How to Verify if a Lending Company Is Legitimate in the Philippines (SEC Checklist)

Here’s a practical, law-grounded guide you can use (and print) to check whether a lending company is legitimate in the Philippines. I’ll focus on the Securities and Exchange Commission (SEC) requirements and the adjacent rules that borrowers actually encounter.

How to Verify if a Lending Company Is Legitimate in the Philippines

(SEC checklist + practical borrower tips)

Bottom line: A legitimate Philippine lending company must be a corporation registered with the SEC and must hold a SEC Certificate of Authority (CA) to operate as a lending company. Everything else—apps, storefronts, agents—hinges on that CA.

1) Know who regulates what

  • SEC – Registers corporations and supervises lending companies (RA 9474, “Lending Company Regulation Act”) and financing companies (RA 8556). It issues the Certificate of Authority (CA) required to lend to the public (non-deposit-taking).
  • BSP – Regulates banks, pawnshops, and other BSP-supervised financial institutions; not ordinary SEC-licensed lending companies.
  • CDA – Regulates cooperatives (co-ops) that lend to their members.
  • NPC – Enforces the Data Privacy Act (RA 10173), which matters for loan apps and debt collection practices.
  • AMLC – Enforces Anti-Money Laundering Act (RA 9160). Lending/financing companies are “covered persons.”
  • DOJ/NBI/PNP – For criminal complaints (e.g., estafa, threats, cyber-harassment).
  • LGU & BIR – Mayor’s/Business permits and BIR registration/official receipts.

2) The SEC “Legitimacy” Checklist (what to ask for and look at)

Use this as your core due-diligence list. A legit lender should be able to show or send these without excuses.

A. Corporate & licensing

  • SEC Registration (Articles/By-Laws, SEC Registration Number; name typically includes “Lending Company” or “Lending Investor”).

  • SEC Certificate of Authority (CA) to operate as a lending company under RA 9474.

    • Must be physically posted at the principal office or provided digitally for online-only lenders.
    • Details to check: exact corporate name, CA number, and address match what they use publicly (app, website, receipts).

  • Branch notices/approvals if they operate branches distinct from the principal office.

  • Minimum paid-in capital: at least ₱1,000,000 (statutory minimum under RA 9474). Ask for proof if something looks small/fly-by-night.

  • Prohibition on deposit-taking: They must not accept “deposits.” Only banks can.

B. Operational disclosures (before you sign)

  • Disclosure Statement per the Truth in Lending Act (RA 3765) before loan release: must show the total cost of credit—interest, all fees/charges, penalties, and repayment schedule, in pesos and rates.
  • Clear contract: loan amount, net proceeds after fees, schedule, how penalties are computed, default/acceleration clauses, and complaint channels.
  • Official Receipts (ORs) from a BIR-registered entity for any payment or fee.

C. Online lending platforms (OLPs) / loan apps

  • OLP/App ownership clearly names the same SEC-licensed corporation (not just a generic brand).
  • App/website lists registered business name, address, email/phone that match the SEC records.
  • Privacy Notice and Data Protection Officer contact per the Data Privacy Act; permissions requested by the app are proportionate (accessing contacts/photos without clear necessity is a red flag).
  • If the app brand ≠ corporate name, the lender should identify itself as the SEC-licensed operator of that app.

D. Compliance culture

  • AML/KYC: They ask for valid IDs and do customer due diligence (that’s a good sign).
  • Debt collection: Policies follow SEC’s rules against abusive collection (no threats, doxxing, shaming, workplace/family harassment).
  • Financial Consumer Protection Act (RA 11765): Has consumer-assistance channels and a way to escalate complaints to the SEC.

3) Step-by-step verification (practical flow)

  1. Ask for the SEC CA (photo/PDF). Compare the corporate name + address with their contract, receipts, and app/website.
  2. Check identity consistency across everything you see: app store listing developer name → website footer → contract header → OR header → CA name.
  3. Assess disclosures: Did they give you a Disclosure Statement with a clear, total peso amount you’ll pay? Are all fees (processing, convenience, disbursement) shown?
  4. Inspect collection terms: Are penalties liquidated and reasonable? Is there no waiver of your rights or blanket consent to harass your contacts?
  5. Check business presence: Office address that exists, working landline or business email (not only messenger handles).
  6. Look for red flags (next section). If anything feels off, walk away and report.

4) Red flags (walk away if you see these)

  • No SEC CA or they dodge the request (“We’ll send later,” “Not with us,” “Confidential”).
  • Mismatched names: App/receipt/contract uses a different company than what’s on the CA.
  • Advance-fee demands before approval or release (especially via e-wallet loads).
  • Access to phone contacts/photos without a legitimate, disclosed purpose; threats to call family/employer.
  • “Guaranteed approval” with no KYC, or asking for surrender of ATM card, PIN, or government IDs.
  • No written Disclosure Statement; fees balloon after the fact; ORs not issued.
  • Harassment scripts or public shaming tactics (posters, blast texts, group chats).
  • They claim to accept “deposits” or operate like a bank.
  • Unrealistic rates and daily penalty multipliers that aren’t plainly disclosed.

5) What the law expects from legitimate lenders (borrower-relevant points)

  • Corporate form & capital: Must be a corporation with at least ₱1M paid-in capital (RA 9474).
  • Secondary license (CA): Lending without a CA is illegal and subject to SEC enforcement, including criminal and administrative penalties.
  • Truth in Lending (RA 3765): Full, clear disclosure before you sign; no hidden or undisclosed charges.
  • Financial Consumer Protection Act (RA 11765): Prohibits abusive collection, mis-selling, and unfair terms. Regulators can order restitution and impose penalties.
  • Data Privacy Act (RA 10173): Collect only necessary data; process it lawfully; no unauthorized scraping of contacts/photos; provide a privacy notice and DPO contact.
  • Anti-Money Laundering (RA 9160): Expect KYC; suspicious/threshold transactions may be reported to AMLC.
  • No deposit-taking: Only banks can accept deposits.
  • Interest & fee controls: The Usury Law ceilings are suspended, but the SEC has, from time to time, imposed caps and cost-of-credit limits for certain small, short-term consumer loans (especially via loan apps). These caps and definitions can change—legit lenders track and comply with the current SEC circulars.

Tip: Even when a cap applies, you should still compute Total Cost of Credit: Total Payable = Principal + (Stated Interest) + (All Fees/Charges) + (Penalties, if any). Compare this across lenders using the same loan term.

6) Special cases (so you don’t mix them up)

  • Financing companies (RA 8556): Also SEC-regulated and need a CA, but they typically finance installment sales, receivables, etc. Verification steps are similar.
  • Banks (BSP-regulated): Don’t need an SEC CA; verify via BSP.
  • Pawnshops (BSP-regulated): Not lending companies; verify via BSP.
  • Co-ops (CDA-regulated): Lend to members; verify via CDA.
  • Crowdfunding/P2P: Follow separate SEC rules; platforms must be SEC-authorized.

7) How to document your verification

Keep a mini “audit trail” (photos or PDFs):

  • SEC Certificate of Authority and SEC Registration (first and last page of Articles).
  • Copy of Disclosure Statement and Loan Agreement.
  • Official Receipts for fees and repayments.
  • App screenshots: developer name, permissions requested, privacy policy.
  • Customer service email/phone and timestamps of your inquiries.

If the lender refuses to provide any of the above, don’t proceed.

8) If you’ve been harassed or scammed

  1. Stop engaging with abusive collectors; keep screenshots, recordings, caller IDs.
  2. Complain to the SEC (Enforcement/Investor Protection). Provide: company/app name, CA (if any), numbers, messages, and proof of payment.
  3. NPC complaint for data-privacy violations (e.g., contact-list harassment, doxxing).
  4. Criminal report to NBI/PNP if there are threats, extortion, defamation, identity theft.
  5. Civil options: consider a lawyer for damages/injunction, especially if employment was affected by shaming.
  6. Platform takedown: Report abusive apps to Apple App Store/Google Play for policy violations (privacy/harassment).
  7. Inform your employer/contacts (if harassed) that disclosures were unauthorized and are under investigation.

9) Quick 60-second pre-loan triage

  • Do they instantly provide a SEC CA that matches their name?
  • Is there a Disclosure Statement with the total peso cost (all-in)?
  • Are ORs issued?
  • Are app permissions reasonable, and is there a privacy notice?
  • Any hint of harassment or advance fees? If yes, stop.

10) Borrower FAQs

Q: Is a SEC Registration Certificate alone enough? A: No. They must have a Certificate of Authority specifically authorizing lending under RA 9474.

Q: The app shows a brand name different from the company—okay? A: Only if the operator is clearly identified and it’s the SEC-licensed entity you can verify.

Q: Are interest rates capped? A: There’s no general usury ceiling, but SEC has issued circulars capping the cost of certain small/short-term loans, particularly for online lenders. Caps change—legit lenders follow the current circulars and disclose the total cost up front.

Q: Can they keep my ATM card or government ID as collateral? A: That’s a major red flag. Legit lenders don’t require ATM cards/PINs or ID surrender.

Q: They said they’ll “call my employer and family.” A: Abusive collection and privacy violations can lead to SEC/NPC sanctions. Save evidence and report.

11) Templates you can reuse

A. Ask for proof (SMS/Email) “Hi, before I proceed, please send (1) your SEC Certificate of Authority to operate as a lending company, (2) your SEC Registration (corporate name must match the CA), and (3) your Disclosure Statement showing all fees and the total amount payable. Thanks.”

B. Simple complaint outline (SEC/NPC/NBI)

  • Your full name & contact
  • Lender/app brand and corporate name (if known)
  • Dates of transaction/collection
  • What happened (facts, not opinions)
  • Proof: screenshots, receipts, CA copy (or refusal), messages/voice notes
  • What you want (e.g., stop harassment, correct charges, refund, penalties on lender)

12) Final reminders

  • No CA, no loan. Refusal to show a CA is your cue to walk away.
  • Get it in writing. If it’s not on the Disclosure Statement or contract, treat promises as non-existent.
  • Protect your data. Only give what’s necessary; deny intrusive app permissions.
  • Compare total cost, not just rate. Fees + penalties matter more than the headline APR.
  • When in doubt, don’t sign. Report suspicious lenders.

This guide is general information, not legal advice. If you have an ongoing dispute or suffered losses/harassment, consider consulting a Philippine lawyer for tailored advice and remedies.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login