How to Verify If a Lending Company Is Legitimate and SEC-Registered (Philippines)

How to Verify If a Lending Company Is Legitimate and SEC-Registered (Philippines)

Philippine legal guide for consumers and MSMEs. General information only; not a substitute for legal advice.

Executive summary

A legitimate lending company in the Philippines must:

  1. Be organized as a corporation, not a sole proprietorship or partnership, and
  2. Hold a Certificate of Authority (CA) from the Securities and Exchange Commission (SEC) to operate as a Lending Company (under the Lending Company Regulation Act of 2007) or as a Financing Company (under the Financing Company Act of 1998).

If it lends primarily through a mobile app or website, its online lending platform (OLP) must also be registered with the SEC. Legit lenders comply with Truth in Lending, Data Privacy, Anti-Money Laundering, and consumer-protection rules. This guide shows you exactly how to check.

Who regulates what (at a glance)

  • SEC – Corporations; issues Certificate of Authority to lending and financing companies; registers online lending platforms; enforces disclosure and fair collection rules.
  • BSP (Bangko Sentral ng Pilipinas)Banks, quasi-banks, pawnshops, electronic money issuers, operators of payment systems, and money service businesses (not ordinary lending companies).
  • CDA (Cooperative Development Authority)Cooperatives (may lend to members only).
  • MNRC / DOFMicrofinance NGOs (MF-NGO Certification; typically serve low-income clients).
  • NPC (National Privacy Commission)Data Privacy Act compliance (e.g., loan-app permissions, contact scraping).
  • AMLC (Anti-Money Laundering Council)KYC/AML obligations for covered persons (includes SEC-supervised lending/financing companies).
  • LGUs & BIRMayor’s/Business permits, BIR Certificate of Registration (Form 2303), and official receipts.

The 10-minute legitimacy checklist

Use this for a quick triage before you borrow:

  1. Entity type – Are they a corporation (Inc./Corp.)? If they show only a DTI certificate (sole prop), that’s a red flag for a “lending investor” operating outside the law.
  2. SEC basic registration – Ask for the SEC Registration Number and Articles of Incorporation.
  3. SEC Certificate of Authority – Ask for their CA to operate as a Lending Company/Financing Company. Screenshots are not enough—request a copy or the exact CA number and issuance date.
  4. Name match – The corporate name on the CA must match the name on the contract, receipts, payment account, and app/website imprint. Brand names are fine, but the underlying corporation must be clear.
  5. Online lending? – If they use an app or site, confirm the OLP is SEC-registered and linked to the same corporation.
  6. Local & tax – Check current Mayor’s Permit, BIR Form 2303, and that official receipts are issued for fees/repayments.
  7. Truth-in-lending disclosure – Before you sign, they must show the total cost (effective interest rate), all fees, amortization schedule, penalties, and prepayment termsin writing.
  8. Privacy & permissions – There must be a clear privacy notice; mobile apps should not demand blanket access to your contacts/photos/SMS without a lawful purpose and valid consent.
  9. KYC – Legit lenders do know-your-customer: valid ID, and sometimes proof of address/income. “No-ID, instant release” is a red flag.
  10. Payments & collection – Payments should go to a company account in the corporate name. Collection must be professional—no threats, shaming, or contacting your relatives/office to coerce payment.

If the lender fails any of 2–5, walk away.

Deep-dive: Step-by-step verification

1) Identify the lender’s category

  • Bank/rural bank/thrift bankBSP-supervised, not SEC CA as a lending company. You can still ask for their banking license details.
  • Lending companySEC CA required under the Lending Company Regulation Act (RA 9474).
  • Financing companySEC CA required under the Financing Company Act (RA 8556) (often larger, may offer installment/BNPL or business financing).
  • CooperativeCDA-registered, lending only to members; no SEC CA as a lending company.
  • Microfinance NGO → SEC-registered non-stock entity with MF-NGO Certification from MNRC; subject to program rules.
  • PawnshopBSP-supervised, lends against pledged collateral (not unsecured cash loans).
  • BNPL brand / loan app → Usually front-end only; the credit provider behind it must be a bank or an SEC-licensed financing/lending company. Verify the backing entity.

2) Confirm corporate existence & authority

Ask for copies (or exact IDs) of:

  • SEC Certificate of Incorporation (corporate registration number and date).
  • SEC Certificate of Authority to operate as a Lending or Financing Company (distinct from basic registration; it’s a secondary license).
  • Board resolution authorizing the branch/OLP or the officer signing your loan documents (for larger loans).

Name hygiene: The corporate name on the CA should appear in:

  • The promissory note/loan agreement,
  • Official receipts, and
  • Payment instructions (bank account or e-wallet merchant name). If they insist on paying to a personal account or a name that doesn’t match, treat as high risk.

3) Online lending platforms (OLPs) and mobile apps

  • The app/website must be registered with the SEC and tied to the licensed company that actually extends the credit.
  • Expect terms of use, privacy notice, company imprint (corporate name, address, and contact details), and a working complaints channel.
  • App permissions should be proportionate (identity verification, fraud checks). Mass contact scraping, shaming, or coercive messaging are unlawful.

4) Local permits and tax compliance

  • Mayor’s/Business Permit for the current year (head office and, where applicable, branch).
  • BIR Certificate of Registration (Form 2303) and valid official receipts (OR). Every fee or repayment should be covered by an OR.

5) Contract & disclosures (your non-negotiables)

Under the Truth in Lending Act (RA 3765) and consumer-protection rules, insist on written, pre-contract disclosure of:

  • Principal, term, installment schedule;
  • Finance charge(s) and effective interest rate (EIR/APR);
  • All fees (processing, disbursement, collection, platform fees);
  • Late-payment penalties and how they’re computed;
  • Prepayment: any prepayment fee or rebate;
  • Security/collateral (if any), and default/acceleration clauses.

No disclosure, no deal.

6) Data privacy compliance (RA 10173)

A compliant lender will:

  • Present a clear privacy notice (purpose, legal basis, data sharing, retention, and your rights).
  • Seek valid consent for optional data (e.g., device permissions), separate from consent to the loan itself.
  • Provide a Data Protection Officer (DPO) contact for complaints and data-subject requests.
  • Avoid loan shaming: publishing your debt, spamming your contacts, or coercive calls can trigger privacy and consumer-protection liability.

7) AML/CFT basics (RA 9160, as amended)

Covered lending/financing companies must:

  • Perform KYC (expect ID checks; for bigger loans, expect more verification).
  • Report suspicious transactions to AMLC and keep records. If a “lender” never asks who you are, be skeptical.

8) Pricing & fees: what’s legal?

  • The Usury Law ceiling is effectively suspended, so there’s no general cap on interest by law; however, lenders must fully disclose the total cost and are subject to consumer-protection oversight against abusive pricing, hidden fees, or deception.
  • The SEC has issued specific caps for certain small, short-term loans by lending/financing companies via memorandum circulars; confirm whether your loan falls under any current cap and how the lender computes EIR.
  • Rule of thumb: focus on EIR/APR, not just “monthly rate”. Very short terms with “processing fees” can explode into triple-digit APRs—a common red flag.

9) Collections: conduct rules

Legitimate collectors must not:

  • Threaten violence, use profanity, or shame you by contacting relatives/employers;
  • Misrepresent legal processes (e.g., “we already filed a case” when they haven’t);
  • Publicly post your personal data. They should identify the company, state the amount due, provide official references, and communicate within reasonable hours via agreed channels.

Red flags that usually mean “walk away”

  • Only a DTI certificate or barangay permit is shown for a “lending investor” (no SEC CA).
  • Name mismatches between the app/website, contract, and payment account.
  • Unregistered OLP/app, or the app asks for excessive permissions (contacts/photos/SMS) unrelated to credit.
  • Advance-fee scams (“Pay ₱1,500 first to unlock your loan”).
  • Guaranteed approval, no ID needed, or instant release to a personal wallet.
  • No OR for fees or repayments; instructions to pay a personal account.
  • Harassment or loan shaming tactics during marketing or collection.
  • They refuse to provide copies of their SEC CA, Mayor’s Permit, or BIR registration.

What legitimate lenders will typically ask from you

  • Valid government ID, sometimes selfie liveness check.
  • Basic KYC data and contact details; sometimes proof of income or address.
  • Consent to retrieve a credit report from the Credit Information Corporation (CIC) or private credit bureaus.
  • Contactable references (but they cannot harass them or disclose your debt).

If something goes wrong: your escalation map

  1. Document everything – screenshots, call logs, messages, receipts, and copies of IDs you shared.

  2. Complain to the lender – Use their official complaints channel; ask for a ticket/reference number.

  3. Regulatory complaints

    • SEC (for lending/financing companies and OLP abuses—licensing, unfair collection, deceptive pricing).
    • NPC (for privacy violations like contact scraping, doxxing/shaming).
    • BSP (if the entity is a bank/pawnshop/e-money issuer).
    • CDA (if a cooperative is lending to non-members or violating coop rules).

  4. Law enforcementPNP/ACG for cyber-harassment, extortion, identity misuse; NBI for large-scale fraud.

  5. Civil remedies – Send a demand letter; consider Small Claims Court (no lawyer required) for money disputes up to ₱1,000,000 (as of 2024), using the Supreme Court’s small-claims rules.

  6. Preserve your rights – Never sign “quitclaims” that waive privacy or consumer rights in exchange for processing or collection “discounts”.

FAQs

Q: What’s the difference between a lending company and a financing company? A: Both need an SEC Certificate of Authority. Lending companies typically extend loans funded by their own capital to individuals or MSMEs; financing companies often run broader credit businesses (e.g., installment plans, receivables financing, BNPL partnerships) and generally face higher capitalization and additional prudential expectations.

Q: Are loan apps legal? A: Yes—if the app/platform is SEC-registered and the creditor behind it is a licensed bank or SEC-authorized lending/financing company. Unregistered apps or platforms are illegal.

Q: Can they access my phone contacts? A: Not without a lawful purpose and valid consent. Harvesting contacts to shame or coerce payment violates privacy and consumer-protection rules.

Q: Is there a cooling-off period for loans? A: Philippine law does not generally mandate a universal cooling-off period for consumer loans. Some providers may offer one contractually; if it matters to you, insist it be written.

Q: Are interest caps in force? A: There’s no general usury cap, but regulators (especially the SEC for non-bank lenders) may impose specific caps on certain small/short-term loans. Always look at the effective interest rate (EIR/APR) and total cost.

Practical tools you can use (no links needed)

  • Ask for and keep copies of the SEC CA, Mayor’s Permit, BIR 2303, privacy notice, and the loan disclosure statement.
  • Compare the corporate name across the CA, contract, receipts, and the account name you’re paying.
  • For app loans, check the developer/corporate imprint inside the app (About/Imprint/Privacy).
  • Run a simple EIR sanity check: If you borrow ₱5,000 for 14 days and must repay ₱6,000, the fee is ₱1,000 in 14 days—about 20% for half a month, which annualizes to a triple-digit APR. That’s a classic red flag.

Minimal paper trail you should insist on

  • Pre-contract disclosure with EIR/APR and fee breakdown;
  • Promissory Note/Loan Agreement (signed);
  • Schedule of amortizations;
  • Official Receipts for every fee and repayment;
  • Data privacy consent and privacy notice;
  • Payment instructions showing the corporate account name.

Key laws & rules to know (for orientation)

  • RA 9474 – Lending Company Regulation Act of 2007 (SEC CA for lending companies)
  • RA 8556 – Financing Company Act of 1998 (SEC CA for financing companies)
  • RA 3765 – Truth in Lending Act (pre-contract disclosure of finance charges/EIR)
  • RA 11765 (2022) – Financial Products and Services Consumer Protection Act (fair treatment, redress, and enforcement powers)
  • RA 10173 – Data Privacy Act of 2012 (privacy rights; DPO; lawful processing)
  • RA 9160, as amended – Anti-Money Laundering Act (KYC/reporting)
  • RA 9510 – Credit Information System Act (CIC; consented credit checks)
  • Consumer Act (RA 7394) and Revised Corporation Code – general consumer and corporate conduct rules

Bottom line

A lender is legit when (1) it is a corporation, (2) it holds the correct SEC Certificate of Authority, (3) any online platform it uses is SEC-registered, and (4) it obeys disclosure, privacy, AML, and fair-collection standards. If you can’t verify these quickly—or if you spot name mismatches, unregistered apps, no ORs, or harassment—treat it as unsafe and don’t proceed.

If you want, tell me the exact name of the lender/app and what documents they gave you, and I’ll walk you through the checklist against those details.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login