How to Verify If a Lending Company Is SEC-Registered in the Philippines

Philippine legal guide (practical and comprehensive). This is general information, not legal advice.

TL;DR — the 5 fastest checks

Ask for two documents, not one: a) SEC Certificate of Incorporation (corporation exists), and b) SEC Certificate of Authority (CA) to Operate as a Lending Company (license to lend under the Lending Company Regulation Act). A primary SEC registration alone is not enough.
Match the names: The name on the CA must be the same corporation behind the brand or app you’re dealing with.
Check status & red flags: “DTI-registered” or “Mayor’s Permit only” ≠ authorized lender. Lending companies must be corporations with an SEC CA.
For apps/online lending: The app/platform should be expressly tied to a licensed lending/financing company. “We’re just a platform” is not a defense.
If you suspect illegality/abuse: Stop sharing data, document everything, and report to SEC (for unregistered/abusive lenders) and NPC (for data-privacy abuses). See “Where to complain” below.

Why “SEC-registered” means two things

In Philippine law, “SEC-registered” can mean two different layers:

Primary corporate registration — The firm is a corporation under the Revised Corporation Code (R.A. 11232). This proves the company exists as a legal person, but does not authorize it to run a lending business.
Regulatory license to lend — A Certificate of Authority issued by the SEC under the Lending Company Regulation Act of 2007 (R.A. 9474) (for lending companies) or the Financing Company Act (R.A. 8556) (for financing companies).
- Without a CA, operating a lending business is illegal even if the company is incorporated.

Bottom line: A legitimate lender has both the SEC corporate certificate and the SEC CA.

Legal framework at a glance

R.A. 9474 (Lending Company Regulation Act): Requires a Certificate of Authority from SEC to “engage in the business of lending.” Sets standards and penalties for operating without authority.
R.A. 8556 (Financing Company Act): Similar regime for financing companies (often larger, with leasing/receivables activities). They also need an SEC CA.
R.A. 11765 (Financial Products and Services Consumer Protection Act): Codifies market conduct rules and consumer rights; empowers financial regulators (SEC for lending/financing firms) to act on abusive practices.
R.A. 10173 (Data Privacy Act): Limits what digital lenders can collect/do with your data; prohibits “loan shaming,” contact-list harvesting, and unnecessary device access.
Other sectoral laws: Banks/pawnshops are BSP-supervised; insurers/HMOs are Insurance Commission; cooperatives are CDA. Each has its own registry—see “Look-alikes and exceptions” below.

Step-by-step verification (field-tested)

Step 1: Identify the legal counterparty

Get the exact corporate name (not just the brand/app name). Ask for the SEC corporate name and company registration number.
If they only give a trade name, insist on the corporate name that appears on their SEC certificates.

Step 2: Ask for documentary proof

Request clear copies (or high-resolution photos) of:

SEC Certificate of Incorporation (shows the corporate name, registration number, and date).
SEC Certificate of Authority to Operate as a Lending Company (or as a Financing Company, if applicable).
- Check the heading: It should explicitly say “Certificate of Authority to Operate as a Lending Company” (or Financing).
- Look for: CA number, issuance date, and a current principal office address in the Philippines.
Business/Mayor’s Permit (LGU) and BIR Registration (Form 2303) — supplementary only; they never replace the SEC CA.
Privacy compliance: If they operate digitally, ask for NPC registration details (as a Personal Information Controller) and their Privacy Notice.

Tip: Real lenders readily share their CA. Evasiveness (“pending,” “in process,” “we’re exempt”) is a red flag.

Step 3: Cross-check the fit

Names must align across the CA, corporate certificate, receipts, contracts, and app/website imprint.
If you’re dealing through an app or website, the owner/operator in the imprint should be the same corporation on the CA.
Branches should issue Official Receipts that carry the same corporate name and TIN.

Step 4: Do an independent lookup (what to look for)

Even without screenshots, you can independently verify via the SEC’s public channels by checking:

That the corporate name exists (primary registration active, not dissolved/suspended).
That the firm appears in the list of Lending/Financing Companies with Certificates of Authority, active status.
Whether it (or its app brand) has SEC advisories, cease-and-desist orders, suspensions, or revocations.
If it runs an online lending platform, that the platform/app is reported/cleared under that same company (the SEC maintains lists/conditions for OLPs).

Pro tip: Verify spelling and punctuation. Many illegal operators use near-matches (e.g., “ABC Lending Services Corp.” vs “AB C Lending Service Corp.”).

Step 5: Sanity-check the conduct

A license can still be abused. Watch for:

Harassment/“loan shaming”: contacting your employer/relatives, threats, doxxing, obscene language.
Excessive data grabs: demanding contact lists, photos, or unrelated permissions to coerce repayment.
Opaque pricing: no “all-in” disclosure of interest and fees before you borrow.
Deposit-taking: true lending companies must not accept public deposits (only banks/quasi-banks can).

If you see these, document and report (see complaints section).

What a genuine SEC Certificate of Authority typically shows

Title: “Certificate of Authority to Operate as a Lending Company” (or Financing Company)
Corporate name (exact, with “Inc.”/“Corp.” as registered)
Company Registration No. (from SEC primary registration)
CA number and issuance date
Principal office in the Philippines
Authorized signatory (SEC) and security features on the paper copy

Validity: CAs are non-transferable and remain valid unless suspended/revoked. Ongoing compliance (e.g., GIS, audited FS, fees) is required to keep status in good standing.

Lending vs. Financing Companies (and why it matters)

Lending company (R.A. 9474): Primarily lends out its own funds to the public. Minimum capital and use-of-name rules apply; must hold an SEC CA.
Financing company (R.A. 8556): Broader credit activities (e.g., consumer/auto loans, leasing, receivables financing). Also needs an SEC CA and often higher capitalization/compliance burdens.
Both are under SEC supervision for licensing and market conduct.

If the entity calls itself a “financing” or “lending” outfit, the process above still applies—just expect the CA title to match the category.

Look-alikes and exceptions (don’t mix them up)

Banks / Pawnshops / EMI/e-money → Bangko Sentral ng Pilipinas (BSP) supervised (separate BSP licenses).
Insurance / HMOs → Insurance Commission.
Cooperatives (credit co-ops) → Cooperative Development Authority (CDA) (not SEC); lending usually to members only.
Microfinance NGOs → Register with SEC as non-stock entities but operate under R.A. 10693 (different regime; not “lending companies” under R.A. 9474).
Crowdfunding / P2P marketplaces → Special SEC rules distinct from R.A. 9474; platforms are not themselves retail “lenders” unless they also hold a CA.

If an entity claims “DTI registration” as proof—remember DTI is for sole proprietorships. Lending companies must be corporations and therefore SEC-registered with a CA.

Due-diligence checklist (for consumers and corporate procurement)

Obtain:

SEC Certificate of Incorporation (or Amended)
SEC Certificate of Authority (LC/FC)
Latest General Information Sheet (GIS) or at least principal officers list
Mayor’s Permit, BIR 2303
NPC registration (if operating digitally), Privacy Notice, Data-processing consent form
Standard loan agreement and disclosure statement (all-in cost) before booking the loan

Verify:

Corporate name matches across CA, contracts, ORs/receipts, app/website
Office address and contact channels are working and Philippine-based
No adverse SEC enforcement actions (advisories, revocations, CDOs)

Evaluate conduct:

Clear pricing (interest, fees, penalties, collection timelines)
No unnecessary phone permissions; no contact-list scraping
No threats/harassment; has fair and prompt complaints handling

Your rights as a borrower (key highlights)

Under R.A. 11765 and related rules, you have the right to:

Clear, comparable information on the cost of credit (interest, fees, penalties) before you borrow.
Fair collection practices (no threats, humiliation, or contacting uninvolved persons).
Privacy: data collection limited to what’s necessary; secure handling; ability to access/rectify your data under the Data Privacy Act.
Redress: accessible complaint channels, with timelines for acknowledgment and resolution.

What to do if the lender is unregistered or abusive

Stop engaging; do not send additional IDs or contacts.
Preserve evidence: screenshots of chats, app permissions requested, call logs, receipts, bank proof of payments, names of agents, and any threats.
Report to the SEC (Enforcement/Investor Protection) for:
- Operating without a CA
- Unreported/unauthorized online lending platforms
- Abusive collection / unfair practices
Report to the NPC (Data Privacy) for:
- Contact-list scraping, coercive permissions, doxxing/“loan shaming,” unlawful data sharing
Report to law enforcement (PNP/NBI) for:
- Extortion, threats, libel, or other crimes
If the entity is BSP/IC/CDA-regulated instead, report to the proper regulator (see exceptions above).

Payment disputes: If you’ve already borrowed, keep proof of legitimate payments. Consult counsel before withholding payment; illegal status of a lender does not automatically erase civil obligations, but it does trigger regulatory/criminal exposure for the operator.

Frequently asked questions

Is a DTI certificate enough? No. Lending companies must be corporations with an SEC CA. DTI is for sole proprietorship names only.

The company showed me only a Mayor’s Permit. Is that okay? No. LGU permits are necessary but not sufficient. You still need to see the SEC CA.

The app says it is “just a platform.” If it offers, processes, or collects on loans in the Philippines, SEC typically requires that it is tied to and operated by a licensed lending/financing company. “Just a platform” doesn’t excuse unlicensed lending or abusive conduct.

Do Certificates of Authority expire? They are non-transferable and remain valid unless suspended/revoked, subject to ongoing compliance (e.g., filings, fees). Always check current status.

Can a cooperative lend to the public without SEC registration? Co-ops are under CDA and typically lend to members. Lending to the public is outside a co-op’s usual authority and would trigger different licensing/regulatory concerns.

Are lending companies allowed to take deposits? No. Only banks/quasi-banks (BSP-licensed) can take deposits from the public.

Practical scripts you can use

Ask for documents (short message):

“Before we proceed, please send clear copies of your SEC Certificate of Incorporation and Certificate of Authority to Operate as a Lending Company. Kindly confirm the exact corporate name, CA number, and principal office address. If we’ll transact via your app, please confirm that the app is owned/operated by the same corporation on the CA.”

When the company claims ‘pending’ status:

“We only transact with lenders that already hold an SEC Certificate of Authority. Please share the issued CA and confirm your current status.”

Risk red flags (walk away if you see several)

Won’t show SEC CA / gives only DTI or Mayor’s Permit
Different names on certificates, receipts, and app/website
Promises like “guaranteed approval in minutes” but no disclosure of all-in costs
Contact-list or gallery access demanded “for verification”
Harassment or public shaming threats during collection
Asks you to deposit to personal e-wallet/bank accounts inconsistent with the company name

For businesses vetting a lending partner/wholesaler

Go beyond the basics:

Obtain audited financial statements and GIS (officer/shareholder check).
Check for SEC enforcement history and any injunctions.
Require a warrant of regulatory compliance in your vendor contract, with termination for cause if the CA is revoked/suspended.
For data sharing, execute a Data Sharing Agreement compliant with the Data Privacy Act.

Where to complain (by issue)

Unregistered/abusive lending, fake CA, unauthorized OLPs: SEC, Enforcement or Market Conduct.
Loan-shaming, contact scraping, invasive permissions, doxxing: National Privacy Commission (NPC).
Threats, extortion, defamation, cyber-harassment: PNP/NBI (cybercrime/anti-harassment units).
If the entity is actually a bank/pawnshop/insurer/co-op: BSP/Insurance Commission/CDA respectively.

Keep a single chronology of evidence to reuse across agencies.

One-page checklist (save this)

Legal name (exact) and SEC Registration No.
SEC CA (LC/FC) with number, date, and principal office
Names match across CA, receipts, contracts, app/website
Business Permit + BIR 2303 (supplementary)
NPC registration (if digital), privacy notice seen
No adverse SEC advisories/CDOs/revocations found
Clear, upfront pricing and fair collection policy
No deposit-taking; no contact-list scraping
Complaint channels disclosed and responsive

Final notes

Verifying both corporate existence and regulatory authority is essential.
When in doubt, don’t proceed without seeing the Certificate of Authority and confirming current status.
Keep copies of everything you reviewed; it protects you if disputes arise.

If you want, tell me the exact name/brand you’re checking and I’ll map it to the right regulator category and draft a tailored verification plan you can use with them.