Legitimacy of Lending Companies Registered with SEC in the Philippines

The Legitimacy of Lending Companies Registered with the SEC (Philippines)

Updated for the contemporary Philippine legal framework; written as a practical legal explainer.

1) Why “SEC-registered” matters

In the Philippines, lending to the public as a business is a regulated activity. A company is legitimate only if it has:

  1. Corporate registration with the Securities and Exchange Commission (SEC), and
  2. A separate SEC Certificate of Authority (CA) to operate as a Lending Company.

Without the CA, a firm may be a valid corporation, but it is illegal for it to conduct lending activities. Engaging in lending without a CA exposes promoters and officers to administrative sanctions, civil liability, and criminal penalties under the Lending Company Regulation Act of 2007 (R.A. 9474) and its rules.

2) Core legal framework

  • R.A. 9474 (Lending Company Regulation Act of 2007) and its IRR – the primary statute governing lending companies (LCs).
  • R.A. 8556 (Financing Company Act) – closely related but applies to financing companies (FCs), which can extend credit and perform broader financing activities.
  • R.A. 3765 (Truth in Lending Act) – mandates disclosure of the true cost of credit (finance charges/effective interest).
  • R.A. 10173 (Data Privacy Act) – governs collection, processing, and protection of borrower data.
  • R.A. 11765 (Financial Products and Services Consumer Protection Act, “FCPA”) – strengthens consumer rights and regulatory powers across financial services, including SEC-supervised LCs/FCs.
  • Revised Corporation Code (R.A. 11232) – corporate governance, formation, and reporting rules.
  • Anti-Money Laundering Act (R.A. 9160, as amended)lending and financing companies supervised by the SEC are “covered persons”; they must perform KYC/CDD, keep records, and report covered and suspicious transactions to the AMLC.

Banks and pawnshops are different. Banks and pawnshops are primarily supervised by the Bangko Sentral ng Pilipinas (BSP). Lending companies and financing companies are supervised by the SEC.

3) Who can legally be a “lending company”

  • Form: Must be a corporation (under the Revised Corporation Code). Sole proprietorships and partnerships cannot operate as “lending companies” under R.A. 9474.
  • Name: Corporate name must include the word “Lending Company”, “Lending Investor”, or similar term indicating the lending business, and should match what appears on the SEC CA.
  • Capitalization: Minimum paid-in capital of ₱1,000,000 (under R.A. 9474 and its IRR). Some business models or expansions (e.g., branch proliferation) may require higher capitalization.
  • Foreign ownership: Generally allowed in lending companies subject to constitutional/statutory limits (e.g., activities reserved for Filipinos) and the Foreign Investments Act minimum capital rules for foreign-owned corporations. Careful structuring and counsel are advisable.

4) Licensing sequence (how a legitimate LC is formed)

  1. Reserve and register the corporate name with the SEC and incorporate under the Revised Corporation Code.
  2. Apply for the SEC Certificate of Authority (CA) as a Lending Company, satisfying documentary, fit-and-proper, capitalization, systems, and compliance requirements.
  3. Register with the BIR (TIN, books of accounts, invoices/receipts).
  4. Register for local permits (mayor’s permit, barangay clearance, etc.).
  5. Register with AMLC as a covered person and set up AML/KYC systems.
  6. Register with the National Privacy Commission (NPC), appoint a Data Protection Officer, and adopt a privacy management program (if applicable).
  7. For online lending: comply with SEC rules on online lending platforms (OLPs), digital disclosures, and unfair collection prohibitions before going live.

Display requirements: The SEC CA and business permits should be displayed at the principal place of business (and on the website/OLP, where applicable). The corporate and CA numbers must consistently appear on official documents and marketing materials.

5) What a legitimate LC must do (continuing obligations)

  • Annual SEC filings: General Information Sheet (GIS) and Audited Financial Statements (AFS), on time.
  • Consumer protection: Implement the FCPA standards—fair treatment, disclosure, protection of data and assets, and accessible redress.
  • Truth-in-Lending compliance: Provide clear, written disclosure of the finance charge and effective interest rate (EIR) before consummation of the loan.
  • Debt-collection conduct: Abide by SEC rules prohibiting unfair collection practices (no threats, obscene language, public shaming, unauthorized contact-list scraping, workplace shaming, or contacting unrelated persons).
  • Data privacy: Collect only necessary data, obtain valid consent/appropriate lawful basis, secure data, honor data subject rights, and report notifiable breaches to the NPC.
  • AML/CFT: Perform KYC (identify/verify clients and beneficial owners), monitor activity, and file CTR/STR with the AMLC as required. Maintain records (generally 5 years or as updated by AML rules).
  • Advertising and marketing: Claims must be truthful, contain required disclosures (including EIR and significant fees), and avoid misleading comparisons or bait marketing.
  • Governance and fitness: Directors and officers should meet “fit-and-proper” standards (competence, integrity, diligence) and oversee robust compliance, risk, and internal audit functions proportionate to the LC’s size and complexity.

6) Loan pricing: interest, fees, and charges

  • Usury ceilings are currently not in force (Central Bank Circular No. 905 suspended the Usury Law ceilings).
  • However, courts can strike down or reduce “unconscionable” interest, penalties, and fees. Jurisprudence has repeatedly voided/reduced excessive rates and liquidated damages when they shock the conscience or show bad faith.
  • Transparency is mandatory. The effective interest rate and total finance charge must be disclosed in writing in a form the borrower can keep.
  • Ancillary fees (processing, documentary, collection, late charges, prepayment fees) must be lawful, disclosed, and reasonable. Hidden charges and “junk fees” invite regulatory action and civil claims.

7) Legitimate collection and recovery practices

A compliant LC may:

  • Contact the borrower through lawful channels within reasonable hours.
  • Explain the obligation, options, and consequences professionally.
  • Restructure loans or negotiate settlements where policy allows.
  • Enforce security (if any) or file civil actions for collection.

A compliant LC may not:

  • Harass, threaten, or shame borrowers (including posting on social media, contacting employers or contact lists without basis, using abusive language, or doxxing).
  • Misrepresent authority (e.g., pretending to be law enforcement or court personnel).
  • Seize property extra-judicially if the loan is unsecured or without lawful process.
  • Breach privacy (e.g., scraping a borrower’s contact list via an app without a valid legal basis and informed consent).

Violations can trigger SEC sanctions, NPC penalties, civil damages under the Civil Code (abuse of rights), and even criminal liability when applicable.

8) Online lending and apps

Operating an online lending business is not just “going digital.” It adds obligations:

  • Prior SEC clearance/approval for the online lending platform (OLP) and app roll-out.
  • App conduct: No contact-list harvesting, coercive notifications, or dark patterns; provide clear in-app disclosures of identity, CA number, fees, EIR, privacy practices, and complaint channels.
  • Cybersecurity & resilience: Safeguards for data at rest/in transit, vendor due diligence, incident response, and secure coding practices.
  • Geofencing & geo-disclosures as needed; comply with platform-store policies and Philippine law.
  • Complaint handling: In-app and email/phone redress mechanisms, with defined turnaround times and logs for regulatory review.

9) How to evaluate legitimacy (borrower’s checklist)

  1. Company identity: Legal name matches the name on the SEC Certificate of Authority; CA number is visible on the premises, website, and app.
  2. Contactable and physical: Principal office address, landline/mobile, and email are real and responsive.
  3. Disclosures: Written pre-contract summary of EIR, fees, payment schedule, and penalties; contract copy you can keep.
  4. Privacy: Privacy notice identifies the data controller, DPO, purposes, retention, sharing, and your rights.
  5. Collection policy: Provided in writing; no threats or shaming; channels and hours are reasonable.
  6. Receipts & statements: Official receipts, amortization schedule, and periodic statements available.
  7. Complaints & redress: Clear process, escalation path, and regulatory contacts listed.
  8. No red flags: No pressure to sign blank documents, surrender IDs/ATMs, or install invasive apps without clear necessity and consent.

10) Enforcement and remedies

  • SEC (Enforcement & Investor Protection) – investigates and sanctions unlicensed or abusive LCs/OLPs (e.g., cease-and-desist, revocation, fines, directions to refund/rectify).
  • NPC – enforces privacy compliance, can issue compliance orders and administrative fines.
  • AMLC – receives CTR/STR and can investigate money-laundering concerns.
  • Courts – borrowers may sue for damages, nullity/reformation of unconscionable terms, or seek injunctions.
  • Criminal liability – unlicensed lending or prohibited acts can be prosecuted under special laws and the Revised Penal Code where elements are met.
  • Local governments – may suspend or deny local permits where national law violations exist (without substituting for SEC licensing).

11) Difference between Lending Companies and Financing Companies (at a glance)

Feature Lending Company (LC) Financing Company (FC)
Primary law R.A. 9474 R.A. 8556
Activities Grant loans to the public Broader financing (consumer/enterprise credit, factoring, leasing, etc.)
Supervisor SEC SEC
Minimum capital ≥ ₱1,000,000 paid-in (LC IRR) Generally higher; depends on model and geography (check current SEC rules)
Online operations Subject to SEC OLP rules Same
AML/Privacy/FCPA Applies Applies

12) Tax notes (high-level)

  • Income tax applies to net income.
  • Business taxes depend on classification (e.g., VAT vs. gross receipts tax (GRT) for entities classified as non-bank financial intermediaries), which is fact-specific.
  • Documentary stamp tax (DST) typically applies to loan instruments. Given the complexity and frequent updates, obtain tax advice tailored to your structure and products.

13) Common pitfalls that jeopardize legitimacy

  • Operating with SEC registration but no CA.
  • Using a different trade name from the name on the CA without proper authorization.
  • Misdisclosing or hiding fees; quoting monthly rates without the effective annual rate implication or full finance charge.
  • Harassing collection (especially via invasive mobile-app permissions).
  • Weak AML/KYC (e.g., no beneficial-owner identification, no monitoring, no reporting).
  • Privacy lapses (no DPO, no privacy notice, poor data security).
  • Late SEC filings (GIS/AFS) or failure to update for changes in officers, address, or capital.

14) Practical compliance blueprint (for operators)

  1. Governance: Board-approved compliance, AML, and privacy charters; designate Compliance Officer, AML Officer, and DPO.
  2. Policies & SOPs: Credit underwriting, collections, complaints, vendor risk, information security, app-store compliance.
  3. Disclosures: Standardized pre-contract and contract templates with EIR and all charges; visual loan calculators.
  4. Training: On consumer protection, AML/CFT, privacy, and fair collection.
  5. Monitoring: QA of calls and app flows; audit trails; MIS dashboards on delinquency, complaints, and regulatory deadlines.
  6. Incident response: Playbooks for data breach, cyber incidents, AML alerts, and regulatory exams.
  7. Recordkeeping: Retain KYC and transaction records per AML rules; archive contracts and communications.
  8. Regulatory liaison: Keep CA current, file GIS/AFS on time, and promptly respond to SEC/NPC/AMLC communications.

15) For borrowers: using the law to protect yourself

  • Insist on written disclosures before accepting funds.
  • Keep copies of all documents and receipts.
  • Document abuse (screenshots, recordings where lawful).
  • Invoke your rights under the FCPA and the Data Privacy Act.
  • Seek legal help for unconscionable terms; courts can reduce excessive interest/penalties.
  • Report unlicensed operators and abusive collection to the SEC, privacy violations to the NPC, and cyber-harassment to the NBI/PNP ACG.

16) Bottom line

A lending company’s legitimacy in the Philippines turns on two pillars: (1) proper SEC corporate registration, and (2) a valid SEC Certificate of Authority—followed by ongoing compliance with consumer protection, transparency, AML, privacy, and fair-collection rules. For operators, this is a governance and systems exercise; for borrowers, it is a checklist for safety. In both cases, the law provides clear standards and strong remedies when those standards are ignored.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login