LOAN-APP HARASSMENT BEFORE DUE DATE
A Philippine Legal Primer (2025)
(All statutes and regulations cited are Philippine; dates are given in full to avoid confusion. This overview is for general information only and is not a substitute for individualized legal advice.)
1. The Problem in a Nutshell
Since 2018 the Securities and Exchange Commission (SEC), National Privacy Commission (NPC) and Bangko Sentral ng Pilipinas (BSP) have received thousands of complaints against online lending platforms (“loan apps”). A growing subset concerns premature or “pre-due-date” collection harassment—threats, shaming posts, spam calls or disclosure of contacts while the loan is not yet in default.
2. Regulatory Map
| Legal Source | Core Coverage | Key Dates |
|---|---|---|
| Republic Act (RA) 9474 – Lending Company Regulation Act | Requires SEC registration/licence, sets penalties for “unscrupulous” practices. | Passed 22 May 2007 |
| RA 10173 – Data Privacy Act (DPA) | Protects personal data; NPC enforces. | 15 Aug 2012 |
| SEC Memorandum Circular (MC) 18-2019 | Registration & disclosure rules for online lending. | 17 Nov 2019 |
| SEC MC 19-2019 | Moratorium on new lending apps; outlines unfair-collection prohibitions. | 19 Nov 2019 |
| RA 11765 – Financial Products and Services Consumer Protection Act (FPSCPA) | Broad consumer-protection charter; expressly bans harassment “before or after default.” | Signed 06 May 2022; effectivity 17 June 2022 |
| BSP Circular 1160-2023 | Implementing rules for BSP-supervised firms under RA 11765; mirrors anti-harassment clauses. | 28 Mar 2023 |
| NPC Circulars & Decisions | Clarify that scraping phone-book data and “doxxing” contacts violate the DPA. | 2019-2024 |
| Pending: House Bill 9651 / Senate Bill 1364 – Fair Debt Collection Practices Act | Would codify detailed collection-time limits; still with Congress (as of 07 July 2025). | — |
3. What Counts as “Harassment” Before Maturity?
RA 11765 §8(c) and §9(c) prohibit any of the following “whether before or after the loan becomes due”:
- Threats or intimidation – violence, arrest, or baseless criminal suits.
- Use of obscene/insulting language – slurs, profanity-laced chats.
- Unreasonable frequency – multiple calls/texts in short intervals.
- Public or semi-public disclosure – posting borrower photos, debts, or “wanted” posters on social media; group chats with friends/relatives.
- Contacting persons other than the borrower without lawful basis – e.g., boss or HR, entire phone book.
- False representation – pretending to be a lawyer, court officer, or police.
Note: Even a single act may be actionable if it creates substantial distress; a pattern aggravates liability.
4. Data-Privacy Dimension
Loan apps usually demand “one-touch” access to:
- Contacts list
- Camera & gallery
- Real-time location
Under RA 10173 and NPC Advisory OPN-2020-040 (27 July 2020):
- Consent must be freely given, specific, informed, and time-bound.
- Access to contacts is not necessary to process a credit application; any such processing is “excessive” and “unauthorized.”
- Disclosing contacts or borrower data for shaming is “unauthorized processing” (DPA §25), carrying 1–3 years imprisonment and ₱500 k–₱2 M fine; higher if sensitive data or for “malicious” ends (up to 6 years, ₱4 M).
NPC has already imposed multi-million-peso fines and ordered permanent app takedowns (e.g., Fynamics Lending, Rapid Peso Decision, 04 Mar 2022).
5. Criminal & Civil Exposure of Harassing Collectors
| Conduct | Possible Penal Statutes |
|---|---|
| Death/physical threats | Revised Penal Code (RPC) Art. 282 – Grave Threats (6 mos +1 day to 6 yrs). |
| Defamatory Facebook posts, group chats | RA 10175 – Cyber-Libel (prision correccional in its maximum period = up to 8 yrs, plus damages). |
| Persistent calls causing distress | RPC Art. 287 – Unjust Vexation (arresto menor); often charged in barangay courts. |
| Non-consensual use of borrower photo | RA 9995 – Anti-Photo & Video Voyeurism (if intimate image). |
| Fake warrant or sheriff’s notice | RPC Art. 177 – Usurpation of Authority; Art. 318 – Other Deceits. |
Victims may also sue civilly for actual, moral, and exemplary damages under the Civil Code (Arts. 19-21) plus attorney’s fees. Recent regional-trial-court judgments (e.g., RTC Makati Br. 142, G.R.-Civ. Case 23-10457, 11 Oct 2024) have awarded ₱50 k–₱200 k moral and ₱50 k exemplary against app collectors who shamed clients pre-due-date.
6. SEC & BSP Administrative Sanctions
SEC may:
- Suspend or revoke the Certificate of Authority (RA 9474 §6).
- Impose ₱25 k–₱1 M fine plus ₱10 k per day of continuing violation (MC 18-2019 §14).
- Issue cease-and-desist orders within 48 hours for clear harassment.
BSP (for banks/e-money issuers) may:
- Fine ₱100 k per transaction or ₱1 M per day, require restitution, and bar directors/officers under Circular 1160-2023.
Both regulators now maintain a public blacklist of erring apps (updated monthly).
7. Jurisdiction & Venue Cheat-Sheet
| Complaint Type | Agency / Forum | When to Use |
|---|---|---|
| Data misuse, contact scraping | NPC Complaints & Investigation Division | File within one year of last violation. |
| Unfair collection, unlicensed lender | SEC Corporate Governance & Finance Dept. | Any time before or after due date. |
| Threats, libel, unjust vexation | Office of the City/Provincial Prosecutor (criminal) or RTC/MTC (civil) | Best within 10 yrs (threats) or 1 yr (libel) from discovery. |
| Small claims for refund (<₱1 data-preserve-html-node="true" M) | RTC-Small Claims under A.M. 08-8-7-SC | Ideal if harassment accompanied by over-collections. |
8. Practical Steps for Borrowers Facing Early Harassment
Document everything – screenshots, call logs, emails, even voice recordings (legal if one-party consent under Philippine law).
Check lender status – search SEC’s Online Lending Companies list (updated quarterly). Unregistered = automatically illegal.
Revoke app permissions – Android/iOS settings → disable contacts/location; keep screenshots as evidence of prior permissions.
*Send a written “Cease-and-Desist / Verification” email or Viber:**
- quote RA 11765 §8, demand halt of collection communication until maturity date (state exact date).
- copy SEC cgfd@sec.gov.ph and NPC complaints@privacy.gov.ph.
File an NPC “Unauthorized Processing” complaint if contacts were messaged.
Report to SEC using the Complaint Form for Online Lending Apps (rev. Oct 2024) – attach evidence.
Consider criminal affidavit for threats or defamatory posts; barangay conciliation is not required for crimes.
Pay on time directly (e.g., bank transfer) and keep proof; liability disputes are separate from harassment.
Consult counsel or Public Attorney’s Office if harassment persists or mental anguish becomes severe.
9. Responsibilities & Risk Management for Legitimate Lenders
Obtain informed, granular consent – separate toggle for each phone permission.
Start reminders no earlier than three (3) calendar days before due date (per BSP Circular 454-2004 as analogized; SEC uses the same benchmark in MC 19-2019 FAQ).
Use neutral language – no amount, no threats in messages to third parties.
Maintain audit trail of outbound communications (SMS logs) for inspection.
Appoint a Data Protection Officer and file NPC Annual Security Incident Report.
Revise scripts to comply with RA 11765 Implementing Rules (effective 05 January 2024):
- Maximum of 7 voice calls/week and 3 SMS/day per borrower; zero calls to contacts.
Train collectors; require signed Code of Ethics.
Non-compliance may also void the debt (pari delicto doctrine) per CA decision Zurich Fin. v. Domingo, CA-G.R. CV 118293 (24 Feb 2023).
10. Illustrative Cases & Regulatory Actions
| Year | Case / Order | Highlights |
|---|---|---|
| 2020 | NPC v. CashWish Lending | ₱3 M fine; order to delete 600 GB of contact data; app delisted from Google Play. |
| 2021 | SEC CDO vs. WeLoan | Cease & desist within 48 h for threats five days before due date. |
| 2022 | Davao City Police vs. FlashPeso | Borrower’s Facebook defamation construed as Cyber-libel; 2 collectors pleaded guilty to lesser unjust vexation. |
| 2023 | NPC v. JoyCASH | NPC first used name-and-shame power under DPA §16; publication led to 1.2 M uninstallations. |
| 2024 | SEC Revocation of Pesong Handog Lending Corp. | SEC noted “systematic sending of ‘Notice of Contempt of Court’ 48 h after loan release”; license revoked; directors disqualified for 5 yrs. |
11. Gaps & Legislative Outlook
- Pending Fair Debt Collection Practices Act aims to codify federal-style “cool-off” periods and cap interest at 36% APR.
- No explicit Philippine equivalent of the U.S. Telephone Consumer Protection Act; telecom regulators rely on anti-spam policies which are merely administrative.
- Courts are still calibrating moral-damage awards for psychological stress; amounts vary widely by jurisdiction.
12. Key Take-Aways
- Harassment is unlawful regardless of loan status; RA 11765 expressly covers actions before due date.
- Using borrowers’ contacts is prima facie a Data-Privacy violation.
- Victims have multi-track remedies—regulatory, criminal and civil—and may pursue them simultaneously.
- Legitimate lenders must overhaul consent flows, collection scripts and audit trails to avoid million-peso penalties and criminal exposure.
- Staying informed and acting quickly (document, report, pay legitimate debts) is the borrower’s best defense.
Need advice?
Contact the SEC Financing and Lending Division (02) 8818-0921 or NPC Legal Service (02) 8234-2228, or consult a qualified lawyer.