How to Verify SEC Registration of Fintech Lenders in the Philippines

How to Verify SEC Registration of Fintech Lenders in the Philippines

Practical, step-by-step guidance on confirming whether a digital lender is legally allowed to operate in the Philippines, with the relevant legal backdrop and compliance checklists.

Why verification matters

Digital lending touches highly regulated terrain. In the Philippines, most non-bank lenders fall under the Securities and Exchange Commission (SEC) framework, and operating without the proper authority can expose consumers and counterparties to fraud, abusive practices, unenforceable contracts, and data-privacy risk. Verifying status before you borrow, partner, or integrate via API is both a consumer protection step and a corporate risk-control measure.

Legal framework at a glance

  • Revised Corporation Code (R.A. 11232): Corporate existence and basic corporate governance.
  • Financing Company Act (R.A. 8556): Governs financing companies (installment financing, BNPL-style credit, factoring; generally larger capitalization).
  • Lending Company Regulation Act of 2007 (R.A. 9474): Governs lending companies (direct lending as a business). → Key point: A lender needs a Certificate of Authority (CA) from the SEC in addition to basic corporate registration.
  • Securities Regulation Code (R.A. 8799): SEC’s enforcement and rule-making powers (e.g., advisories, cease-and-desist orders).
  • Truth in Lending Act (R.A. 3765): Mandatory disclosure of finance charges.
  • Data Privacy Act (R.A. 10173): If the lender uses an app/portal, expect registration with the National Privacy Commission (NPC) and compliant privacy practices.
  • Bangko Sentral ng Pilipinas (BSP) perimeter (various circulars): Banks and entities doing e-money or operating a payment system need BSP authorization. Many fintech lenders are SEC-licensed lenders but may also separately be BSP-registered OPS/EMI if they process payments or issue e-money.

Bottom line: For a fintech lender, the decisive SEC items are (1) corporate registration and (2) Certificate of Authority. For app-based lenders, each Online Lending Platform (OLP) must also be registered with the SEC.

What “registered with the SEC” should mean (for lenders)

  1. Corporate registration – A Certificate of Incorporation under its exact corporate name, an SEC Registration No. (often reflecting the year), Articles of Incorporation and By-laws.

  2. Certificate of Authority (CA) – A separate, sectoral license authorizing it to operate as a lending company (R.A. 9474) or financing company (R.A. 8556).

    • The CA will show the corporate name, CA number, and date of issuance.
    • No CA = not allowed to lend as a business, even if the corporation exists.

  3. Online Lending Platform (OLP) registration – If credit is offered via a website/mobile app, the platform itself should be registered with the SEC before deployment. The app/site must disclose the corporate name, SEC Reg. No., CA No., principal office, and official contact channels.

  4. Up-to-date filings – Annual General Information Sheet (GIS) and Audited Financial Statements (AFS) filed with the SEC indicate the entity is active and compliant.

Step-by-step verification workflow

Step 1 — Gather identifiers and disclosures

Ask the lender (or locate in its app/website/documentation):

  • Corporate name (exact, including “Inc.”/“Corp.”/“Corporation”).
  • SEC Registration No. and date of incorporation.
  • Certificate of Authority No. (CA No.) and date of issuance.
  • Type of entity: Lending Company (R.A. 9474) or Financing Company (R.A. 8556).
  • Registered address and official email/phone.
  • Platform details: URLs, app store listing(s), and OLP registration data.
  • Trade/brand names used in marketing (must tie back to the corporate name).

If the entity refuses to provide the CA or gives only a “SEC Registration” for the corporation, treat as high risk. The CA is mandatory for lending/financing activity.

Step 2 — Check corporate existence and purpose

Review (or request copies of):

  • Certificate of Incorporation and Articles of Incorporation: The primary purpose should expressly authorize lending/financing.
  • By-laws: Standard governance.
  • Confirm paid-in capital meets the applicable law/regulatory minimums (e.g., lending companies generally at least ₱1,000,000; financing companies typically higher).
  • Verify that the corporate name matches what the app/site presents (no bait-and-switch brand).

Step 3 — Validate the Certificate of Authority (CA)

  • Ensure the CA is genuine, current, and issued to the exact corporate name and address.
  • Check for suspension/revocation (e.g., due to violations or non-filing).
  • Confirm that lending/financing is the authorized activity (not some unrelated secondary license).

Step 4 — Confirm the Online Lending Platform (OLP)

  • Each app/website used to grant loans must be registered with the SEC prior to public availability.
  • The app listing and in-app legal/imprint pages should show: corporate name, SEC Reg. No., CA No., office address, and contact channels.
  • Mismatch between app brand and the corporate/CA details is a red flag.

Step 5 — Review ongoing compliance signals

  • GIS & AFS: Check that the latest filings are made (suggests the company is active and monitored).
  • Disclosures: Finance charges and fees should be transparent (Truth in Lending Act).
  • Debt collection conduct: No harassment, “contact-list scraping,” shaming, or threats. These behaviors signal likely regulatory violations and can lead to SEC enforcement and NPC sanctions.

Step 6 — Map regulatory perimeter (if relevant)

  • If the lender issues e-money or operates a payment system, it should also show evidence of BSP authorization (e.g., OPS registration/EMI license), on top of the SEC CA.
  • If it claims to be a crowdfunding intermediary/portal, look for the SEC’s crowdfunding license (that’s a different regime from lending).

How to read and test the documents you receive

  • Certificate of Incorporation

    • Check corporate name (exact string), SEC Registration No., and date.

  • Articles of Incorporation

    • The primary purpose clause should explicitly state lending or financing activities.
    • Note authorized capital stock and paid-in capital.

  • Certificate of Authority (CA)

    • Confirm CA No., issue date, entity type (lending vs. financing), signatory, and validity status.

  • General Information Sheet (GIS)

    • Identify current directors/officers, resident agent (if foreign-owned), and the principal office.

  • Audited Financial Statements (AFS)

    • Cross-check capitalization and going-concern notes.

Ask for clear scans or originals. If available, check for QR codes/watermarks and validate through official channels.

Distinguishing lenders, financing companies, and banks

  • Lending Company (R.A. 9474): Typically extends direct loans; lower capital minimum; often retail/consumer loans, salary loans, short-tenor credit. Must have SEC CA.
  • Financing Company (R.A. 8556): Broader asset-based or installment financing (e.g., merchant BNPL, auto financing), often higher capitalization; also needs SEC CA.
  • Bank / quasi-bank / EMI / OPS: Under BSP—a separate license stack. A fintech can be both SEC-licensed (for lending) and BSP-registered (for payments). Verify both if claims cross these lines.

Practical red flags

  • Presents only a DTI business name or barangay/Mayor’s permit as “proof” of authority to lend. (These are not substitutes for an SEC CA.)
  • Corporate name on documents does not match the app/website or the CA.
  • Claims “SEC registered” but, when pressed, can’t produce a CA.
  • OLP not disclosed to the SEC; app store listing lacks corporate/CA details.
  • Harassing collections, contact-list scraping, or public shaming.
  • Upfront fees demanded before any loan is approved and disbursed (classic scam indicator).
  • Foreign domain or overseas entity marketing to PH consumers with no PH corporate presence or CA.

If you’re a consumer: quick checklist (save this)

  1. Ask for: SEC Reg. No. + CA No. + corporate name.
  2. Check that the app/website shows the same details.
  3. Review the primary purpose (lending/financing) and address.
  4. Look for transparent pricing (interest, fees, total cost).
  5. Watch for collection-abuse warnings; avoid if any.
  6. Prefer lenders with recent filings and clear customer-service channels.

If you’re a business partner or platform: enhanced due diligence

  • Obtain and archive certified copies of SEC Registration, Articles/By-laws, CA, latest GIS/AFS, and OLP registrations.
  • Require warranties that the lender holds and will maintain all authorizations (SEC CA, OLP registration, and if applicable BSP authorizations) and will notify you of suspension/revocation.
  • Add termination rights for regulatory breaches and indemnities for consumer, data-privacy, and regulatory claims.
  • Conduct screening on directors/officers (watchlists, sanctions, litigation/enforcement history).
  • Review debt-collection SOPs, scripts, and vendor contracts to ensure no abusive practices.
  • For API integrations, ensure data-privacy and information-security controls align with the Data Privacy Act and your internal standards.

Special cases

  • Foreign fintech lenders: Lending to PH residents as a business typically constitutes doing business locally; they must secure the appropriate license to do business and a CA (and register their OLP) before offering loans in the Philippines.
  • Microfinance NGOs: They may lend under separate legislation and certifications; verify the NGO’s status and applicable rules if that’s the model being used.
  • Crowdfunding / P2P marketplaces: These fall under distinct SEC crowdfunding rules. Confirm the platform’s license and the nature of the instrument being offered.

What to do if something looks wrong

  • Stop engagement and collect evidence (screenshots of app pages, disclosures, messages, fee schedules, payment instructions).
  • Report suspected illegal lending or abusive practices to the appropriate authorities (e.g., SEC enforcement channels).
  • For privacy violations (contact scraping, doxxing), also notify the National Privacy Commission.
  • For harassment/extortion, consider PNP-ACG/NBI-CCD complaints, keeping copies of messages and call logs.
  • If you already paid, preserve receipts and transaction references; consult counsel on potential restitution or civil/criminal remedies.

Frequently asked questions

Is a corporate SEC registration enough? No. A lender must hold a Certificate of Authority to legally engage in lending/financing. Corporate registration alone is insufficient.

What if an app says “SEC registered” but lists a different company in the receipt? That’s a red flag. The entity extending credit should match the name on the CA and the app disclosure.

Can individuals operate as lenders? Habitual lending as a business generally requires incorporation and a CA. Individuals offering occasional private loans are a different case but cannot masquerade as a lending company.

Do BNPL providers need a CA? If they extend credit as a business (even if embedded at checkout), they typically need a financing or lending CA. If they also process payments or hold e-money, BSP authorization may additionally apply.

One-page verification checklist (printable)

  • Corporate name (exact)
  • SEC Registration No. & date
  • Certificate of Authority (CA) No. & date
  • Entity type: Lending / Financing
  • Articles’ primary purpose includes lending/financing
  • OLP (app/website) registered; disclosures present in app listing and site
  • GIS/AFS: latest filed
  • Fees/interest clearly disclosed (R.A. 3765)
  • No abusive collection practices or privacy violations
  • If applicable: BSP authorization (OPS/EMI)
  • Contracts include warranties/termination for regulatory status

Final word

In the Philippine context, verifying a fintech lender is fundamentally about the SEC: corporate registration plus a valid, current Certificate of Authority, with any online lending platform duly registered and disclosed. Everything else—pricing transparency, data-privacy posture, and collection conduct—flows from (and is far easier to police after) that core status check.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login