How to Verify if an Online Lending Company Is Legit in the Philippines (SEC Registration Check)

How to Verify if an Online Lending Company Is Legit in the Philippines (SEC Registration Check)

Philippine legal primer for consumers, compliance officers, and small businesses. (General information only, not legal advice.)

1) The short version (what to check first)

  1. Company name — It should be a corporation whose legal name contains “Lending Company” or “Financing Company.” Sole proprietorships are not allowed to operate as lending/financing companies.

  2. Two different SEC documents

    • Certificate of Incorporation (CI): proves the corporation exists.
    • Certificate of Authority (CA): the license to operate as a lending/financing company.

    A CI alone is not enough. You need to see the CA and verify it.

  3. Status in SEC’s public list/search — The firm should appear as Registered/Active with a valid CA (not expired, suspended, or revoked).

  4. The app/website matches the licensed entity — Same corporate name, principal office, and contact details as in SEC records.

  5. Privacy and collection practices — No contact-list scraping, doxxing, or shaming. Clear data privacy notice and limited app permissions.

  6. No upfront payments before loan release; repayments go to corporate accounts (not personal e-wallets).

  7. Transparent pricing — Written disclosure of interest, fees, penalties, tenor, and total cost of credit; terms comply with current SEC caps/circulars (these change, so always check the latest).

2) Who regulates what (so you look in the right place)

  • SEC (Securities and Exchange Commission): Registers lending companies (Lending Company Regulation Act) and financing companies (Financing Company Act) and issues the Certificate of Authority that lets them lend. Also issues rules on online lending platforms (OLPs) and debt-collection conduct.
  • BSP (Bangko Sentral ng Pilipinas): Regulates banks, e-money issuers, and certain NBFIs. If the lender is a bank, verify it on BSP rolls, not SEC’s CA list.
  • CDA (Cooperative Development Authority): Cooperatives that lend only to their members are under CDA, not SEC’s lending/financing regimes.
  • NPC (National Privacy Commission): Enforces the Data Privacy Act; relevant for apps that access contacts, photos, location, etc.
  • AMLC (Anti-Money Laundering Council): Lending/financing companies are covered persons; legitimate firms register with the AMLC and conduct KYC.

3) “Registered” vs truly licensed: CI vs CA

  • Certificate of Incorporation (CI): Confirms the corporation’s birth. Many scammers flaunt this.
  • Certificate of Authority (CA): The permission to operate as a lending/financing company. It has a number and issuance date.
  • Red flag: Ads saying “SEC Registered: CS20XX-XXXXX” but no CA number. That’s often just the CI or company registration number.

4) Step-by-step: How to verify a Philippine online lender

A. Identify the exact corporate entity

  • Find the legal name in the app/website/loan contract. Watch for “doing business as” or brand names; note the corporate name, principal office, and CA number if shown.

B. Check SEC’s public resources

  • Use the SEC’s public search or lists for Lending Companies and Financing Companies with active Certificates of Authority.
  • Confirm (i) exact corporate name spelling, (ii) CA status = Active/Valid, (iii) principal office.
  • If the site shows branches, legitimate firms usually register branches with SEC/LGU—mismatched addresses are a warning sign.

C. Match the app/website to the licensed entity

  • Publisher/Developer name on app stores should match (or clearly point to) the licensed corporation.
  • Domain, email, and numbers should appear in corporate disclosures and match the SEC-listed entity.

D. Request and review documents

Ask the lender to provide:

  • SEC Certificate of Authority (copy or details you can verify).
  • SEC Certificate of Incorporation & Articles/By-laws (to confirm corporate name and purpose).
  • Latest General Information Sheet (GIS) (directors/officers).
  • Privacy Notice and Data-Sharing terms (NPC compliance).
  • Standard loan agreement and amortization schedule with full fee/interest breakdown.

E. Validate pricing and fees

  • Ensure interest, fees, penalties, and collection charges comply with the current SEC ceilings/circulars (these change; verify current caps).
  • Look for flat vs. diminishing balance computations. A legitimate lender can show you the math on request.

F. Check conduct and permissions

  • Debt collection: No threats, public shaming, profanities, or contacting people outside your provided references.
  • App permissions: Camera for KYC is common; contacts, photos, and location should be strictly necessary and consented. Overbroad permissions are a red flag.

G. Payment channels

  • Repayments should be to corporate bank/e-money accounts under the entity’s name. Avoid paying to personal accounts or names that don’t match.

5) Special cases and common traps

  • Brand vs. license holder: Many OLAs are brands operated by a licensed financing/lending company. Always identify the licensed principal behind the brand and verify that entity’s CA.
  • Aggregator/lead-gen apps: Some apps only collect applications and pass them to licensed lenders. Aggregators must disclose their role and the actual lender; you still verify the lender’s CA.
  • Foreign or “offshore” apps: If they solicit Philippine borrowers or require payments to PH accounts, they are typically considered doing business in the Philippines and need an SEC license; “we are offshore” is not an excuse.
  • Cooperatives: May legally lend to members only under CDA rules; they won’t appear in SEC’s CA list as lending/financing companies.
  • Microfinance NGOs: Separate regime; verify with SEC/NPC and the Microfinance NGO framework.
  • Business permits and BIR registration: These do not replace an SEC CA.

6) Practical red flags

  • No CA shown anywhere; only “SEC registered” with a generic company number.
  • Company name on the app/receipt doesn’t match SEC records.
  • Upfront fees before loan release, or requests to pay via personal accounts.
  • Refusal to provide loan contract and amortization schedule before disbursement.
  • Contact-list scraping, mass texting your friends, doxxing, or threats.
  • Impossible promos (e.g., “0% forever,” “instant P50k no ID”).
  • Excessive permissions unrelated to the service (e.g., continuous GPS, full media library).
  • Moving targets: They frequently change brand names, domains, or numbers after complaints.

7) What a legitimate online lender’s disclosures typically include

  • Full corporate name, SEC Registration No., and SEC CA No. (with issuance/validity).
  • Principal office address, customer service contacts, and complaints channel.
  • Data Privacy Notice (lawful basis, purpose, retention, data subject rights).
  • Loan terms: principal, tenor, interest rate (basis and compounding), fees, penalties, total cost of credit, and repayment schedule.
  • Consent wording for KYC and credit investigation.
  • Collection policy aligned with SEC rules (no harassment or shaming).
  • Channel security (e.g., OTPs, no sharing of codes, how to report account takeover).

8) Due-diligence checklist you can use

  1. Exact corporate name captured from app/contract
  2. Checked in SEC public list/search: CA status = Active
  3. CA number and date noted; matches company site/app
  4. Principal office/address matches SEC record
  5. Directors/officers from latest GIS (optional deep check)
  6. Loan pricing reviewed (interest/fees/penalties) vs current SEC rules
  7. Data privacy notice read; app permissions are necessary/limited
  8. Payment accounts under corporate name
  9. Collection policy reviewed (no harassment)
  10. Screenshots/docs saved (see below)

9) Keep evidence (it protects you)

Before borrowing—or if something feels off—capture:

  • Screenshots of the app pages, CA/registration displays, and pricing.
  • Loan offer, promissory note, and schedule.
  • Receipts for every payment (showing corporate payee).
  • Any abusive messages, call logs, or voicemail (for complaints or cases).

10) If things go wrong (complaints & enforcement)

  • SEC — Report unregistered operations, fake CAs, abusive collection, illegal fees, or misrepresentation. Provide your evidence bundle.
  • NPC — Report privacy violations (e.g., scraping your contacts, doxxing, sharing your data without lawful basis).
  • AMLC — If you detect fraud/money laundering red flags, inform your bank/e-wallet and consider reporting pathways.
  • Police/NBI — For threats, extortion, or harassment, file a criminal complaint with your evidence.
  • Your bank/e-wallet — Dispute unauthorized transactions immediately and request holds on suspicious recipient accounts.

11) FAQs

Q: Is being on Google Play or the App Store proof of legitimacy? A: No. Stores perform checks, but they do not replace an SEC CA.

Q: The lender showed a “SEC Registration” screenshot—good enough? A: Not unless it includes a valid Certificate of Authority to operate as a lending or financing company (and you can confirm it).

Q: Do legit lenders ask for government IDs and selfies? A: Yes—KYC is normal. But they shouldn’t demand excessive permissions or your phonebook.

Q: Are there legal caps on interest and fees? A: Yes, but caps and rules change. Always compare the lender’s pricing with the current SEC circulars and public notices.

Q: The brand is different from the corporation in the contract. Is that OK? A: It can be, if the licensed corporation (with a valid CA) is clearly identified as your lender. Verify that entity in SEC records.

12) Quick template: ask a lender for proof

Hello. Before proceeding, please provide: (1) Your SEC Certificate of Authority (number and issuance date), (2) Your SEC corporate name and principal office as recorded with SEC, and (3) A copy of your standard loan agreement and amortization schedule showing all charges. I will verify these against SEC public records. Thank you.

13) Bottom line

  • No CA, no loan. A Philippine online lender must be a corporation with a valid SEC Certificate of Authority, and its app/website must match that licensed entity.
  • Check the latest SEC lists/circulars before you borrow; store the evidence you collect.
  • If you encounter abuse or misrepresentation, report it—your documentation makes enforcement faster.

Need a printable one-page checklist or a fillable due-diligence log for your team? Tell me your preferred format (PDF, Word, or spreadsheet) and I’ll generate it right away.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login