How to Verify Legitimate Lending Company SEC Philippines

A doctrine-grounded, practice-oriented guide for borrowers, compliance teams, and enforcers

1) The short answer

A legitimate lending company in the Philippines must be:

  1. Duly registered as a corporation with the SEC (primary license), and
  2. Granted a separate SEC Certificate of Authority (CA) to operate as a Lending Company (or Financing Company, as the case may be)—the secondary license.

No CA = illegal lending, even if they have a basic SEC registration or mayor’s permit. App stores, websites, and social pages are not proof of legitimacy.

2) Laws and rules that govern lending legitimacy (in plain terms)

  • Lending Company Regulation Act (R.A. 9474) and its IRR: requires a corporate form and a Certificate of Authority before engaging in the business of lending.
  • Financing Company Act (R.A. 8556): parallel regime for financing companies (broader activities: consumer finance, leasing, installment plans, etc.).
  • Financial Consumer Protection Act (R.A. 11765): fair treatment, transparency, disclosure, redress mechanisms; prohibits abusive collection practices.
  • Truth in Lending Act (R.A. 3765): requires full and clear disclosure of the total finance charge and effective rate prior to consummation.
  • Data Privacy Act (R.A. 10173): limits collection/processing of personal data (e.g., contact lists), requires privacy notices and security measures.
  • SEC memoranda on online lending: require registration of each online lending platform (OLP), fair collection conduct, and truthful disclosures.

3) Understand the licenses: “primary” vs “secondary”

What you should see What it means Why it matters
SEC Certificate of Incorporation (or Amended) The entity is a corporation and legally exists. Not enough to lend to the public.
SEC Certificate of Authority (CA) to Operate as a Lending Company or as a Financing Company The entity passed sector-specific requirements and may lawfully lend/finance. Essential. Without this, public lending is illegal.
Mayor’s / Business Permit & BIR Registration (Form 2303) Local and tax compliance. These do not substitute for the CA.
Registered OLP/Website/App name (where applicable) The platform name is tied to the licensed entity. Prevents “app aliasing” and fake storefronts.

Key distinction: A lending company primarily extends loans funded by its own or borrowed capital; a financing company engages in financing activities (installment sales, leasing, consumer finance) and has different capital/fit-and-proper requirements. Banks, pawnshops, cooperatives, and microfinance NGOs are governed by separate laws and should not represent themselves as “lending companies” unless they also hold the proper CA.

4) A 10-step verification playbook (works online or onsite)

  1. Get the exact legal name of the company (spelling, commas, “Inc.”/“Corp.”). Avoid relying on brand names alone.

  2. Ask for the SEC documents (clear scans or physical):

    • SEC Certificate of Incorporation;
    • SEC Certificate of Authority to Operate as a Lending/Financing Company;
    • Latest General Information Sheet (GIS) (shows current directors/officers);
    • For online apps: proof that the app/OLP name is registered to that same entity.

  3. Check CA particulars: CA number, issuance date, entity name, registered principal office. Names and addresses on the CA must match other records (contract, receipts, website).

  4. Match the platform: If you’re using an app or website, its publisher/developer name and privacy policy should identify the same licensed entity and registered address. Beware of “powered by” or white-label claims—ask for the principal’s CA.

  5. Verify responsible officers: Compare GIS officers with the names that sign your contract or communicate in collection. Mismatches are red flags.

  6. Inspect disclosures before acceptance:

    • Total finance charge and effective rate (APR/EIR) stated clearly;
    • All fees itemized (processing, convenience, collection, extension);
    • Payment schedule, amortization, and prepayment terms;
    • Complaint channel with timelines. Hidden/ambiguous fees = non-compliance.

  7. Data privacy hygiene: The privacy notice must specify what data is collected, why, retention, and sharing. Demands for full contacts/gallery/SMS access without clear necessity are red flags.

  8. Check receipts and pay-to details: Official Receipts should bear the licensed corporate name and TIN. Avoid paying to personal e-wallets or accounts not in the licensed name.

  9. Physical presence (if feasible): Visit or video-verify the principal office listed on the CA. Check for permanent signage and staff who can produce original permits.

  10. Keep a verification file: Save PDFs/photos of the CA, COI, GIS, terms and conditions, privacy notice, and your correspondence. It’s your evidence if disputes arise.

5) Red flags that strongly suggest illegality or misrepresentation

  • SEC registered” but no CA (or shows a CA belonging to a different company).
  • App/brand name not traceable to any licensed lending/financing company.
  • Pending CA” but already issuing loans to the public.
  • Payments to personal accounts or third parties with no disclosed agency agreement.
  • No pre-contract APR/EIR; only daily rates or “processing fees” deducted from proceeds.
  • Contact-blasting and public shaming; threats and harassment in collections.
  • Refusal to provide copies of basic SEC documents on request.

6) What a compliant lending interaction looks like

  • The contract and app/website display the full corporate name, SEC Reg. No., CA number, office address, and complaint channels.
  • Before you accept, you see the total finance charge, effective annual rate, amortization schedule, and all fees.
  • The privacy notice explains minimal, necessary data collection (no blanket contact scraping), with an email for data subject requests.
  • You pay via accounts in the same corporate name; you receive official receipts.
  • Collections are professional; no threats, no third-party shaming; disputes are handled via a formal redress path.

7) Due diligence for businesses partnering with lenders (dealers, merchants, aggregators)

  • Contract with the licensed principal, not just a marketing affiliate. Attach the CA and representations/warranties of ongoing compliance.
  • Include data-sharing agreements compliant with the DPA; restrict data to purpose-bound uses.
  • Require proof of OLP registration for any app or web funnel using your brand.
  • Audit collections vendors—you are exposed to joint liability for abusive practices conducted in your name.

8) If you suspect a fake or abusive lender

  • Preserve evidence: screenshots of the app store page, privacy policy, loan screens, chat/call logs, payment proofs, receipts (or the lack of them).

  • Write a formal notice demanding: (a) the CA, (b) full fee disclosure and recomputation, (c) cessation of abusive collection, and (d) proper privacy handling.

  • Escalate to the appropriate authorities (you may pursue these in parallel):

    • SEC Enforcement/Regulation: illegal lending, unregistered OLPs, misrepresentation.
    • National Privacy Commission: unauthorized contact scraping, doxxing/debt-shaming.
    • Law enforcement/prosecutors: grave threats, coercion, unjust vexation, other crimes.

  • Consider civil action for refund/restitution, damages (actual, moral, exemplary), and injunctive relief against harassment.

9) Special notes and edge cases

  • Sole proprietorships and partnerships cannot be “lending companies” under R.A. 9474; the law requires a corporation for a CA.
  • A cooperative lending to members is governed by cooperative law; it should not use “lending company” branding unless separately licensed.
  • Lead generators or “marketplaces” must clearly disclose the licensed lender that will issue credit; the contract and receipts must come from that licensed entity.
  • Name changes/mergers: A legitimate company has amended SEC papers and will disclose the lineage; the CA should reflect the current corporate name or have a documented continuation.

10) Borrower’s document checklist (ask and keep)

  • SEC Certificate of Incorporation (copy)
  • SEC Certificate of Authority (copy)
  • Latest GIS (extract or screenshot)
  • Full loan contract with APR/EIR and itemized fees, amortization schedule
  • Privacy notice and data processing consent record
  • Official receipts and pay-to bank details in the corporate name
  • Customer assistance and complaints procedure (emails, hotlines)

11) Quick template: Request for Proof of Authority

Subject: Request for SEC Certificate of Authority and Disclosures Date: [date]

Dear [Lender], Please provide within three (3) business days:

  1. Your SEC Certificate of Authority to operate as a [Lending/Financing] Company;
  2. The exact corporate name and SEC Registration No.;
  3. The registered address and complaints channel;
  4. The pre-contract disclosures: total finance charge, effective annual rate, all fees, and amortization schedule; and
  5. Your privacy notice and contact for data subject requests. Until provided, consider the account in dispute and suspend any third-party collection.

Sincerely, [Name] [ID/Acct No.]

12) Bottom line

A legitimate lender carries two proofs: corporate existence (SEC registration) and sector authority (SEC Certificate of Authority)—with transparent pricing, lawful data practices, and professional collections. Anything less is a compliance failure at best and illegal lending at worst. Verify the entity name, CA, platform linkage, disclosures, and receipts—and keep a paper trail strong enough to win in any forum.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login