Lending Company Harassment: Legal Limits and How to Complain to the SEC and NPC in the Philippines

Lending Company Harassment in the Philippines: Legal Limits and How to Complain to the SEC and NPC

This guide explains what counts as harassment by lending and financing companies (including online lending apps), the laws that protect you, and exactly how to complain to Philippine regulators: the Securities and Exchange Commission (SEC) and the National Privacy Commission (NPC). It’s written for borrowers, employees targeted by collectors, and anyone assisting a complainant. It is general information, not legal advice.

1) Who regulates what?

  • SEC (Securities and Exchange Commission) – Regulates lending companies (RA 9474) and financing companies (RA 8556), including most online lending platforms (OLPs/OLAs). It sets fair collection rules and can issue cease-and-desist orders, suspend or revoke licenses, and impose fines.

  • NPC (National Privacy Commission) – Enforces the Data Privacy Act of 2012 (RA 10173). It investigates privacy violations like scraping your phone contacts, unauthorized disclosure of debt, public shaming, or processing personal data beyond what’s necessary or consented to.

  • Other agencies that may also help (depending on facts):

    • PNP/NBI for threats, extortion, or other crimes (Revised Penal Code; Cybercrime Prevention Act).
    • BSP if the collector is a bank or BSP-supervised entity (not typical for SEC-licensed lending companies).
    • DTI for general consumer issues with non-SEC entities.
    • NTC for SIM misuse, spam calls/SMS.

2) The legal backbone (plain-English)

  • Lending Company Regulation Act (RA 9474) & IRR – Requires lending companies to be SEC-registered and to hold a Certificate of Authority. Unlicensed lending is illegal.
  • Financing Company Act (RA 8556) – Similar licensing and conduct requirements for financing companies.
  • Financial Products and Services Consumer Protection Act (RA 11765) – Imposes fair treatment standards and prohibits abusive collection practices across financial firms, and empowers regulators (including the SEC) to sanction violators.
  • Data Privacy Act (RA 10173) – Requires lawful processing, transparency, proportionality, security, and confidentiality of your personal data; prohibits unauthorized disclosure and processing; provides for complaints and sanctions through the NPC.
  • Revised Penal Code & Cybercrime law – Make it a crime to issue grave threats/coercion, defamation (including online), unjust vexation, or use forged/simulated legal documents.

3) What counts as abusive or harassing debt collection?

Below are red-flag behaviors often penalized by the SEC and/or NPC. A single act can violate multiple laws at once.

Contact & conduct

  • Repeated calls or messages at unreasonable hours (e.g., late night/very early morning) or at an excessive frequency designed to harass.
  • Use of obscene, profane, or demeaning language; name-calling; bullying.
  • Threats of arrest, criminal cases, or police action when the debt is purely civil (no criminal complaint exists).
  • Misrepresenting as a lawyer, sheriff, court officer, or government official, or sending fake “warrants”/“subpoenas”.

Third-party disclosure & shaming

  • Texting/calling your family, employer, co-workers, or phone contacts about your debt, or creating group chats to shame you.
  • Posting your photo or personal data on social media, or sending mass messages to your contacts to pressure payment.
  • Contacting your employer to coerce payroll deduction (without lawful basis or consent).

Data privacy abuses

  • Scraping your phone contact list, photos, location, or other data that are not necessary for lending or not covered by valid consent.
  • Continuing to process your data after you revoke consent where consent is required and no other lawful basis exists.
  • Retaining data beyond necessary periods or insecure storage leading to leaks.
  • Failing to honor data subject rights, such as your Right to Object or Right to Erasure (when applicable).

Unfair documentation & misrepresentation

  • Simulating legal papers (e.g., “Notice of Garnishment” with no court case).
  • Misstating amounts due, adding undisclosed charges, or giving impossible payment deadlines meant purely to intimidate.

Key principle: Collectors may remind you of your obligation and offer payment options, but they cannot harass you, shame you, or misuse your data to pressure you.

4) Your rights as a borrower and data subject

  • To be treated fairly and respectfully, free from threats and shaming.
  • To know the identity of the collector and the licensed company they represent.
  • To verify licensing (SEC registration and Certificate of Authority).
  • To receive accurate information on your balance, fees, and due dates.
  • To data privacy: informed consent where required, purpose limitation, minimal data collection, secure processing, and the ability to exercise your Right to Access, Rectification, Erasure (where applicable), Data Portability, and to Object.
  • To complain to the SEC (conduct/licensing) and NPC (privacy), and to pursue criminal/civil remedies if threatened, defamed, or otherwise harmed.

5) Evidence you should gather before complaining

Create a secure folder and compile:

  • Screenshots/recordings of calls, SMS, in-app chats, emails, social media posts/PMs, group chats.
  • Caller IDs and numbers, dates/times, and frequency logs.
  • Copies of messages sent to your employer, family, or contacts.
  • Photos/scans of any “legal-looking” documents received.
  • Loan documents: application, e-mails, disclosure statements, payment receipts.
  • App details: name and version, permissions you granted, app store listing screenshots.
  • Your attempts to resolve: emails/texts invoking your rights (e.g., “stop contacting my employer,” “delete scraped contacts,” “provide an account ledger”).
  • Proof of identity (for regulators to verify complainant).

Tip: Immediately export chat histories and download copies of social posts, since abusive collectors often delete them later.

6) How to complain to the SEC (harassment, unfair collection, licensing)

Who should complain? Borrowers, family members, employers, or any person harassed by collectors of an SEC-regulated lending/financing company or their agents.

What the SEC can do: Investigate, subpoena records, order firms to cease abusive practices, fine, suspend, or revoke their Certificate of Authority, and take down abusive online apps or pages in coordination with platforms.

Step-by-step (practical):

  1. Identify the company Note the exact business name, trade name/app name, and (if available) the Certificate of Authority number. If you only know the app name, say so and provide all identifiers you have (numbers, pages, email domains).

  2. Write a concise, chronological narrative

    • Who contacted you, when, how often, and what they said/did.
    • Which third parties (employer, family, contacts) were contacted.
    • Any threats/misrepresentations.
    • What you did to resolve (e.g., requested a ledger; objected to third-party disclosure).

  3. Attach evidence (see checklist above). Label files clearly (e.g., 2025-09-12_Threat_SMS_0917xxxxxxx.png).

  4. File your complaint with the SEC

    • Submit online via the SEC’s public complaint channels or in person/by mail at an SEC office/extension office.
    • Address it to the unit handling lending/financing and enforcement.
    • Include your contact details for updates.

  5. What to request Ask the SEC to:

    • Investigate unfair or abusive collection and misrepresentation;
    • Direct the company to cease contacting third parties;
    • Order correction of account records (if there are false charges);
    • Consider administrative sanctions and app takedown where applicable;
    • Coordinate with the NPC regarding data-privacy violations.

  6. After filing

    • Keep your reference number.
    • Respond promptly to any SEC requests for additional documents.
    • Continue preserving new incidents and send supplements.

If the firm appears unlicensed (no SEC registration/authority), emphasize this. Unlicensed lending is unlawful, and the SEC routinely issues cease-and-desist orders and criminal referrals in such cases.

7) How to complain to the NPC (privacy abuses, contact scraping, shaming)

When to go to the NPC: If the lender or its agents scraped your contacts, disclosed your debt to others, publicly shamed you, processed excessive data, refused your data-subject request, or suffered a breach affecting you.

What the NPC can do: Order a company to stop unlawful processing, delete unlawfully obtained data, notify affected individuals, improve security, and penalize violators. It can also recommend criminal prosecution for DPA offenses.

Step-by-step (practical):

  1. First write to the company (PIC/processor)

    • Assert your data-subject rights (Access/Object/Erasure as applicable).
    • Demand cessation of third-party contacts and deletion of scraped contacts.
    • Set a reasonable deadline (e.g., 10–15 days) to respond in writing.

  2. Prepare your NPC complaint package

    • Narrative affidavit describing the data misuse and harm (attach ID).
    • Proof of the violation (screenshots, call logs, app permissions, shaming posts).
    • Copy of your letter to the company and their response (or proof of no response).
    • Reliefs requested (stop processing, delete data, sanction, damages—if any).

  3. File with the NPC

    • Submit via the NPC’s online channels or email, or at its office.
    • Clearly label the complaint as against a lending/financing company or online lending app and cross-reference your SEC complaint (if filed).

  4. Follow-through

    • Keep the docket/reference number.
    • Reply to NPC directives (clarifications, additional docs).
    • If shaming posts continue, send updates immediately.

8) Model complaint templates (copy-paste and adapt)

A) SEC Complaint (unfair/abusive collection)

Subject: Complaint vs. [Company/App Name] for Abusive Collection and Unfair Practices

I, [Full Name], of legal age and residing at [Address], file this complaint against [Exact Company Name, if known] a lending/financing company operating as “[App/Trade Name]”.

Summary:
On [dates], collectors of the respondent engaged in abusive collection practices against me, including [threats/shaming/third-party contacts/misrepresentation]. They contacted [list third parties, e.g., employer/family/contacts] on [dates], disclosing my supposed debt.

Details:
• Account/App: [Name], Loan No.: [if any], Date Availed: [date]
• Nature of abuse: [short bullet points per incident with date/time/platform]
• Attempts to resolve: [requests for ledger/stop contacting; results]

Legal Grounds:
These acts violate fair collection rules under lending/financing laws and consumer protection standards, and appear to involve data-privacy breaches (unauthorized disclosure/misuse of contacts).

Reliefs Sought:
1) Immediate order to cease abusive collection and third-party contacts;
2) Administrative sanctions (fines/suspension/revocation as warranted);
3) Coordination with NPC for data-privacy violations;
4) Correction of my account records and written confirmation.

Attachments:
[Enumerate screenshots, call logs, documents]

Contact Details:
[Mobile/Email]

I certify that the facts stated herein are true and supported by the attached evidence.

[Signature]
[Date]

B) NPC Complaint (data-privacy violations)

Subject: Data Privacy Complaint vs. [Company/App Name] for Unauthorized Processing and Disclosure

I, [Full Name], file this complaint under RA 10173 against [Company/App], acting as Personal Information Controller/Processor.

Allegations:
• The respondent scraped my phone contacts without necessity/valid consent.
• They disclosed my alleged debt to [names/roles] on [dates].
• They used threatening/shaming messages in group chats/posts.

Harm Suffered:
[Embarrassment at work, risk to employment, mental distress, etc.]

Prior Action:
On [date], I wrote to the company asserting my rights (Access/Object/Erasure). They [did not respond/responded inadequately] within [X] days. (Attached.)

Reliefs Sought:
1) Order to cease unlawful processing and third-party contacts;
2) Deletion of unlawfully obtained personal data (including contacts);
3) Sanctions as appropriate and directive to implement safeguards;
4) Written confirmation to me and to affected third parties, if any.

Attachments:
[Evidence list + copy of notice to company and ID]

[Signature]
[Date]

9) If you are being harassed right now

  • Document and preserve: Do not argue; screenshot/record and save files off-device (cloud/USB).
  • Send a “cease and desist” text/email to the collector and a formal note to the company’s official address (if known).
  • Notify your employer (if they are contacted) that third-party disclosure is unlawful and that regulators are being engaged.
  • Block numbers that are purely abusive (but keep at least one official channel open to receive account statements/settlement offers).
  • Report threats immediately to PNP/NBI (especially if there are threats of harm, extortion, or doxxing). Bring your evidence.

10) Settlement, payment, and safe communication

  • Ask for a full account ledger (principal, interest, penalties, dates applied).
  • Request written settlement offers and pay only through official channels that issue receipts.
  • Avoid verbal promises; confirm agreements in writing (email/SMS).
  • If you pay, keep proof and request a clearance.
  • Never share OTP codes, full card details, or unnecessary personal data.

11) Common questions (FAQ)

Q1: Can a collector contact my employer or relatives? Generally no—disclosing your debt to third parties is an unfair practice and can be a privacy violation unless it’s strictly necessary, lawful, and proportionate (rare).

Q2: I “consented” to contacts when I installed the app. Does that allow shaming? No. Consent must be informed, specific, and freely given; it cannot authorize unlawful disclosures or harassment, and you may withdraw consent (subject to legal bases for necessary processing).

Q3: They sent a “warrant of arrest.” Is that real? Debt from a loan is generally a civil matter. Only courts/police issue real warrants, and only in criminal cases. Fake legal documents are a serious offense.

Q4: The company is unlicensed. Where do I go? File with the SEC (unlicensed lending is unlawful) and also consider criminal complaints if there are threats or fraud.

Q5: Can I claim damages? You may seek civil damages for harassment/defamation/privacy breaches in court, in addition to administrative complaints with the SEC/NPC.

12) Practical drafting tips (to strengthen your case)

  • Be specific: who, what, when, where, how (include timestamps).
  • Map evidence to allegations: each allegation should cite a screenshot or file.
  • Use neutral language; let the facts and screenshots speak.
  • Cross-file: If you file with both SEC and NPC, mention each case in the other filing.
  • Protect third parties: If your contacts were harassed, ask them for brief affidavits and screenshots.

13) Quick checklists

Harassment indicators (any two or more is enough to complain):

  • Persistent late-night calls/texts
  • Profane/insulting language
  • Threats of arrest/cases without basis
  • Contacting employer/family/contacts
  • Public shaming/group chats/social posts
  • Fake legal notices

Privacy violation indicators:

  • App requested Contacts/Photos/Location not necessary for lending
  • Contacts received debt-shaming messages
  • Company ignored your Right to Object/Erasure request
  • Data leaked or posted publicly

Your “go-bag” (digital):

  • Narrative affidavit (1–2 pages)
  • Evidence folder (dated filenames)
  • ID, loan docs, receipts
  • Letters to company (and proof of sending)
  • Draft SEC and NPC complaints

14) Final notes

  • You are not required to tolerate harassment to address a loan. Legitimate collectors communicate professionally and provide clear account information and lawful repayment options.
  • Administrative complaints (SEC/NPC) can run in parallel with criminal/civil remedies if your situation involves threats, defamation, or fraud.
  • If the harassment escalates or you fear for your safety, prioritize law enforcement and seek help from trusted counsel or legal aid clinics.

Minimal one-page “Cease Harassment” notice (you can send today)

[Date]
[Company/Collector Name]
[Official Email/Channel if known]

Re: Cease and Desist from Abusive Collection and Unauthorized Disclosure

I am [Your Name], borrower under [App/Account]. On [dates], your agents engaged in abusive collection, including [harassment/third-party contacts/shaming]. These acts violate fair collection rules and the Data Privacy Act.

DEMANDS:
1) Immediately cease all abusive communications and third-party contacts;
2) Provide a written account ledger (principal, interest, fees, dates);
3) Confirm deletion of any scraped contacts and unlawful posts within 5 days.

Future communications must be professional and limited to official channels. Further violations will be reported to the SEC and NPC and, if necessary, to law enforcement.

Sincerely,
[Your Name]
[Contact Information]

If you want, I can turn your facts and screenshots into polished SEC and NPC complaint drafts and a tightly organized evidence index—just share the key dates, the app/company name, and the messages you’ve saved.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login