How to Verify if a Finance Company or Shopping App Is Legit with the SEC and DTI (Philippines)

This article explains, in practical legal terms, how a Filipino consumer or business can verify whether a finance company (e.g., lender, financing firm, investment offeror) or a shopping app (e-commerce marketplace or online seller) is legitimate under Philippine law. It also shows how the mandates of the Securities and Exchange Commission (SEC) and the Department of Trade and Industry (DTI) intersect, and lists concrete red flags, documentation to request, and complaint pathways. This is general information, not legal advice.

1) Know who regulates what

Securities and Exchange Commission (SEC).

Incorporation/registration of corporations and partnerships (domestic and foreign doing business here).
Licenses and supervision of lending companies (Lending Company Regulation Act), financing companies (Financing Company Act), investment houses, brokers/dealers, and advisers.
Registration of securities (shares, bonds, investment contracts).
Enforcement/Advisories against unregistered offerings, scams, and abusive online lending practices.

Department of Trade and Industry (DTI).

Business Name registration for sole proprietorships (BNRS system).
Consumer protection under the Consumer Act of the Philippines (deceptive sales acts, warranties, price tag rules, sales promotion permits, product standards through BPS).
E-commerce policy and enforcement (including obligations of marketplaces and online merchants under the Internet Transactions Act).

Other useful regulators (context):

BSP (Bangko Sentral ng Pilipinas): banks, e-money issuers, payment system operators, virtual asset service providers (licensing/supervision).
NPC (National Privacy Commission): data privacy and misuse of personal data (e.g., contact-list scraping by apps).
IC (Insurance Commission): insurance and HMOs.

2) Legal forms & what “legit” means in practice

Corporation/Partnership (SEC)
- Must be registered with the SEC.
- If engaged in lending or financing, it must also have a Certificate of Authority (CA) from the SEC.
- If offering investments to the public, the securities must be registered or fall under a lawful exemption, and required licenses (e.g., broker/dealer, investment adviser) must be in place.
Sole proprietorship (DTI)
- Must have a DTI Business Name registration (BN certificate).
- Cannot legally operate as a lending or financing company (those require SEC corporate form plus a CA).
- May operate an online shop, subject to Consumer Act and Internet Transactions Act obligations.
Foreign company/app
- If doing business in the Philippines, must secure the appropriate SEC license to do business (e.g., branch/representative office) or operate via a locally registered entity.
- Even if abroad, online platforms and merchants offering to Philippine consumers are subject to Philippine consumer protection rules.

3) Step-by-step: Verifying a finance company

A. Confirm corporate existence and status (SEC)

Ask for the full registered name and SEC registration number.
Check that the entity is active (not revoked/suspended) and that its primary purpose includes the specific regulated activity (e.g., “lending company,” “financing company”).
Review available public filings (e.g., Articles of Incorporation, GIS, AFS) to verify current officers, address, and capitalization.

B. Verify the proper license(s)

Lending/Financing: Request the SEC Certificate of Authority (CA). Confirm it’s genuine (correct company name, number, effectivity/validity).
Investment offering: If they are selling securities/investments (including “profit-sharing,” “packages with guaranteed returns,” “crypto/forex pools”), ask for the SEC Certificate of Permit to Sell/Registration of Securities and any intermediary licenses (e.g., broker/dealer).
Online Lending Platforms (OLPs): Each app/brand used to disburse/collect loans must be specifically registered/authorized under the lending/financing company. One company may operate multiple OLPs, but each must be on the authorized list and linked to the same legal entity.

C. Check for enforcement history

Look up SEC Advisories/Orders naming the company, its brands, promoters, or “investment programs.”
Be wary of entities previously revoked, sanctioned, or subject to cease-and-desist orders.

D. Inspect the product terms against regulatory rules

Disclosure: Legit lenders disclose APR/total cost, fees, tenor, collection policies, and complaint channels in writing.
Collection practices: “Utang-shaming,” threats, contacting people in your phonebook, or public humiliation are prohibited unfair collection practices.
Data practices: Access to contacts, photos, or location must be justified; misuse of data can trigger SEC/NPC action.
Interest/fees caps & penalties: For small-value/short-term loans, SEC rules cap certain charges. If quoted costs are excessive or opaque, treat as a red flag and verify the cited rule.

E. Cross-check who actually lends

Many apps are marketing fronts. Ask: “Who is the lender of record on the contract and who’s licensed?” Your contract and receipts should name the same licensed entity.

F. Documents you may request

SEC Certificate of Incorporation and CA (for lending/financing).
Latest General Information Sheet (GIS) (to confirm officers/beneficial owners).
Sample loan agreement and schedule of fees.
Privacy Notice and complaints process.

4) Step-by-step: Verifying a shopping app (marketplace or standalone store)

A. Identify the legal entity behind the app/website

Legit platforms show a full corporate or business name, business address, and contact/complaints channels in their Terms/Privacy pages and order confirmations.

B. Determine registration path

If the operator is a corporation/partnership → SEC registration (and, if foreign, SEC license to do business).
If a sole proprietorship → DTI Business Name registration (BN).
For marketplaces, check their seller verification process and policies (they have duties to verify and cooperate with regulators).

C. Consumer-law compliance signals

Price tags/clear pricing, truthful ads, and no “No Return, No Exchange” signage.
Clear return/refund/warranty policies. Defective or misrepresented goods must be repaired, replaced, or refunded under the Consumer Act.
Sales promotions (discount raffles, contests) should carry a DTI Sales Promotion Permit reference.
For regulated products (e.g., appliances, helmets), look for ICC/PS marks or conformity to mandatory product standards.

D. Payments & receipts

Company name on invoices and payment channels (bank, e-wallet, payment gateway) should match the declared legal entity.
Requests to pay to personal accounts or to crypto wallets “to avoid fees” are red flags.

E. Data privacy and platform duties

The Privacy Notice should identify a data controller and explain data collection/use/retention and your rights.
Platforms and sellers must keep effective complaint redress mechanisms; repeated non-delivery, refusal to honor returns, or takedown-resistant fake listings suggest non-compliance.

5) Quick legal checks you can do yourself

Name/type consistency. The app’s About/Terms page, receipts, and payment descriptor should all show one legal entity name, consistent with SEC/DTI records.
Purpose fit. If a corporation’s primary purpose is “IT services,” it cannot lawfully run a lending business unless the purpose is amended and a CA is issued.
Licensing specificity. “Registered with DTI/SEC” ≠ licensed to lend, collect investments, or operate as a marketplace. Ask for the exact certificate/permit covering the activity.
Promotion permits. Big raffles/contests must cite a DTI Permit No.
Contactable & locatable. Real businesses have a working hotline/email, complaints desk, and a physical or service address that matches filings.
Paper trail. Keep screenshots, emails, order pages, chats, invoices, and IDs of profiles you transacted with—crucial for chargebacks or complaints.

6) Red flags (finance & shopping)

“Guaranteed high returns,” recruitment-based earnings, pay-to-join “investment clubs,” or staking/forex/crypto schemes with “profit share” but no SEC-registered securities.
Lender or app asks for your phone contacts or threatens to contact your employer/family.
Name mismatch between app, website domain, receipts, and bank/e-wallet recipient.
Use of personal bank accounts for corporate transactions.
No physical address, generic Gmail/Yahoo support, or only social-media DMs.
Refusal to provide SEC/DTI documents or to identify the legal entity.
Copied privacy policy/terms from foreign sites with unrelated jurisdictions.
Seller insists on full prepayment off-platform to “avoid fees,” especially for high-value goods.

7) What to ask for (copy-paste checklist)

For finance companies

☐ SEC Certificate of Incorporation (entity name & number)
☐ SEC Certificate of Authority to operate as a lending/financing company
☐ If offering investments: SEC securities registration/permit and any intermediary licenses
☐ Latest GIS (officers/beneficial owners)
☐ Standard loan agreement, schedule of fees/APR, collection policy
☐ Privacy Notice and complaints procedure

For shopping apps/sellers

☐ Legal entity name, address, taxpayer details (if available)
☐ SEC registration (corp/partnership) or DTI BN (sole prop)
☐ Return/refund/warranty policy and customer service contacts
☐ DTI Sales Promotion Permit (if running raffles/contests)
☐ Proof of compliance with mandatory product standards (if applicable)
☐ Proper sales invoice/OR with correct entity name and TIN

8) Typical misconceptions, clarified

“DTI-registered” does not mean a company can solicit investments or extend loans. For those, SEC licensing applies.
An app being on a major app store does not prove regulatory compliance.
SEC or DTI registration alone does not validate every new product or promotion—specific activities may need separate approvals.
A foreign-based platform selling to Filipinos can still be covered by Philippine consumer law and can be subject to enforcement actions and takedowns.

9) If things go wrong: complaint and enforcement map

SEC (Enforcement/Investor Protection): investment scams, unregistered lending/financing, unfair collection practices, abusive OLPs.
DTI (Consumer Protection, Fair Trade Enforcement, E-Commerce): deceptive ads, return/refund issues, sales promotion violations, fake or substandard goods, platform/seller failures.
BSP Consumer Assistance: issues with banks, e-money, payments (chargebacks, unauthorized transfers).
NPC: misuse of personal data or harassment via scraped contacts.
NBI/PNP Anti-Cybercrime: fraud, estafa, identity theft, phishing.
Local government/BIR: no mayor’s permit/BIR registration for brick-and-mortar sellers (supporting sanctions).

Tip: File with the primary regulator first (SEC for finance activities; DTI for consumer sales), then copy related agencies as needed. Attach your evidence pack (timeline, screenshots, receipts, chat logs, IDs, ad copies, product pages).

10) Practical due-diligence workflow (15-minute version)

Identify the entity behind the app/site and note its exact legal name.
Check SEC or DTI depending on the legal form (SEC for corporations/partnerships and for all lending/investment activities; DTI BNRS for sole proprietors).
For lenders/financiers/investments, insist on the SEC Certificate of Authority and, if investments are offered, the securities registration/permit.
Scan for SEC advisories naming the entity, brand, or promoters.
Read the Terms/Privacy/Returns pages and ensure payment descriptors match the legal entity.
For promos, look for a DTI Sales Promotion Permit reference.
If doubts remain, do not transact or limit exposure (cash on delivery with inspection; small test purchases; use protected payment methods).

11) Model contract clauses/points to look for

Clear lender/platform identity (full legal name, address, contact, regulator).
Comprehensive fee disclosure (interest, service fees, penalties, effective APR, total cost).
Collection policy consistent with no-harassment rules.
Data privacy clauses identifying the data controller, purpose of processing, retention, and rights to access/erasure.
Dispute resolution channel and turnaround times.
Governing law/jurisdiction—shouldn’t waive mandatory Philippine consumer protections for domestic transactions.

12) Quick FAQs

Q: Is an SEC registration certificate enough for a lending app? A: No. It must also have an SEC Certificate of Authority to operate as a lending/financing company, and each online lending platform/brand should be duly disclosed/authorized.

Q: The seller is “DTI-registered”—is that safe? A: It means a sole proprietorship exists under that business name. It doesn’t authorize lending or investment solicitations, and it doesn’t excuse consumer-law violations.

Q: The app says returns are “not allowed.” A: “No Return, No Exchange” policies are unlawful. Defective/misrepresented goods must be repaired, replaced, or refunded under the Consumer Act. Contract terms cannot waive statutory rights.

Q: The company is foreign but ships to PH. Are we protected? A: Yes—if they target Philippine consumers, Philippine consumer and e-commerce rules can apply, and platforms have duties to cooperate with regulators.

13) Bottom line

For finance: SEC first—confirm corporate existence, Certificate of Authority, and (if applicable) securities registration.
For shopping apps: verify the legal entity and its SEC or DTI registration, check consumer-law compliance, and ensure payment/receipts match.
When in doubt, walk away, or use protected payments and keep a meticulous paper trail.

Stay skeptical, insist on documents, and trust the regulator footprints: if the permits don’t exist—or don’t match the activity—the business isn’t legit.