How to Verify if a Lending Company Is Legitimate with SEC Philippines

How to Verify if a Lending Company Is Legitimate with the SEC (Philippines)

Updated for the Philippine legal and regulatory landscape. This is practical guidance—not legal advice.

1) The Legal Basics: Who regulates what?

  • Securities and Exchange Commission (SEC). The primary regulator of lending companies and financing companies in the Philippines.

  • Key statutes and rules.

    • Lending Company Regulation Act of 2007 (R.A. 9474) and its implementing rules—applies to lending companies (business of granting loans from their own funds).
    • Financing Company Act of 1998 (R.A. 8556)—applies to financing companies (e.g., providing credit facilities, purchase of receivables).
    • Financial Products and Services Consumer Protection Act (R.A. 11765, 2022)—cross-cutting consumer-protection standards enforced by the SEC against lending/financing companies.
    • SEC rules on online lending platforms (OLPs) and Prohibition on Unfair Debt Collection Practices (e.g., harassment, threats, “debt shaming”)—binding on lending/financing companies and their agents.

  • Other agencies.

    • National Privacy Commission (NPC). Data privacy abuses (contact scraping, intrusive permissions).
    • BSP (Bangko Sentral). Regulates banks and e-money issuers—not ordinary lending companies.
    • NBI/PNP/DOJ. For criminal acts (extortion, threats, intimidation, cyber harassment).

2) The Golden Rule: Two documents must exist

To lawfully operate, a legitimate lending or financing company must have:

  1. SEC Registration (as a corporation) — Certificate of Incorporation with a company registration number; and
  2. SEC Certificate of Authority (CA) to Operate — this is the license to act as a lending/financing company.

No CA = illegal lending. Registration alone is not enough. The CA number is the critical license you should look for in signage, websites, apps, and contracts.

3) How to verify legitimacy step-by-step

A. Check the SEC records

  • Ask the company for:

    • Its registered corporate name (exact spelling and suffix, e.g., “Inc.”/“Corp.”).
    • Company Registration Number and SEC CA Number (and whether the CA is for lending or for financing).
    • Date of issuance and status (active, suspended, or revoked).

  • Match the details against official SEC public listings/databases and SEC advisories (e.g., lists of registered OLPs, companies with revoked CAs, or those subject to cease-and-desist orders).

  • Cross-check the corporate name vs. brand/app name. Many illegal lenders use a marketing brand that is different from the SEC-registered corporate name. The CA must belong to the same entity behind the brand/app.

B. Verify the business model and “scope” against the license

  • A lending company lends its own funds; it is not a bank and cannot take deposits from the public.
  • A financing company may engage in broader credit activities (e.g., installment financing, receivables purchase).
  • The CA type must match the activity. If a company claims to run an online lending platform (OLP), check if that platform is listed with the SEC under the licensed company operating it.

C. Inspect required disclosures and documents

  • At the place of business / website / app, a legitimate lender typically displays:

    • Full corporate name, principal office address, contact information;
    • SEC Registration No. and SEC CA No. with date of issuance;
    • Schedule of interest rates, fees, penalties, and computation examples, in plain language;
    • Customer assistance / complaints channel.

  • Loan documentation must include:

    • The true cost of credit (nominal and effective interest, fees, penalties, and how they accrue);
    • Payment schedule, due dates, and mode of payment;
    • Data privacy notice and consents (what data is collected, why, how long retained);
    • Collection policies consistent with SEC rules (no harassment, no debt shaming).

D. Evaluate the app or online platform (for digital lenders)

  • Permissions hygiene. The app should not require unnecessary access (e.g., your entire contacts list, photos, or social media) unrelated to credit assessment or servicing.
  • Identity transparency. The app and website should clearly identify the corporation behind the platform (same as on the SEC CA), not just a generic brand.
  • Payment channels. Official accounts should be in the corporate name; avoidance of traceable channels (purely personal e-wallets) is a red flag.
  • Customer support. Must provide reachable hotline/email and a physical office address.

E. Review reputation and regulatory history

  • SEC advisories / orders. Look for advisories, cease-and-desist orders (CDOs), suspensions, or revocations involving the company or its affiliated OLPs.
  • Name variations. Check for similar-sounding names and “doing business as” (DBA) styles; unauthorized clones are common.
  • Complaints trail. Multiple consistent reports of abusive collection or bait-and-switch pricing signal compliance problems.

4) What a legitimate lender must not do

  • Operate without a CA or continue lending after revocation/suspension.
  • Harass, threaten, or publicly shame borrowers (e.g., contacting your contacts/employer, posting on social media, using slurs or intimidation).
  • Make false, deceptive, or misleading statements about loan costs, approvals, or consequences of non-payment.
  • Confiscate IDs/ATMs as a condition of the loan, or demand blank checks/waivers that strip statutory rights.
  • Mass-harvest personal data beyond what is lawful and necessary, or sell/share data without authority.
  • Charge hidden fees or retroactively alter terms.
  • Pretend to be a bank or imply deposit-taking authority.

5) Red flags that suggest the lender is not legitimate

  • Can’t or won’t provide an SEC CA number, or the CA name doesn’t match the brand/app.
  • No physical address or only a PO box/anonymous email; customer support is unreachable.
  • Upfront “processing” or “facilitation” fees payable before loan release, especially via personal accounts.
  • Approval in minutes with vague pricing; no written contract before disbursement.
  • App requires excessive device permissions (contacts, gallery, mic) with threats of “exposure” if you default.
  • Debt shaming tactics reported by other users.
  • Pressure to sign blank documents or surrender original IDs/bank cards.
  • Payment instructions using personal e-wallets or accounts not in the corporate name.

6) Practical due diligence checklist (borrower’s use)

  1. Ask for and record: corporate name, SEC Registration No., SEC CA No., issuance dates.
  2. Check SEC listings for (a) active CA, (b) authorized OLPs under that company, (c) advisories/CDOs.
  3. Read the contract: APR/effective interest, fees, penalty triggers, prepayment policy, grace/late-payment rules.
  4. Verify identity and contacts: office address, hotline/email, and named compliance or data-protection officer.
  5. Inspect the app: permissions, privacy notice, ownership details, version history.
  6. Test the payment channel: payee name should match the corporate name; avoid personal accounts.
  7. Keep copies: certificates, IDs of officers you deal with, contract, receipts, and screenshots of disclosures.
  8. Walk away if any major item fails—especially no CA or signs of harassment.

7) If you suspect an illegal or abusive lender

  • Preserve evidence: contracts, receipts, messages, call logs, screenshots of app permissions/notifications.

  • File a complaint with the SEC (Enforcement/Financing & Lending oversight units). Provide:

    • Corporate/brand/app name(s), links, phone numbers, screenshots;
    • Your narrative and timeline;
    • Copies of the loan agreement and proof of payments.

  • Report data privacy violations to the NPC (e.g., contact scraping, doxxing, threats using your contacts).

  • Report criminal acts (extortion, threats, libel, cyber harassment) to NBI or PNP Anti-Cybercrime.

  • Coordinate with your bank/e-wallet to challenge unauthorized transfers and secure your accounts.

  • Consider legal advice if you face harassment or dubious charges; remedies can include damages, administrative sanctions against the lender, and criminal complaints.

8) Special notes on pricing and collections

  • Interest and fees must be transparent and agreed in writing. While traditional usury ceilings have long been suspended, abusive or deceptive pricing can violate consumer-protection and unfair trade rules.
  • Collection practices must be humane and lawful. Threats, public shaming, contacting your employer/contacts, or posting about your debts are prohibited and sanctionable.
  • Right to information and assistance. You can demand a computation breakdown and account statement. Dispute items in writing and keep an audit trail.

9) For businesses partnering with a lender (merchants/employers)

  • Vendor onboarding should require the partner’s SEC CA, proof of authorized OLP listing (if applicable), privacy compliance, and collection policy.
  • Contractual safeguards: representations on licensing, compliance with SEC/NPC rules, data-sharing limits, audit rights, and indemnities for regulatory breaches.
  • Ongoing monitoring: check SEC advisories and revocation lists; require notice of any regulatory action.

10) FAQ

Q: Is a DTI or LGU permit enough? A: No. Lending/financing companies must be SEC-registered corporations with a Certificate of Authority. DTI (sole proprietorship) registration is not sufficient for lending.

Q: The brand is different from the SEC name—okay? A: Only if the same corporation holds the CA and is disclosed as the entity behind the brand/OLP. Otherwise, treat as a red flag.

Q: Can a lender keep my ID or ATM card? A: No. As a rule, confiscating IDs/ATMs or demanding blank checks/waivers is improper and may be unlawful.

Q: What if the lender threatens to message my contacts? A: That’s prohibited. Preserve evidence and report to the SEC and NPC; you may also have criminal remedies.

11) One-page borrower’s mini-checklist (print/save)

  • ☐ Corporate name matches brand/app
  • SEC Registration No. obtained
  • SEC Certificate of Authority No. (active; matches the corporate name)
  • ☐ Listed/authorized OLP (if lending via app)
  • ☐ Full pricing shown (interest, fees, penalties) with examples
  • ☐ Contract received before disbursement
  • ☐ Data privacy notice is specific; app asks only necessary permissions
  • ☐ Official payee name is the corporation
  • ☐ Collection policy bans harassment/shaming
  • ☐ Copies/screenshots of everything saved

Final word

In the Philippines, legitimacy hinges on SEC corporate registration and a valid SEC Certificate of Authority—backed by transparent pricing, lawful data practices, and humane collections. If any of those pillars is missing, treat the lender as non-compliant and report promptly.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login