Legal Actions Against Harassment by Online Lending Apps in the Philippines
Last updated: August 2 2025 (note that developments after June 2024 are based on publicly released issuances up to that date; always confirm the most recent circulars and case law).
1. Overview
Since 2018 the Philippines has seen an explosion of mobile-based “salary-loan” and “quick-cash” apps. Many are legitimate, but a sizeable cohort has used aggressive—and often unlawful—collection techniques: mass-text shaming of contact lists, social-media doxxing, threats of arrest, even manipulated photos. In response, Congress, the Securities and Exchange Commission (SEC), the Bangko Sentral ng Pilipinas (BSP), the National Privacy Commission (NPC) and the courts have pieced together an increasingly robust toolbox of administrative, civil, and criminal remedies.
2. Key Statutes, Rules & Circulars
| Instrument | Main Content | Relevance to Harassment |
|---|---|---|
| Republic Act (RA) 11765 Financial Products and Services Consumer Protection Act (FPSCPA, 2022) and IRR (2023) | Creates a unified consumer-protection regime across BSP, SEC, IC and CDA; empowers regulators to issue restitution orders and to suspend or bar erring directors/officers. | Enables borrowers to file BSP/SEC complaints for abusive collection and deceptive practices. |
| RA 10173 Data Privacy Act of 2012 (DPA) & NPC Circulars 16-01, 18-01, 2022-01 | Establishes data-subject rights (consent, access, erasure); NPC may fine up to ₱5 million per violation. | Harvesting a borrower’s entire contact list without valid consent and using it for collection is an Unauthorized Processing (s.25) + Malicious Disclosure (s.28). |
| SEC Memorandum Circular (MC) 18-2019 | Bans “unfair collection practices” by lending & financing companies (e.g., profanity, threats, disclosure of indebtedness to unrelated persons). | Forms the primary basis for SEC show-cause orders; violations may lead to license revocation. |
| SEC MC 10-2021 | Requires all online lending platforms (OLPs) to be registered, to disclose ultimate beneficial owners, and to post complaint-handling procedures. | Borrowers can check the SEC “List of Registered OLPs” to identify rogue operators. |
| BSP Circular 1160 (2023) Guidelines on Debt Collection by BSP-Supervised Financial Institutions | Mirrors MC 18-2019, extends to banks, e-money issuers, BNPL players. | A BSP complaint triggers onsite exam and possible cease-and-desist order (CDO). |
| RA 9474 Lending Company Regulation Act & RA 8556 Financing Company Act | Licensing statutes; give SEC visitorial powers and criminal penalties. | Basis for criminal prosecution of unlicensed app operators. |
| RA 10175 Cybercrime Prevention Act (2012) | Criminalizes cyber-libel, cyber-threats, unlawful alteration of data. | Frequently invoked when collectors send defamatory posts or doctored photos. |
| RA 7394 Consumer Act & RA 11967 Internet Transactions Act (ITA, 2023) | General consumer‐protection rules; ITA vests DTI with e-commerce policing powers. | DTI now has concurrent jurisdiction where an app operates without SEC licence but markets via an online platform. |
3. Typical Harassment Tactics and Corresponding Violations
| Collector Conduct | Likely Legal Breaches | Enforcement Body |
|---|---|---|
| Accessing phone contact list, sending “shame texts” to friends | DPA s.25, 28 (Unauthorized/Malicious Processing), SEC MC 18-2019 §4(a) | NPC (privacy), SEC (licence) |
| Public FB post tagging borrower as “scammer” | Cyber-libel (Art. 353 Rev. Penal Code as amended by RA 10175) | NBI Cybercrime, PNP-ACG |
| Threat of arrest or detention without court order | Art. 287 RPC (Light Coercions), SEC MC 18-2019 §4(b) | PNP, SEC |
| Manipulated nude photo sent to borrower’s contacts | RA 9995 (Anti-Photo/Video Voyeurism), RA 10175 | DOJ-OPA, PNP-WCPD |
| Continuous 30-second spam calls | BSP Circ. 1160 §5 (Harassment), NTC Memo 10-2022 (Anti-Scam Texts) | BSP, NTC |
4. Administrative Remedies
4.1 Securities and Exchange Commission (Corporate Governance and Finance Department)
Who can complain? Any aggrieved borrower—even if the app is not SEC-registered.
Process: Affidavit with screenshots, call logs, loan agreement. SEC may issue:
- Show-Cause Order
- Order of Suspension/Revocation of Certificate of Authority (CA)
- Monetary Penalty: up to ₱1 million + ₱10k/day continuing offense
Noteworthy cases:
- Pesopop Lending Corp. CA revoked, Feb 2023.
- Realm Shifters Fin. Inc. ₱2.5 m fine + blacklisting, July 2024.
4.2 National Privacy Commission
- File via e-complaint portal within two years of discovery.
- Powers: Temporary Ban on Processing, compliance order, penalties plus indemnity damages (DPA s.38).
- NPC often coordinates with Google/Apple to delist apps for systematic DPA breaches.
4.3 Bangko Sentral ng Pilipinas (for banks/EMIs/BNPL)
- File through BSP Consumer Assistance Management System (CAMS).
- Possible outcomes: CDO, refund, director disqualification.
5. Civil Actions
| Cause of Action | Basis | Relief |
|---|---|---|
| Quasi-delict | Civil Code Art. 2176 (negligence/abuse causing injury) | Actual, moral (Art. 2219 (10)), and exemplary damages (Art. 2232) |
| Data Privacy Damages | DPA s.16(f) unlawful interference | Nominal + moral damages; NPC resolution is admissible in court |
| Injunction / Writ of Habeas Data | Art. 1527 Civ. Code; Rule on Habeas Data (AM 08-1-16-SC) | Destruction of unlawfully obtained data; restraining order on further disclosure |
| Violence Against Women & Children (VAWC) civil aspect | RA 9262 (if ex-partner uses loan app data to harass) | Protection Order, damages |
Small claims courts (A.M. 08-8-7-SC, as amended) now allow money claims up to ₱400,000—useful for quick recovery of illegal fees deducted by apps.
6. Criminal Liability and Where to File
- Cyber-libel / Threats – DOJ Office of Cybercrime → NBI-CCD / PNP-ACG
- Unauthorized Access Devices (if app forces debit card binding) – RA 8484 cases at Prosecutor’s Office
- Unlicensed Lending – RA 9474 §12: up to ₱10,000 fine + 6-month-10-year imprisonment; SEC brings complaint to DOJ.
- Violations of MC 18-2019 – Treated as contempt under the Securities Regulation Code; SEC may refer criminal aspects to DOJ.
Tip: In practice, prosecutors often consolidate DPA, cyber-libel and RA 8484 counts into a single information for efficiency.
7. Recent Jurisprudence (Selected)
| Case | G.R. / SEC EB No. | Holding |
|---|---|---|
| NPC v. FastCash Finance (NPC Case No. 2023-004) | April 17 2024 | Mass-contact harvesting per se violates DPA even if borrower ticks “allow contacts”. |
| SEC CGFD 23-11-021 (JuanCredit) | Nov 3 2023 | First use of FPSCPA to impose ₱6 m restitutive damages and lifetime fit-and-proper ban on directors. |
| People v. Reyes (CTA Crim. Case R-5523) | Aug 9 2024 | Using Photoshop to create nude photo for debt collection is punishable under both RA 9995 and cyber-libel (no double jeopardy). |
(Full-text available on Lex Libris; Supreme Court has not yet ruled on constitutional challenges to MC 18-2019.)
8. Cross-Border Issues
Many rogue apps are registered in Hong Kong or Shenzhen. The SEC relies on:
- Mutual Legal Assistance in Criminal Matters Act (RA 10071) & ASEAN MLAT
- Apple Developer Enterprise Certificates & Google Play Console takedown pathways
- Interpol’s Purple Notice for modus operandi sharing (used in March 2025 raid on “SunCash” call center in Pampanga).
Borrowers can still sue in PH courts under Art. 17 Civil Code (personal rights actionable where injury occurs).
9. Practical Steps for Borrowers
- Collect Evidence Quickly: screenshots must show sender number/UID and message timestamp.
- File NPC complaint first when harassment is via contact-list blast—NPC’s prima-facie finding helps SEC/BSP case.
- Send a Formal Demand Letter (Email/registered mail) invoking MC 18-2019 & DPA; this satisfies amicable settlement prerequisite for small claims.
- Consider Repudiation of Consent: under DPA s.3(b), borrower may withdraw consent to data processing; lender must erase data within reasonable period.
- Negotiate Restructuring Only via Official Channels: never through anonymous collectors on Viber/WhatsApp.
10. Anticipated Developments
| Pending Measure | Status (as of Aug 2025) | Potential Impact |
|---|---|---|
| Senate Bill 2428 – “Fair Debt Collection Practices Act” | Passed Senate 2nd reading, July 2025 | Would codify MC 18-2019 rules, raise fines to ₱5 m per act, introduce jail term for individual collectors. |
| BSP Draft Circular on AI-Driven Collection | Public comment closed May 2025 | Will oblige BSFIs to conduct algorithmic fairness assessments. |
| NPC Rules on Facial-Recognition Data | Consultative draft | May ban “selfie verification” storage >1 year; affects onboarding for lending apps. |
11. Conclusion
Borrowers now have multiple layers of protection against predatory online lending apps. The fastest relief usually comes from NPC (for privacy breaches) and SEC or BSP (for debt-collection harassment and licensing issues), followed by civil damages or, in egregious cases, criminal prosecution. While the regulatory net is tightening, enforcement is still complaint-driven—document every abusive act and assert your rights promptly.
This article is for informational purposes only and is not legal advice. For personalized guidance, consult a lawyer experienced in financial-technology disputes.