How to Verify if a Lending Company Is Legitimate in the Philippines

This practical legal guide explains how to verify a lender’s status in the Philippines, what documents and disclosures you should see, how the law protects you, common red flags, and where to report abuses. It covers banks, non-bank lenders (lending and financing companies), online lending apps, and cooperatives.

1) Know who regulates whom

Different regulators oversee different types of lenders. Step one is to identify the entity type.

  • Banks and their subsidiaries/affiliates engaged in lending → supervised by the Bangko Sentral ng Pilipinas (BSP) under the New Central Bank Act, the General Banking Law, and allied circulars.
  • Lending companies (organized under the Lending Company Regulation Act of 2007, R.A. 9474, and its IRR) and financing companies (under the Financing Company Act, R.A. 8556, as amended) → Securities and Exchange Commission (SEC).
  • Insurance-related credit (e.g., credit life bundled with a loan) → Insurance Commission (IC) (for the insurance component).
  • Cooperatives offering credit to their members → Cooperative Development Authority (CDA).
  • All financial service providers, including digital lenders and online lending apps (OLAs) → consumer-protection powers under the Financial Products and Services Consumer Protection Act (R.A. 11765, 2022) shared by BSP/SEC/IC.
  • Data handling by apps and collectorsNational Privacy Commission (NPC) under the Data Privacy Act (R.A. 10173).
  • Anti-money laundering complianceAMLC (R.A. 9160, as amended)—lending/financing companies are covered persons.

2) Mandatory registrations and authorizations you should verify

A. For lending/financing companies (non-bank)

  1. SEC Certificate of Incorporation (or Registration, for partnerships).

  2. SEC Certificate of Authority (CA) to Operate as a Lending Company (R.A. 9474) or Financing Company (R.A. 8556).

    • The CA is separate from the incorporation certificate and is the key license to lend to the public.

  3. Local Government Unit (LGU) permits (Mayor’s/Business Permit) for each branch.

  4. BIR registration (Certificate of Registration, official receipts with valid Authority to Print, TIN).

  5. DTI business name applies only to sole proprietors (rare for regulated lenders; most are corporations).

  6. AMLC registration and Know-Your-Customer (KYC) procedures (good sign they’re legitimate).

Tip: Ask for their exact legal name, SEC Registration No., and SEC CA No. Genuine companies share these without hesitation and they match public records.

B. For banks

  • Verify the BSP-supervised bank name and branch. Ask for its BSP Universal/Commercial/Thrift/Rural bank status and confirm the branch address.

C. For cooperatives

  • Look for CDA Certificate of Registration and the cooperative’s authority to provide credit (usually in its by-laws). Lending should be to members.

3) How to independently check status (no special access required)

Even without naming specific web pages, the following checks are standard and expected:

  1. SEC public lists

    • Check:

      • If the company name appears as registered;
      • If it has an active Certificate of Authority (CA) as lending/financing company;
      • If it appears on advisories, revocation, or “blacklist” notices.

  2. BSP directory

    • Confirm banks and BSP-supervised institutions (and their branches).

  3. CDA registry

    • Confirm the cooperative and its scope of activities (lending to members).

  4. BIR verifications

    • Official receipts must bear BIR Authority to Print, TIN, and business name/address.

  5. LGU

    • Call the City/Municipal Business Permits office to confirm the current business permit for the exact trade name and address.

  6. NPC

    • For OLAs, check if the operator has a privacy notice, data processing details, and DPO contact; you can also look up NPC decisions or advisories involving their brand.

Practical script: “Hi, I’m verifying a lender’s status before transacting. Could you confirm if [Exact Corporate Name] with SEC Reg. No. [____] holds an active Certificate of Authority as a [Lending/Financing] Company, and whether there are adverse orders, revocations, or advisories against it?”

4) Disclosures and contract documents you should see (and what they mean)

Philippine law requires clear, prominent disclosure of credit costs and terms:

  • Truth in Lending Act (R.A. 3765) and its IRR require disclosure of finance charges, annual percentage rate (APR) or effective interest, fees, total amount to be paid, payment schedule, penalties, and security/collateral (if any), before you are bound.
  • R.A. 11765 (FCPA) mandates fair treatment, suitability, clear contracts, effective recourse, and prohibits abusive collection and misleading marketing.
  • Data Privacy Act (R.A. 10173): the lender/app must provide a privacy notice, identify personal data collected, legal bases, retention, sharing, and your rights (access, correction, erasure, objection).
  • Official receipts/invoices must be issued for every payment, bearing BIR-required details.
  • Security/collateral terms must be in writing. Legit lenders do not take custody of ATMs, debit cards, SIMs, or IDs.

5) What legitimate lenders typically do (positive indicators)

  • Provide their full legal name, principal office address, hotline/email, SEC/BSP/CDA numbers, and branch managers’ names.
  • Have a physical office you can visit (even if they operate online).
  • Require KYC (valid government ID, proof of address, face-to-face/video KYC).
  • Give written pre-contract disclosures and a copy of the signed contract.
  • Provide a schedule of charges and penalties upfront and keep them consistent from application to release.
  • Use official collection channels (bank transfer, e-wallets under their corporate name) and issue official receipts.
  • Maintain a complaints/consumer assistance process and provide a turnaround time for resolution.

6) Red flags that strongly suggest an illegal or abusive lender

  • No SEC CA (for lending/financing companies) or no BSP authority (for banks); the name cannot be found in official registries.
  • Different “trade name” vs. corporate name, used to evade prior advisories or revocations.
  • Upfront “processing” or “release” fees demanded before approval, especially via personal accounts.
  • Confiscating your ATM card, ID, SIM, or online banking credentials as “collateral.”
  • Access to your phone contacts or threats to shame you to friends/family (unlawful collection practice; may violate FCPA and Data Privacy Act).
  • Harassing calls/messages at unreasonable hours, doxxing, or threats of arrest (debt is not a criminal offense by itself).
  • Unclear or shifting interest/fees, or refusal to give a written contract and official receipts.
  • “Guaranteed approval” promises without KYC or credit assessment.
  • Loan “agents” using personal e-wallets for disbursement or repayment.
  • Pressure to sign blank documents or post-dated checks without full disclosure.

7) Special considerations for online lending apps (OLAs)

  • App identity must match a real SEC-licensed entity (same corporate name shown in the app, contract, and receipts).
  • The app must display: legal name, SEC Reg. No., SEC CA No., principal address, customer service contacts, privacy notice, and schedule of fees.
  • Permissions requested by the app should be necessary and proportionate (e.g., identity verification). Blanket access to contacts/photos/messages is a red flag and often unlawful.
  • Collection practices must be lawful: no shaming, threats, or contacting people not legally liable for the debt.

8) Interest rates, fees, and the “usury” question

  • The old Usury Law ceilings are effectively suspended, so there is no blanket statutory cap on interest for all loans.
  • But regulators (BSP/SEC) may impose caps or limits for specific products or institutions by circular—e.g., to curb abusive pricing in certain markets.
  • Regardless of caps, R.A. 3765 and R.A. 11765 require clear, upfront disclosure of effective cost of credit and prohibit misleading or abusive practices.
  • Courts may strike down unconscionable interest/penalty charges under civil law (public policy/unconscionability doctrines). Always keep copies of all disclosures.

9) Step-by-step verification checklist (keep this)

  1. Ask for: exact corporate name, SEC Reg. No., SEC Certificate of Authority No., principal address, branch address, hotline, email.

  2. Confirm status with the appropriate registry (SEC/BSP/CDA) and check for advisories or revocations.

  3. Check permits: recent Mayor’s/Business Permit, BIR Certificate of Registration; ensure official receipts are BIR-compliant.

  4. Scrutinize disclosures: interest (APR/effective rate), fees, total payment, schedule, penalties, collateral, privacy notice, complaints process.

  5. Evaluate the contract:

    • Names and addresses match the licensed entity;
    • No blank spaces;
    • No waiver of statutory rights;
    • Clear penalty triggers and amounts;
    • Prepayment/early settlement terms stated.

  6. Assess conduct: legitimate KYC, no ATM/ID confiscation, no harassment, official channels only, receipts issued.

  7. Keep evidence: screenshots, call logs, messages, receipts, copies of IDs/contract versions and timestamps.

10) If something looks wrong: your legal and practical remedies

  • Complain to the right regulator

    • SEC (for lending/financing companies): report unlicensed lending, revoked entities still operating, abusive collection, false disclosures.
    • BSP (for banks and their subsidiaries): consumer assistance for unfair practices or disclosure issues.
    • CDA (for cooperatives): complaints about co-op lending to non-members or governance abuses.
    • NPC: for privacy violations, unlawful contact harvesting, doxxing, and intrusive permissions by apps/collectors.
    • AMLC: suspicious transactions, identity theft/fraud related to credit.

  • Civil actions

    • Annul or reform unconscionable terms; damages for abusive collection and privacy breaches; injunctions against harassment.

  • Criminal actions (when applicable)

    • Estafa (fraud), falsification, grave threats, violation of the Data Privacy Act, and other penal statutes may apply depending on conduct.

  • Digital takedown/reporting

    • App stores and platforms accept reports of unlicensed/abusive OLAs; attach regulator advisories and your evidence.

Evidence matters. Save screenshots, copies of contracts/receipts, caller IDs, and harassing messages, and keep a timeline of events.

11) Frequently asked practical questions

Q: The lender says they’re “SEC-registered,” but can’t show a Certificate of Authority. Is SEC registration enough? A: No. A lending/financing company must have both (i) corporate registration and **(ii) an active SEC Certificate of Authority to legally lend to the public.

Q: The collector is calling my relatives and office mates. Is that allowed? A: Generally no. Contacting third parties not legally liable for the debt, shaming, or threatening conduct can violate R.A. 11765, Data Privacy Act, and SEC rules on unfair debt collection.

Q: The loan was released to me via a staff member’s personal e-wallet. Is that okay? A: Red flag. Legitimate lenders use accounts clearly tied to the licensed entity and issue official receipts.

Q: They want my ATM and PIN as “collateral.” A: Flatly illegal/unlawful practice. Do not proceed.

Q: There’s no cooling-off period in the contract. Can I still cancel? A: The law does not guarantee a universal cooling-off right for loans. However, misrepresentation, lack of required disclosures, or abusive conduct may justify legal remedies. Negotiate, and preserve evidence.

12) Model due-diligence questions to ask any lender

  1. “Please send your SEC Reg. No. and SEC CA No. (or BSP/CDA details for banks/co-ops), principal office address, and branch permits.”
  2. “Share your Schedule of Fees and effective interest (APR), total cost of credit, payment schedule, and penalty computation.”
  3. “Kindly provide your Privacy Notice and DPO contact.”
  4. “What are your official collection channels and how fast do you issue official receipts?”
  5. “What is your consumer complaints process and resolution timeline?”

13) Quick worksheet (printable)

  • ☐ Corporate name exactly matches documents and registries
  • ☐ SEC CA (lending/financing) or BSP bank status verified
  • ☐ No adverse SEC/CDA/BSP advisory or revocation
  • ☐ Valid Mayor’s/Business Permit at the branch you’ll deal with
  • ☐ BIR-compliant receipts and Certificate of Registration
  • ☐ Clear written disclosures (APR/effective rate, fees, penalties, schedule)
  • ☐ Lawful privacy practices; minimal app permissions
  • ☐ Proper KYC; no ATM/ID confiscation
  • ☐ Official accounts for disbursement/repayment; receipts issued
  • ☐ Complaints process provided

14) Bottom line

A lender in the Philippines is legitimate when (1) it holds the right license from the right regulator (SEC CA for lending/financing companies, BSP authority for banks, CDA oversight for co-ops), (2) it discloses all costs under R.A. 3765 and treats you fairly under R.A. 11765, (3) it handles data lawfully under R.A. 10173, and (4) it acts like a professional institution—transparent, documented, and respectful. If any of those pillars are missing, walk away and report the entity.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login