How to Verify if an Online Lending App Is SEC-Registered and Your Rights on Collection Practices (Philippines)

How to Verify if an Online Lending App Is SEC-Registered—and Your Rights on Collection Practices (Philippines)

Updated for Philippine context. This is general information, not legal advice.

1) Why SEC registration matters

In the Philippines, lending companies are governed primarily by the Lending Company Regulation Act of 2007 (R.A. 9474) and financing companies by the Financing Company Act (R.A. 8556). Both fall under the Securities and Exchange Commission (SEC). To legally lend to the public, a company must have:

  1. SEC Corporate Registration (e.g., a Certificate of Incorporation); and
  2. A Certificate of Authority (CA) to Operate as a Lending/Financing Company issued by the SEC.

For those operating via smartphone or web, the SEC also requires compliance specific to Online Lending Platforms (OLPs), including registration of the OLP and compliance with disclosure, privacy, and collection standards.

Key takeaway: “Registered with the SEC” is not enough. The company must also hold a CA to operate for lending/financing—and its online platform must be duly registered/recognized.

2) How to verify an online lending app

Use this practical, document-based checklist:

A. Check the company, not just the app name

  • Corporate name (the legal entity) should appear in the app, website, or loan agreement. App brands are often different from the legal entity.
  • The lending/financing company’s full corporate name should match what appears on the SEC records and on the Certificate of Authority.

B. Look for required identifiers

Ask the lender (and check within the app/website or loan contract) for:

  • SEC Registration No. (corporate registration)
  • Certificate of Authority (CA) No. to operate as a lending/financing company
  • Office address in the Philippines
  • Responsible officer or compliance contact person
  • Registered Online Lending Platform name/URL

C. Cross-check the documents you see

A legitimate lender should be able to show (even electronically):

  • SEC Certificate of Incorporation (or equivalent)
  • SEC Certificate of Authority to Operate (current, not suspended/revoked)
  • Latest General Information Sheet (GIS) or corporate profile showing current directors/officers
  • DTI BNR/Business permit (for place of business) — while local permits don’t substitute SEC authority, their absence is a red flag.

Tip: Compare the CA number and corporate name in the app/contract with the company name on its certificates. Inconsistencies (e.g., different legal entities, old names, or altered certificates) are common fraud signals.

D. Review the loan disclosures inside the app

Before you borrow, you should see:

  • Total amount of credit, interest rate, all fees/charges, repayment schedule, APR or effective rate (if provided), due dates, default/penalty computation, and collection methods.
  • Privacy notice stating what personal data is collected, why, how long it’s kept, whether your contact list, photos, or messages are accessed (red flag), and how to exercise your Data Privacy Act rights.

E. Watch for these red flags

  • No CA number or the company refuses to show it.
  • App requests excessive permissions (contacts, photos, SMS) not needed to process a loan.
  • Threats, public shaming, or “blast” messaging to your contacts appear in sample screenshots/reviews.
  • Unclear interest/fees or ability to change terms unilaterally after loan release.
  • Different corporate names across certificates, the app, and the contract.
  • “We are SEC registered” but no CA to operate (or CA pertains to another entity).

3) Your borrower rights on collection practices

Even if you default, lenders and their agents must exercise lawful, fair, and respectful collection. Three main legal pillars apply:

  1. SEC rules for financing/lending companies (including OLPs) prohibit abusive or unfair collection practices.
  2. The Data Privacy Act of 2012 (R.A. 10173) restricts over-collection and unauthorized disclosure of personal data (like blasting your contacts).
  3. Penal and civil laws (e.g., Grave Threats, Slander/Libel including cyber libel, Unjust Vexation, Coercion) protect you from harassment and public shaming.

Prohibited (or high-risk) practices

  • Public shaming: posting about your debt on social media, group chats, or sending messages to friends/family/workmates not legally involved in your loan.
  • Threats of harm, profane/obscene language, demeaning insults, stalking, doxxing, or sexual harassment.
  • Misrepresentation: pretending to be a government officer, court sheriff, lawyer, or law-enforcement to scare you.
  • Seizing property without court order**/**due process.
  • Excessive calling or messaging, especially at unreasonable hours, or contacting your employer to embarrass you.
  • Accessing or “scraping” your contact list to message third parties who have nothing to do with the loan; data over-collection or use beyond what was disclosed.

Generally allowed (if done properly)

  • Professional reminders by phone/SMS/email/chat to you (and to a co-maker/guarantor, if any).
  • Formal demand letters sent to your address/email.
  • Lawful filing of a case or sending a Notice of Assignment to a legitimate collection agency—with proper identification of the collector and observance of your privacy rights.

Rule of thumb: Collectors must identify themselves, speak respectfully, communicate at reasonable times, limit disclosure to those legally concerned, and provide accurate information about your account—no threats or shaming.

4) Interest, fees, and “hidden charges”

  • The old Usury Law ceilings are suspended, but lenders must still be transparent and reasonable.
  • The SEC has issued circulars over time addressing rate caps or limits for certain small-value/short-term loans and charges/penalties. These can change; your safest move is to read the exact rate and fee disclosures in your contract and keep a copy.
  • Penalty and collection fees must be disclosed, computable, and not unconscionable. Surprise or retroactive fees are a red flag.

Practical tactic: Ask for a sample computation covering (a) the principal, (b) interest, (c) processing/service fees, (d) documentary stamp tax (if any), (e) disbursement deductions, (f) penalty per day/month, and (g) total amount payable at maturity and upon late payment. Keep it in writing.

5) What to do if you face harassment or privacy abuse

  1. Document everything

    • Save screenshots, caller IDs, chat threads, voicemails, emails, and names of agents.
    • Keep the loan agreement, payment proofs, and any promises made by the lender.

  2. Send a written notice (sample letters below)

    • Demand cessation of harassment, disclosure limitation, and correction of inaccurate claims.
    • Invoke the SEC rules and the Data Privacy Act (DPA). Ask for the data protection officer (DPO) contact and the legal basis for any data processing beyond your account.

  3. Report to authorities

    • SEC (Enforcement and Investor Protection Department): unfair collection, unregistered lending, fake/expired CA, abusive OLPs.
    • National Privacy Commission (NPC): privacy violations (contact harvesting, public shaming, data breaches).
    • PNP Anti-Cybercrime Group/NBI Cybercrime: threats, extortion, cyber libel/harassment.
    • Local authorities if there are on-ground harassment incidents.

  4. Consider payment restructuring

    • Propose restructuring or a repayment plan in writing. Responsible lenders often accept realistic plans, especially when documented.

  5. If sued or threatened with suit

    • Do not ignore formal court papers. Seek counsel, respond within deadlines, and bring your payment records and communications history.

6) Sample templates you can copy-paste

A. Request for Verification of Authority (send to the lender)

Subject: Request for SEC Certificates and OLP Details

Dear [Lender Name],

I am reviewing my account with your company. Please provide within five (5) days:

  1. Your SEC Registration Number and Certificate of Authority (CA) Number to operate as a lending/financing company;
  2. The registered name of your online lending platform and proof of its registration/recognition with the SEC;
  3. Your principal office address and DPO contact under the Data Privacy Act;
  4. A complete statement of account: principal, interest, fees, penalties, and due dates.

Kindly send certified true copies or clear scans of the certificates. Thank you.

B. Cease & Desist from Abusive Collection / Privacy Violation

Subject: Cease Harassment and Unauthorized Disclosure

Dear [Collector/Lender],

I am invoking my rights under SEC rules for financing/lending companies and the Data Privacy Act. Your representatives have engaged in [describe behavior: threats, public shaming, contacting my contacts, etc.]. These acts are prohibited and must stop immediately.

You may contact me only via [channels] during reasonable hours. Do not contact my employer, relatives, or friends who are not parties to the loan.

Please provide the legal basis for any processing of my personal data (including access to my contact list), the sources of such data, and your data retention period.

I reserve my right to file complaints with the SEC, NPC, and law-enforcement for any further violations.

Sincerely, [Name] [Account/Reference No.]

C. Request for Restructuring

Subject: Proposal to Restructure Account No. [xxxx]

Dear [Lender],

Due to [reason], I propose the following restructuring:

  • Revised schedule: [dates]
  • Installment amounts: [figures]
  • Waiver or reduction of penalties/charges where possible

Please confirm in writing. I remain committed to settling my obligation under fair and lawful terms.

7) Frequently asked questions

Q1: The app says the company is “SEC-registered.” Is that enough? No. They must also hold a Certificate of Authority to operate as a lending/financing company, and their online lending platform must comply with SEC requirements.

Q2: Can a collector message my family or office? Not to shame or pressure you. Communicating with unrelated third parties about your debt generally violates privacy and fair collection rules.

Q3: Can they arrest me for unpaid loans? No arrest for mere non-payment of debt. Court processes (civil cases) are the lawful route; seizure of property requires due process and proper court orders.

Q4: Are high interest rates automatically illegal? Not automatically, but hidden/unconscionable charges, non-disclosure, or misleading terms can be actionable. Some caps/limits may apply depending on the loan type and current SEC circulars—always read the contract and keep copies.

Q5: The app wants access to my contact list and photos. Is that okay? This is a red flag. Under the Data Privacy Act, collection must be proportionate and necessary. Contact harvesting to shame borrowers has been the subject of enforcement actions.

8) Step-by-step: What to do before you borrow

  1. Identify the legal entity behind the app; get the SEC Reg. No. and CA No.
  2. Read disclosures: interest, fees, penalties, total cost.
  3. Check privacy: what data is collected; avoid apps demanding excessive permissions.
  4. Keep copies: screenshots of terms and computations before tapping “agree.”
  5. Borrow only what you can repay; set calendar reminders for due dates.

9) Step-by-step: If you’re already being harassed

  1. Stop engaging by phone; switch to written channels you can archive.
  2. Send a cease & desist letter; limit contact methods and hours.
  3. File complaints with SEC (abusive collection/unregistered operations) and NPC (privacy abuses). Include evidence.
  4. Consider restructuring or settlement offers—in writing.
  5. If threats persist, report to law-enforcement (cybercrime units) and consult counsel.

10) Short checklist (printable)

  • ☐ Got SEC Reg. No. and CA No. (matched to legal entity)
  • ☐ OLP name/URL matches lender; privacy notice reviewed
  • ☐ Full cost breakdown (interest + all fees + penalties) saved
  • No excessive app permissions (contacts/photos/SMS)
  • ☐ Copies of contracts, statements, and conversations archived
  • ☐ If harassed: sent Cease & Desist, reported to SEC/NPC, kept evidence

11) Key laws & concepts to know (for your notes)

  • R.A. 9474 – Lending Company Regulation Act of 2007
  • R.A. 8556 – Financing Company Act
  • R.A. 10173 – Data Privacy Act of 2012 (and IRR)
  • R.A. 10175 – Cybercrime Prevention Act (e.g., cyber libel/harassment)
  • Revised Penal Code – e.g., Grave Threats, Slander/Libel, Unjust Vexation, Coercion
  • SEC Memorandum Circulars – on unfair collection practices, OLP rules, and (at times) rate/fee limits for specific loan products

Because circulars and enforcement actions evolve, always keep copies of what the lender disclosed at the time you borrowed. Those documents will be your best protection.

Final word

Legitimate lenders prove their authority with SEC certificates and transparent terms. Abusive collection and privacy violations are not part of lawful lending. Verify the company, keep thorough records, and assert your rights calmly—but firmly—when needed.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login