How to Verify SEC Registration of Online Lending Companies (Philippines)

For consumers, compliance officers, founders, and marketplaces that need to confirm whether an online lender is legitimate and properly authorized to operate in the Philippines.

1) Why verification matters

Online lending touches regulated activities: extending credit to the public, handling personal data, advertising financial products, and collecting debts. In the Philippines, a company may not operate a lending business without (1) corporate registration and (2) a separate Certificate of Authority (CA) to Operate as a Lending/Financing Company issued by the Securities and Exchange Commission (SEC). Operating without a CA—or with a revoked or suspended CA—can lead to cease-and-desist orders, criminal and administrative penalties, app takedowns, and civil liability. For borrowers, a quick check helps avoid scams, predatory terms, and unlawful debt-collection practices.

2) The legal framework at a glance

  • Primary laws

    • Lending Company Regulation Act (LCRA): Governs lending companies and requires a CA from the SEC (apart from standard corporate registration).
    • Financing Company Act (FCA): Governs financing companies; online consumer lenders are often incorporated under either LCRA or FCA—what matters is the presence of an SEC CA covering the activity they actually conduct.
    • Truth in Lending Act: Requires clear disclosure of finance charges and the effective cost of credit.
    • Data Privacy Act (DPA): Online lenders process sensitive personal information and must comply with privacy principles, security measures, and—where applicable—register their data processing systems and Data Protection Officer (DPO) with the National Privacy Commission (NPC).
    • Anti-Money Laundering Act (AMLA): Financing/lending companies are “covered persons” for AML purposes and must implement customer due diligence and reporting.
    • E-Commerce Act & Consumer Act: Advertising, online contracting, and consumer-protection rules apply.

  • Key SEC requirements (high level)

    • Incorporate as a stock corporation with minimum paid-in capital required by law/regulations.
    • Obtain SEC Certificate of Incorporation and a Certificate of Authority to Operate as a lending or financing company before commencing business.
    • Keep the CA valid (subject to suspension/revocation if non-compliant).
    • Comply with reportorial requirements (e.g., General Information Sheet, Audited Financial Statements).
    • Follow SEC issuances on online lending platforms (OLPs), advertising/disclosure, and prohibited collections practices (e.g., harassment, doxxing, shaming, contacting persons other than the borrower without legal basis).

Terminology tip: “Registered with the SEC” (corporate registration) is not enough. The decisive document for lending is the Certificate of Authority.

3) The verification workflow (step-by-step)

Use this sequence to validate an online lender in under 15–30 minutes. Save screenshots and notes for your records.

Step 1 — Identify the legal entity behind the app/website

  • Find the corporate name on the website/app footer, “About” page, privacy policy, or loan agreement.
  • Match the developer name on the App Store/Google Play to a Philippine corporation (variance may be acceptable for holding structures, but the lending entity must be identified).
  • Watch for DBAs/brands: The brand name doesn’t confer authority; the corporate name with a CA does.

Step 2 — Confirm corporate registration

  • Obtain the SEC Company Registration Number (e.g., from corporate profile, contract header, or official documents shared by the lender).
  • Check that the registered name, principal office address, and date of incorporation align across all materials (website, loan contract, receipts, and any certificates shown).

Step 3 — Confirm the Certificate of Authority (CA)

  • Ask for (or look for) the SEC Certificate of Authority, which should display:

    • The corporate name and SEC company number
    • The type (Lending Company or Financing Company)
    • The document number and issuance date (and, if applicable, validity/conditions)

  • Verify that the CA covers the activity actually offered (e.g., consumer lending via an online channel).

  • Check whether the company asserts “pending CA” or “for renewal”—those do not authorize lending.

Step 4 — Confirm ongoing compliance signals

  • Reportorial filings: Ask for proof of recent GIS and AFS submissions.
  • Active operations footprint: Registered head office/branches should match the locations disclosed on the app/website and business permits.
  • OLP/website disclosures: The site/app should prominently show the corporate name, SEC Registration Number, CA (or CA number), contact details, and complaint channels.

Step 5 — Check regulatory red flags

  • Enforcement history: Look for SEC Advisories, Cease-and-Desist Orders (CDOs), revocation/suspension notices against the entity or its brands.
  • Prohibited collection practices: Threats, public shaming, contacting persons in the borrower’s phonebook, or misrepresenting as law enforcement are barred conduct and a strong indicator of non-compliance.
  • Advertising claims: “Guaranteed approval,” hidden fees, or non-disclosure of total cost of credit are red flags under truth-in-lending and consumer-protection rules.
  • Privacy intrusions: Demands for blanket access to contacts, photos, and social media without necessity and proportionality can violate the DPA.

Step 6 — Cross-check privacy and AML posture

  • Privacy: Ensure there is a written Privacy Notice and Privacy Policy tailored to lending (not a generic template). Look for a named DPO, contact details, data sharing disclosures (eKYC providers, payment processors), data retention, and user rights.
  • NPC registration/notifications: For larger-scale or sensitive processing, lenders typically register their DPO/data processing systems with the NPC.
  • AML: Lenders should describe their customer due diligence, sanctions screening, and reporting obligations; silence here is a yellow flag.

Step 7 — Validate the actual loan contract

  • The loan agreement must clearly state: principal, interest, all fees/charges, APR/effective interest rate, payment schedule, default triggers, and collection/complaints process.
  • Compare the contract terms with the marketing claims; discrepancies indicate risk.

4) What documents you should see (and how to read them)

Document What to look for Common issues
SEC Certificate of Incorporation Corporate name, registration number, date Not proof of authority to lend
SEC Certificate of Authority (CA) Correct corporate name & number; lending/financing type; issue date “Pending CA” ≠ authority
Articles of Incorporation & By-Laws Primary purpose includes granting loans/financing Purpose too narrow or unrelated
GIS & AFS (recent) Filed on time; directors/officers listed; address matches Lapses suggest compliance risk
Business/Mayor’s Permit Address and line of business match Branches operating without permits
Privacy Policy & NPC filings DPO identified; data practices consistent with app permissions Overbroad data collection
Loan Agreement & Disclosures Clear fees, APR, amortization table Hidden charges, vague fees

5) Special considerations for Online Lending Platforms (OLPs)

  • Platform registration/notification: SEC issuances require lenders using apps/web platforms to meet additional disclosure and reporting duties for their OLPs, including transparency of the corporate name and CA on the platform and in ads.
  • App-store compliance: Apps should name the Philippine corporate entity and display regulatory information on the store listing and in-app.
  • Third-party partners: eKYC providers, payment gateways, and collection agents must be contractually bound to comply with Philippine privacy and financial regulations.
  • Data minimization: The app may not demand intrusive permissions unrelated to creditworthiness or fraud prevention.

6) Practical checklists

A. Five-minute consumer checklist

  1. Corporate name shown? (not just a brand)
  2. SEC CA displayed? (number/date visible)
  3. Full cost disclosed? (fees + APR, not just “per day” interest)
  4. Privacy policy credible? (DPO named; no excessive permissions)
  5. No harassment reports? (reviews/news/forums mention abusive collections)

B. Marketplace/aggregator intake checklist

  • Copy of SEC CA and SEC Registration (PDFs)
  • Latest GIS/AFS or SEC acknowledgment receipts
  • OLP disclosure page link/screenshot showing corporate and CA details
  • Privacy & AML policies; DPO contact
  • Sample loan contract and rate sheet
  • Complaint channel and regulatory contact details

C. Internal compliance review map

  • Governance: Board approval of lending program; compliance officer/DPO appointments
  • Licensing: CA scope suffices for online consumer lending; branches covered
  • Operations: KYC, underwriting, collections scripts aligned with SEC guidance
  • Reporting: SEC reportorial filings on schedule; enforcement monitoring in place

7) How to evaluate interest and fees (truth-in-lending lens)

  • Demand a one-page summary with:

    • Principal and net proceeds (after any upfront fees)
    • Nominal rate vs. Effective APR (inclusive of all finance charges)
    • Tenor and amortization schedule
    • Late fees, default charges, and prepayment terms

  • Beware of “per-day” rates without an annualized view—small daily rates can mask extremely high APRs when fees are included.

8) Debt-collection rules (what is not allowed)

  • Harassment or threats, use of profane language, or public shaming
  • Unauthorized disclosure of the borrower’s debt to contacts/employer
  • Misrepresentation as government/police/court personnel
  • Unreasonable or excessive contact frequency and timing
  • Data scraping of contacts/photos to coerce payment

Borrowers can document incidents (screenshots/recordings, logs of calls/messages) and escalate complaints to the lender’s dedicated channel, then to regulators or law-enforcement as appropriate.

9) Red flags that typically signal unlicensed or non-compliant lenders

  • No CA number anywhere; evasive when asked for it
  • Corporate name does not appear in any documents, only a brand
  • Mismatched addresses, numbers, or names across certificates, website, contract
  • Aggressive permission requests (contacts, photos, social media) without clear necessity
  • Vague or missing fee disclosures; “guaranteed approval” claims
  • Collections contacting people other than the borrower; threats of arrest

10) How to document and preserve your verification file

Create a short memo (one page) with:

  • Entity details: Corporate name, SEC Reg. No., CA No./date, address, directors/officers
  • OLP details: App/website URLs, developer name, disclosure screenshots
  • Compliance artifacts: Copies of CA, GIS/AFS acknowledgments, privacy/AML policies
  • Term sheet: Representative APR and fees; sample amortization
  • Findings & risk rating: Pass/conditional/decline; key gaps and remediation plan

11) For founders: licensing & compliance readiness (before you launch)

  • Choose the right vehicle (lending vs. financing company) and capital structure; secure SEC incorporation and CA.
  • Build policies early: underwriting, collections, complaints handling, data privacy, AML/CFT.
  • Draft clear disclosures and a compliant loan agreement (aligned with Truth in Lending).
  • Implement data minimization in your app—permissions must track genuine necessity.
  • Set up reportorial calendars and audit trails for all filings and regulatory communications.
  • Prepare for app-store governance (accurate corporate identity, regulatory details, complaint channels).

12) Frequently asked questions

Q: Is corporate registration enough? A: No. You need the SEC Certificate of Authority to legally lend to the public.

Q: The app says it is “partnering” with a licensed entity. Is that okay? A: Only if the licensed entity is the actual lender of record and the arrangement is transparent; otherwise, you may be dealing with an unlicensed lender.

Q: Are brand names the same as licensed entities? A: No. Always verify the corporate name on the CA.

Q: Do online lenders have to show their license on the app/website? A: Yes—SEC rules require clear disclosures in advertising and on platforms.

Q: Can lenders access my contacts and photos? A: Broad access unrelated to credit assessment or fraud control is not compliant with privacy and consumer-protection principles.

13) One-page template: Request for proof of authority (you can copy/paste)

Subject: Request for SEC License & Compliance Documents

Dear [Lender], Please provide the following to complete our verification:

  1. SEC Certificate of Authority (Lending/Financing) — copy (PDF)
  2. SEC Certificate of Incorporation and company profile (Reg. No., address)
  3. Latest GIS and AFS (or SEC receipt/acknowledgment)
  4. URL/screenshots showing corporate name and CA on your app/website/app-store listing
  5. Privacy Policy and DPO contact; summary of data processing (including app permissions)
  6. AML/KYC summary (covered person procedures)
  7. Standard loan agreement, rate card, and sample cost disclosure (APR)

Thank you, [Your Name / Team]

14) Bottom line

To verify an online lending company in the Philippines, you need both: (a) a real Philippine corporate entity, and (b) a valid SEC Certificate of Authority that matches the entity’s actual lending activity—plus credible signals of ongoing compliance (reportorial filings, clear disclosures, lawful collections, privacy and AML programs). Anything less is a warning sign.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login