Is a Lending Company Legit? How to Verify With the SEC and Avoid ‘Pay Insurance Before Release’ Loan Scams

Is a Lending Company Legit? How to Verify With the SEC and Avoid “Pay Insurance Before Release” Loan Scams (Philippine context)

TL;DR. In the Philippines, lending companies and financing companies must be registered with the Securities and Exchange Commission (SEC) and hold a Certificate of Authority (CA) before they can operate. Legit lenders do not ask you to send money first (e.g., “insurance,” “tax,” “activation,” “BIR fee”) to a personal e-wallet before releasing a loan. Any valid fees (including credit-life insurance, DST, or processing) are properly disclosed and are usually deducted from the proceeds or paid via official channels with receipts—not by top-ups to an agent. If you’ve already paid, preserve evidence and report to the SEC (EIPD), your bank/e-wallet for dispute, and law enforcement.

1) Who regulates what (so you know where to check)

  • SEC – registers corporations and supervises lending companies (RA 9474) and financing companies (RA 8556). These firms must have a Certificate of Authority to Operate in addition to their SEC company registration.
  • BSP – supervises banks, digital banks, pawnshops, and money service businesses. If the “lender” is a bank, verify with BSP (not SEC).
  • Insurance Commission (IC) – supervises insurers and insurance agents. If someone insists on “insurance before release,” the insurer/agent must be properly licensed with IC.
  • Cooperative Development Authority (CDA) – supervises credit cooperatives (they are not SEC-registered corporations).
  • National Privacy Commission (NPC) – enforces the Data Privacy Act (RA 10173) against abusive contact-scraping and shaming tactics by collectors.
  • Financial Consumer Protection Act (RA 11765) – gives regulators (including SEC and BSP) stronger powers against unfair, deceptive, abusive acts and practices (UDAAP).

Bottom line: If it’s not a bank or cooperative, a consumer lender should be SEC-registered + CA-licensed. No CA, no legitimate lending.

2) Step-by-step: How to verify a lender with the SEC (and related checks)

Ask the representative to send these in writing (screenshot/email):

  1. Exact corporate name (as it appears in SEC records).
  2. SEC Company Registration Number (e.g., CS20xxxxxx).
  3. SEC Certificate of Authority (CA) Number and status (Active/Revoked) as a Lending Company or Financing Company.
  4. Principal business address, landline, corporate email domain (e.g., @company.com), and website/app name(s).
  5. Data Privacy Officer (DPO) contact (required under the Data Privacy Act for most covered entities).
  6. If they require insurance: name of the insurer, Insurance Commission license details, and who receives the premium.

Then do this:

  • SEC database search: Confirm the corporate name and CA status (active, suspended, revoked).
  • SEC advisories: Check if the entity or app is the subject of an SEC Investor Alert/Advisory.
  • Online Lending Platforms (OLPs): If it’s an app, confirm that the app name is owned/operated by the same SEC-licensed company (scammers often use one name to collect money and another to advertise).
  • Cross-check contacts: Public listings, office location, corporate email—not free mail (e.g., @gmail.com) for official loan documents.
  • If it’s a bank: Verify with BSP (bank directory).
  • If it’s a cooperative: Verify with CDA.
  • If insurance is required: Verify the insurer/agent with the Insurance Commission and ask for the policy schedule before paying any premium.

Tip: A legitimate lender will not refuse to provide the CA number and will not rush you from inquiry → upfront payment. Eagerness + pressure is a red flag.

3) “Pay insurance before release” — when it’s a scam vs. when it’s legitimate

Common scam patterns

  • “We approved you! Pay ₱X insurance (or ‘BIR fee,’ ‘activation,’ ‘DST,’ ‘bank code’) via GCash/PayMaya to my personal account so we can ‘release’ your loan.”
  • They show a fake approval slip, fake remittance screenshot, or countdown (“releasing in 10 minutes!”) to pressure you.
  • They refuse to deduct the fee from the loan and insist on a separate upfront transfer.

What legitimate looks like

  • Some loans (e.g., mortgages, certain auto loans, credit-life insurance) may truly have insurance premiums or statutory costs (e.g., Documentary Stamp Tax).

  • Legit lenders disclose all charges in writing under the Truth in Lending Act (RA 3765) and consumer protection rules.

  • Premiums/fees are either:

    • Deducted from the loan proceeds; or
    • Billed through official channels (company account, official receipts), not a personal e-wallet.

  • If insurance is required, you should receive: insurer name, policy/COI, coverage/amount, premium computation, cancellation/refund rules, and contact for claims.

Rule of thumb: If they can’t or won’t deduct any “insurance/fee” from the loan proceeds—and instead demand a personal transferwalk away.

4) Fees, rates, and disclosures you should see

  • Truth in Lending Act (RA 3765): You are entitled to clear disclosure of the finance charge, annual percentage rate (APR), total amount to be paid, and schedule before you sign.
  • Caps on small, short-term loans: Policy has evolved to limit the total cost of credit charged by lending/financing companies (particularly for small-value, short-term, unsecured loans, including many app-based loans). Exact caps can change—check current circulars.
  • No hidden add-ons: Processing/service fees must be clearly itemized; late fees and penalties must be disclosed up front.
  • Contract copy: You should receive a copy of the contract and disclosure statement (paper or e-copy). Electronic signatures are recognized under the E-Commerce Act (RA 8792), but you must still get a copy.

5) Data privacy & collections: what’s allowed (and what’s not)

  • Data Privacy Act (RA 10173): Lenders must collect only what’s necessary, inform you of purpose, and secure your data.
  • Contact scraping & shaming (e.g., messaging your family/workmates, posting your photo online, using threats) is unlawful/unfair and has been the subject of SEC directives and NPC enforcement.
  • Fair collections: Calling at reasonable times, speaking only to you (or authorized persons), and no threats/harassment. You may demand all communications be in writing.

If harassed:

  1. Document calls, texts, chat handles, and screenshots.
  2. Complain to SEC (for UDAAP by lending/financing companies) and NPC (for privacy violations).
  3. Consider a criminal complaint (e.g., grave threats, unjust vexation, libel/cyberlibel, or extortion) with PNP/ACG or NBI based on the facts.

6) Quick due-diligence checklist (use this before engaging)

  • ☐ Company gives SEC Registration No. and CA No. (and they match public records).
  • ☐ Entity is not under an SEC advisory; CA is Active (not revoked/suspended).
  • App/website name is linked to the same SEC-licensed entity.
  • No upfront money demands to personal accounts.
  • All fees (insurance/DST/processing) are disclosed and deductible from proceeds or paid via official channels with OR.
  • Clear contract + disclosure statement provided before signing.
  • Privacy notice and DPO contact available.
  • No pressure tactics / “limited time” release claims.

7) Red flags that usually mean “scam”

  • Pay insurance before release” (or “BIR/clearance/bank code”) via GCash/PayMaya to personal names/numbers.
  • Can’t produce a CA number or corporate name exactly matching SEC records.
  • Uses one name in ads, another to collect payments.
  • No office address, free email only, no landline.
  • Asks for your OTP or asks you to screen-share banking apps.
  • Refuses to deduct fees from the loan proceeds.
  • Unreasonable promises (guaranteed approval, same-day large loans with no documents).

8) If you already paid (or sent your ID), do this now

  1. Stop all transfers. Do not send “second/third fees.”

  2. Preserve evidence: screenshots, chat logs (full threads), voice notes, e-wallet receipts, bank proof, IDs you sent, call logs.

  3. Dispute the transfer:

    • E-wallet/bank: Open a fraud/dispute ticket immediately; provide the transaction IDs and reason (“advance fee fraud / loan scam”).
    • If card was used, ask about a chargeback.

  4. Report to regulators/law enforcement:

    • SEC – Enforcement and Investor Protection Department (EIPD) (for illegal lending / unregistered entities / unfair practices).
    • PNP Anti-Cybercrime Group or NBI Cybercrime Division (for estafa, threats, identity theft).
    • NPC (for privacy violations if they scraped/abused your contacts).

  5. Secure your identity:

    • If you sent IDs/selfies, monitor your e-wallets and bank accounts; change PINs/passwords; enable 2FA.
    • Consider replacing compromised IDs if advised by the issuing agency.

  6. Future contact: If they keep demanding money, reply once in writing that you will only deal through official corporate channels and you have reported the incident—then block and keep records.

9) Sample language you can copy-paste

Request for proof of authority

Hi. Before we proceed, please send the exact SEC corporate name, SEC Registration No., and SEC Certificate of Authority No. to operate as a Lending/Financing Company, plus your principal office address and corporate email. If your loan requires insurance, please provide the insurer’s name, IC license details, and a draft Certificate of Insurance showing coverage and premium. Thank you.

Declining an upfront “insurance” payment

I don’t pay any fee upfront to personal accounts. Under the Truth in Lending Act, all charges must be disclosed in writing and may be deducted from the loan proceeds or paid via official company channels with receipts. If you cannot do that, I’ll discontinue this application.

Notice to a harassing collector

Under Philippine consumer protection and data privacy laws, you may not harass, threaten, or contact my family/work for collection. Please put any legitimate communication in writing via your official corporate email. Further harassment will be documented and reported to SEC/NPC and law enforcement.

10) Key laws & principles (plain-English)

  • RA 9474 (Lending Company Regulation Act) & RA 8556 (Financing Company Act) – require SEC registration plus a Certificate of Authority to operate.
  • RA 3765 (Truth in Lending Act) – you must be shown all finance charges and APR before you commit.
  • RA 11765 (Financial Consumer Protection Act) – prohibits unfair, deceptive, abusive acts/practices; strengthens redress and enforcement.
  • RA 10173 (Data Privacy Act) – limits data collection/processing; harassment via contact-scraping and “shaming” can violate this law.
  • E-Commerce Act (RA 8792) – recognizes e-signatures and electronic documents if properly executed.

Practical effect: A lender without a valid CA is illegal; a lender that hides fees or demands personal transfers is likely abusive or fraudulent; collectors that harass can be penalized.

11) FAQs

Q: The agent says the CA is ‘under renewal’ so I must pay a ‘release insurance’ now. A: No. A firm may not operate without a valid CA. “Insurance before release” to a personal wallet is a classic advance-fee scam.

Q: Can a legit lender make me buy insurance? A: Some products require credit-life/MRI/fire insurance. You should get the insurer details and policy. Premiums are ordinarily financed/deducted or paid through official company channels—never to personal accounts.

Q: They’re a cooperative—no SEC records. Is that okay? A: If it’s truly a cooperative, verify with CDA. Cooperatives are not SEC-registered corporations.

Q: The interest seems high but they’re registered. Legal? A: Registration doesn’t excuse UDAAP or undisclosed charges. For many small, short-term loans, rate/fee caps apply to lending/financing companies. Always check the disclosure statement; walk away if it’s unclear.

12) Borrow smart: a short pre-loan workflow

  1. Need & budget: Know exactly how much and how you’ll repay.
  2. Shop: Compare at least 3 legitimate lenders.
  3. Verify: SEC/BSP/CDA/IC as applicable; confirm CA and OLP ownership if app-based.
  4. Read: Contract + disclosure statement; note APR, fees, due dates, penalties.
  5. Decide: If any upfront transfer is demanded to a personal accountstop.
  6. Keep copies: Save your contract, disclosures, receipts, and policy (if insured).

13) Final reminders (and when to seek help)

  • Never pay personal accounts for “release fees,” “insurance,” “codes,” or “BIR taxes.”
  • Always ask for the SEC CA number and verify it.
  • Document everything.
  • If you suspect fraud or abusive practices, report promptly and consider legal assistance—especially if sizeable sums are involved or threats are made.

Regulatory rules (e.g., rate caps, lists of authorized apps, contact points) can change. For the latest, verify directly with the SEC/BSP/CDA/IC/NPC using their official channels.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login