a notary/prosecutor)

Tip: Keep your timeline tight and your documents referenced (e.g., “Annex ‘A’ – GCash receipt Ref. No. 123456 on 15 June 2025, ₱3,500”).

Frequently asked questions

1) The company showed me an SEC certificate. Is that enough? No. You need a Certificate of Authority to operate as a lending/financing company—not just a Certificate of Incorporation for a different purpose.

2) The lender says fees must be paid first “for approval.” Is that normal? No. Legit lenders generally don’t collect upfront via personal wallets. Fees are typically disclosed and deducted from loan proceeds upon release or collected with official receipts payable to the corporation.

3) The brand/app name is different from the company on the certificate. That can be legitimate only if the brand/app is publicly and transparently operated by the licensed corporation. If you cannot trace the brand/app to the CA holder, treat it as unsafe.

4) Can the SEC get my money back? SEC action is administrative. Money recovery typically requires criminal and/or civil action. Still, filing with the SEC helps stop the scheme and documents regulatory violations.

5) I borrowed from a cooperative/bank. Do I still check the SEC? Cooperatives are under the CDA; banks and pawnshops are under the BSP. Verify with the correct regulator (SEC covers lending/financing companies).

Practical do’s and don’ts (mini-checklist)

Do:

  • Demand the exact corporate name and CA and verify them.
  • Ask for the Disclosure Statement (R.A. 3765) showing all charges.
  • Keep copies of everything and save reference numbers.
  • Report suspicious offers early—before others get harmed.

Don’t:

  • Don’t pay any fee before approval/release, especially to personal accounts.
  • Don’t rely on screenshots or edited PDFs as proof of licensing.
  • Don’t install unknown apps that demand contact-list access.
  • Don’t be rushed by “limited time” or “guaranteed approval” pressure.

Final notes

  • Laws and SEC circulars evolve. The principles above are stable, but specific procedures and sanctions can change.
  • When large sums are involved or there are cross-border elements, consult a lawyer promptly for tailored advice and to fast-track complaint-affidavit preparation.

If you’d like, I can adapt the complaint templates to your facts (names, dates, amounts) and produce ready-to-file drafts.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login