How to Verify if a Lending Company Is Legitimate and SEC-Registered in the Philippines

How to Verify if a Lending Company Is Legitimate and SEC-Registered in the Philippines

Last updated based on generally available Philippine law and regulatory practice as of mid-2024. This is general information, not legal advice.

Executive summary

In the Philippines, lending companies and financing companies must be registered with the Securities and Exchange Commission (SEC) and must hold a separate “Certificate of Authority” (CA) to operate—mere corporate registration isn’t enough. Many loan scams mimic real firms, rely on unlicensed online lending platforms (OLPs), or use illegal collection tactics. To protect yourself:

  1. Confirm the entity type (bank, lending company, financing company, pawnshop, cooperative, microfinance NGO) and who regulates it.
  2. Ask for and validate documents: SEC Certificate of Incorporation and SEC Certificate of Authority (CA) for lending/financing; plus local permits and BIR registration.
  3. Check official registries and advisories (SEC lists of registered/authorized entities and OLPs; lists of revoked or warned-against entities).
  4. Inspect the contract and disclosures (Truth in Lending Act and Financial Consumer Protection Act compliance).
  5. Watch for red flags (advance fees, no physical address, debt-shaming, “BSP-approved” claims when they’re not a bank, etc.).
  6. Escalate complaints to the proper agencies (SEC, National Privacy Commission, law enforcement, LGUs) with evidence.

The legal landscape (who regulates what)

  • SEC (Securities and Exchange Commission) – Primary regulator of lending companies (governed by the Lending Company Regulation Act of 2007 or RA 9474) and financing companies (the Financing Company Act of 1998 or RA 8556).

    • Requires corporate registration and a Certificate of Authority (CA) to legally engage in lending/financing.
    • Oversees online lending platforms (OLPs) operated by lending/financing companies.
    • Issues advisories and cease-and-desist orders against illegal lenders and apps.

  • BSP (Bangko Sentral ng Pilipinas) – Regulates banks, pawnshops, EMIs, and other BSP-supervised institutions that also offer loans. If the lender is a bank or pawnshop, the BSP—not the SEC—will be the primary prudential regulator.

  • CDA (Cooperative Development Authority) – Regulates credit cooperatives that lend to their members. Cooperatives are not SEC-registered corporations and do not need an SEC CA; they must be CDA-registered and compliant.

  • Microfinance NGOs – Accredited under the Microfinance NGOs Act (RA 10693); not SEC-licensed as lending/financing companies but still subject to consumer protection laws.

  • National Privacy Commission (NPC) – Enforces the Data Privacy Act (RA 10173). Critical for loan apps and any lender processing personal data. NPC acts on debt-shaming, contact list harvesting, and unlawful data sharing.

  • AMLC (Anti-Money Laundering Council)Lending and financing companies are “covered persons” under the Anti-Money Laundering Act (RA 9160, as amended). Legitimate entities must register with AMLC and implement KYC/AML controls.

  • Financial Consumer Protection Act (RA 11765) – Applies to financial service providers supervised by the SEC, BSP, and Insurance Commission. It prohibits unfair, abusive, or deceptive acts/practices and mandates complaint handling and disclosures.

  • Truth in Lending Act (RA 3765) – Requires clear disclosure of the finance charge and the effective interest rate before you sign.

Key takeaway: A lender’s legitimacy depends on (1) having the right regulator for its business model, and (2) holding the correct license from that regulator.

What counts as a “lending company” vs a “financing company”?

  • Lending company (RA 9474) – A corporation primarily engaged in granting loans from its own capital. Sole proprietorships and partnerships are not allowed to operate as “lending companies” under this law.
  • Financing company (RA 8556) – Also a corporation, generally engaged in extending credit via various modalities (e.g., consumer finance, commercial finance, leasing).
  • Both need SEC corporate registration and a Certificate of Authority before they can legally operate.

(Some banks, pawnshops, and cooperatives also lend—but they are regulated by BSP or CDA instead. Verify the correct regime first.)

The documents you should see (and how to review them)

Ask the lender to provide legible copies (or allow in-person inspection) of:

  1. SEC Certificate of Incorporation/Registration – Proves it’s a corporation and shows the exact corporate name and Company Reg. No.

  2. SEC Certificate of Authority (CA) to Operate as a Lending/Financing Company – This is the license to lend.

    • The CA should identify the company (exact name, not just a trade name).
    • Check the issue/effectivity date and whether it mentions lending/financing authority.
    • If the CA is revoked/suspended, they cannot legally lend.

  3. Articles of Incorporation and By-laws – Check the Primary Purpose clause (it should expressly cover lending/financing).

  4. Business/Mayor’s Permit and Barangay Clearance – For the branch or office dealing with you.

  5. BIR Registration (Form 2303) – Confirms tax registration.

  6. AMLC Registration (or at least KYC/AML policy snippets) – A good sign they’re compliant if they can discuss AML obligations.

  7. For OLPs / loan apps:

    • Company behind the app (must be the SEC-licensed entity).
    • DPO (Data Protection Officer) details and Privacy Notice compliant with the Data Privacy Act.
    • Registered OLP name(s) should match what the SEC recognizes (unlicensed white-label apps are a red flag).

Tip: The name on the CA must match exactly the name on your loan agreement, receipts, and the app/store listing. “Doing business as” names should be properly disclosed.

How to verify (step-by-step)

  1. Identify the exact entity

    • Get the full corporate name, principal office address, branch address, phone, and email.
    • Ask: “Are you a lending company, financing company, bank, pawnshop, or cooperative?”

  2. Match paper to reality

    • Compare the name on the CA with the name on the contract, official receipts, website/app, and communications.
    • The office and branch addresses on permits should match where they operate.

  3. Check official registries/advisories

    • SEC: Confirm the corporation exists and that it has an active CA as a lending/financing company; look for advisories, revocations, or cease-and-desist orders against the entity, its app(s), or officers.
    • SEC OLP list: If you’re using a loan app, verify the app name (and publisher) appears on the SEC’s authorized OLP list for the same licensed company.
    • BSP: If the entity claims to be a bank or pawnshop, it should appear among BSP-supervised institutions.
    • CDA: If it claims to be a cooperative, confirm its registration and that your relationship is as a member-borrower.
    • NPC: Check for NPC orders or decisions involving the lender (e.g., debt-shaming cases).

  4. Examine the contract and disclosures

    • Look for a Disclosure Statement compliant with the Truth in Lending Act and the Financial Consumer Protection Act.
    • The lender should disclose: amount financed, all fees/charges, schedule of payments, effective interest rate (EIR), penalties, and collection/late-payment policies.
    • Hidden fees or refusal to provide a pre-signing disclosure are red flags.

  5. Assess collection and privacy practices before you borrow

    • Legit lenders do not require broad access to your contacts, photos, or unrelated device data.
    • They should not threaten arrest, public shaming, contacting your employer/relatives, or posting your information online.
    • Ask about their complaint-handling process (required under the FCP Act) and their DPO contact.

  6. Validate identity of staff

    • In branches: ask for company ID, agent authorization, and official receipts (with the exact corporate name and TIN).
    • Online: verify official email domains and phone numbers listed in formal documents match what you’re interacting with.

Special cases: Banks, pawnshops, cooperatives, and NGOs

  • Banks & pawnshops – Not SEC-licensed as lending/financing companies; they’re BSP-supervised. If a lender claims to be a bank but you can’t find it among BSP-supervised institutions, walk away.
  • Cooperatives – Must be CDA-registered and usually lend only to members. If you’re not a member and they offer you a “coop loan,” be cautious.
  • Microfinance NGOs – Look for proper accreditation and compliance; they often serve specific low-income segments with capped or program-based pricing.

Interest, fees, and pricing caps (what to expect)

  • The Usury Law ceilings were suspended decades ago, which is why very high nominal rates proliferated in the past.
  • However, for certain small, short-term consumer loans, the SEC has imposed interest/fee caps via memorandum circulars (particularly relevant to OLPs and small-ticket loans).
  • Expect to see explicit disclosure of the effective interest rate (EIR), not just a “per day” or “per week” rate.
  • Because caps and coverage can change, always check the latest SEC circulars and the exact loan size/tenor that the cap applies to.

Rule of thumb: If the pricing seems opaque or the lender won’t provide a consolidated EIR including all mandatory fees, that’s a red flag.

Red flags (high-risk indicators)

  • No SEC CA (or claims “SEC registration pending”).
  • Sole proprietorship claiming to be a “lending company” under RA 9474.
  • App not listed among authorized OLPs; the company behind the app is different from the one on the CA.
  • Demands advance fees before loan release (beyond disclosed, reasonable processing fees).
  • Asks for your phone’s contact list, gallery, or unrelated permissions; threatens debt-shaming or contacting your employer/family.
  • No physical office or uses a virtual address only; refuses site visits.
  • BSP name-dropping when they are not a bank/pawnshop.
  • Aggressive, time-pressure sales (“sign now or rate doubles”).
  • Unclear receipts or cash-only with no official receipt (OR).
  • Promises guaranteed returns to “investors” funding their loans (that can be an unregistered securities offering).

Practical checklists

A. Before you sign

  • Full corporate name and exact address obtained
  • SEC Certificate of Incorporation reviewed
  • SEC Certificate of Authority to Operate reviewed
  • Business/Mayor’s Permit and BIR Form 2303 checked
  • If via app: app name and publisher match the SEC-licensed entity; OLP authorization confirmed
  • Disclosure Statement (RA 3765) received before signing
  • Total cash to receive, total to repay, schedule, EIR clearly stated
  • Penalties, default triggers, and collection policies understood
  • Privacy Notice read; DPO contact noted
  • Complaints channel and turnaround time understood

B. Documents to keep

  • Signed loan agreement and Disclosure Statement
  • Official receipts for every payment
  • Screenshots/copies of app pages, emails, and SMS
  • Copies of IDs of the officer/agent who processed your loan

What legitimate collection looks like (and what’s illegal)

Allowed (generally):

  • Calling the borrower at reasonable hours, sending reminders, and demanding payment professionally
  • Charging contractual late fees/penalties if clearly disclosed and lawful
  • Filing civil actions for collection or enforcing collateral per law and contract

Not allowed (generally):

  • Public shaming (posting photos, group chats, mass texts to contacts)
  • Threats of arrest for civil debt (there is no imprisonment for non-payment of a purely civil loan)
  • Harassment, obscene language, or threats of violence
  • Contacting your employer/relatives without lawful basis or consent consistent with the Data Privacy Act
  • Taking device data beyond what’s necessary and disclosed

If something seems off: where and how to complain

  1. SEC (primary for lending/financing companies & OLPs)

    • File complaints with the SEC’s enforcement arm. Attach: IDs, contracts, ORs, screenshots, chat logs, call recordings, and the app’s details.
    • For illegal apps or unlicensed entities, SEC can issue advisories and enforcement actions.

  2. National Privacy Commission (NPC)

    • For data privacy breaches: debt-shaming, harvesting of contacts/photos, or unauthorized disclosures. Provide screenshots and app permission logs.

  3. BSP Consumer Assistance

    • If your counterparty is a bank or pawnshop. (If you discover it’s not BSP-supervised after all, switch to SEC.)

  4. Law enforcement / cybercrime units

    • For extortion, threats, or doxxing. Bring all evidence (keep originals and digital copies with timestamps).

  5. Local government unit (LGU)

    • Report unpermitted branches or operations without business permits.

Preserve evidence. Keep a timeline, copies of all communications, and a running ledger of amounts paid.

Common myths (and the facts)

  • Myth: “We’re SEC-registered as a corporation, so we can lend.” Fact: You need the SEC Certificate of Authority to engage in lending/financing.

  • Myth: “Non-payment means you’ll be jailed.” Fact: No imprisonment for purely civil loan non-payment. Criminal liability may arise only for separate crimes (e.g., threats, estafa with elements, BP 22 for bouncing checks, etc.), which are not automatic.

  • Myth: “Apps can access your contacts because you clicked allow.” Fact: Consent must be informed, specific, and purpose-compatible under the Data Privacy Act. Excessive or coercive data collection can be unlawful—even if permissions were technically granted.

  • Myth: “There are no interest caps in the Philippines.” Fact: While general usury ceilings were suspended, the SEC has set caps for specific small loans/OLPs and disclosure rules always apply.

Sample due-diligence request (you can copy-paste)

Hello, Before proceeding, please send (or make available onsite) the following for verification:

  1. SEC Certificate of Incorporation; 2) SEC Certificate of Authority to Operate as a [Lending/Financing] Company; 3) Business/Mayor’s Permit for the branch handling my loan; 4) BIR Form 2303; 5) Loan Disclosure Statement (RA 3765) with total charges and EIR; 6) Privacy Notice and DPO contact; 7) If via app: the official app name/publisher and confirmation that the OLP is authorized by the SEC. Thanks!

Quick FAQ

Q: The company shows me a DTI “Business Name” certificate only. Legit? A: Not for a lending company. Under RA 9474, lending/financing must be done by a corporation with an SEC CA. A DTI certificate alone (for a sole proprietorship) is not sufficient to operate as a lending company.

Q: The contract uses a different name from the CA. A: Names must match. If a trade name/DBA is used, it should be properly disclosed and traceable to the same SEC-licensed corporation.

Q: The agent claims the CA is “for head office” only. A: Branches should be properly registered/notified with permits. You should still be dealing on behalf of the same licensed corporation.

Q: The app works but the company says their license is “under renewal.” A: Lending without a valid, current CA can be illegal. Do not proceed until fully verified.

Final notes and cautions

  • Licensing and pricing caps can change. Before you borrow, re-check the latest SEC issuances and (for banks/pawnshops) BSP rules.
  • Keep everything in writing and insist on compliant pre-contract disclosures.
  • When in doubt, consult a Philippine lawyer or a reputable consumer/legal aid group and bring your documents for review.

If you want, tell me the exact name of the company or the app name you’re checking and I’ll walk you through a line-by-line validation against these steps (no web search needed).

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login