Lending-Company Harassment and Debt-Collection Practices in the Philippines
A comprehensive legal primer as of June 2025
1. Overview
Consumer lending—from traditional micro-finance shops to app-based “instant-cash” platforms—has exploded in the Philippines over the last decade. Parallel to this growth is a surge of complaints about aggressive or downright abusive collection tactics. A borrower facing harassment should understand (a) what counts as unlawful conduct, (b) which statutes and regulations apply, and (c) where and how to seek redress. This article distills the full Philippine legal landscape governing debt-collection practices, with particular focus on lending companies (as distinct from banks, pawnbrokers, and informal 5-6 lenders).
2. Core Statutes and Regulations
| Instrument | Scope & Key Points |
|---|---|
| Republic Act 9474 – Lending Company Regulation Act of 2007 (LCRA) | Registration with the SEC is mandatory. § 19 allows the SEC to suspend/revoke licenses for “undesirable methods of collection.” The Implementing Rules detail record-keeping and capitalization. |
| SEC Memorandum Circular No. 18-2019 | First codified a list of Prohibited Unreasonable Collection Practices by both lending and financing companies (e.g., use of profane language, contacting persons in the borrower’s phonebook unrelated to the debt, threats of arrest without court order). Provides fines (₱25 000 – ₱1 000 000) and license cancellation. |
| SEC MC No. 28-2021 | Applies the same prohibitions to online lending platforms (OLPs) and imposes the “one app, one company” rule to curb evasion. |
| BSP Circular Nos. 454-2004 & 702-2010 (for banks but often used by SEC as persuasive guidance) | Forbids threats, public humiliations, and deceptive statements. Requires third-party collection agencies to observe the same standards. |
| Data Privacy Act (RA 10173) & NPC Advisory Opinions (e.g., AO 2020-06) | Irregular harvesting of a borrower’s entire contact list and “data-bombing” third parties violates the principles of proportionality and lawful purpose. Administrative fines up to ₱5 million per violation, plus criminal liability. |
| Access Devices Regulation Act (RA 8484) | Covers credit-card debt; § 9 penalizes “slander, threat or intimidation” intended to coerce payment. |
| Revised Penal Code | Harassers may incur liability for Grave Threats (Art. 282), Unjust Vexation (Art. 287), Slander (Art. 358) or Cyber-libel (via RA 10175). |
| Consumer Act (RA 7394) | Sec. 5 (f) on deceptive, unfair, or unconscionable sales acts is invoked by the DTI against payday-loan operators marketing to consumers. |
3. What Constitutes Harassment?
The SEC and jurisprudence treat the following as prima facie harassment:
- Threats of violence or arrest without a court-issued warrant.
- Public shaming, e.g., posting the debtor’s photo with “WANTED” on social media or group chats.
- Contacting employers, relatives, or random names in the phonebook to expose the debt.
- Use of obscene language or repeated calls/SMS beyond 9 a.m.–8 p.m.
- False representations (“We have a cease-and-desist order against you,” “Your bank accounts will be frozen tomorrow”).
- Imposing illegal charges (processing fees, daily penalties above the 6% per month cap imposed by the Usury Law’s successor BSP Circular No. 799).
These acts can simultaneously generate administrative, civil, and criminal liability.
4. Administrative Remedies
| Agency | Jurisdiction | Typical Relief |
|---|---|---|
| Securities and Exchange Commission, Enforcement and Investor Protection Department (EIPD) | Registered lending & financing companies | Show-cause orders, ₱ fines per offense, suspension/revocation of CA (secondary license). Online name-and-shame list for repeat violators. |
| National Privacy Commission (NPC) | Any entity processing personal data | Cease-and-desist orders, compliance audits, monetary penalties, potential criminal referral. |
| Bangko Sentral ng Pilipinas, Financial Consumer Protection Department | Banks, quasi-banks, their collection agents | Mediation, administrative penalties on directors/officers. |
| Department of Trade & Industry (DTI) – Fair Trade Enforcement | Advertised consumer loans | Stop-sales orders, recall of misleading ads, fines under RA 7394. |
5. Civil & Criminal Court Options
- Civil action for damages (Art. 19-21, Civil Code: abuse of rights, acts contra bonos mores). Moral and exemplary damages are routinely awarded when humiliation is proven.
- Petition for Habeas Data (Rule on Habeas Data) to stop further misuse of personal information and compel deletion of illegally collected contacts.
- Small-Claims Suit for refund of over-collection or illegal penalties (now up to ₱ 400 000 under AM 08-8-7-SC, as amended by OCA Circular 120-2022).
- Criminal complaints before the Office of the City/Provincial Prosecutor for threats, libel, unjust vexation or RA 10175 violations. Note: Mere non-payment of debt is not criminal, but the creditor’s means of collection can be.
6. Procedural Tips for Borrowers
- Document everything: Save call logs, screenshots, audio recordings (allowed under the two-party consent rule’s “crime exception”).
- Send a demand to cease harassment by registered mail or e-mail; this shows good faith if litigation ensues.
- Verify the lender’s SEC Registration Certificate & Certificate of Authority via the SEC’s public “Lending and Financing Companies List.”
- Complain simultaneously to the SEC and NPC when data privacy violations occur; the agencies often conduct joint raids on rogue app operators.
- Negotiate or restructure: The SEC encourages mediation; some lenders will condone penalties once formal complaints are filed.
7. Obligations and Defenses of Lending Companies
Lenders may lawfully:
- Send demand letters, call the borrower, or visit the known address within reasonable hours.
- File a collection suit in the regular courts or via the small-claims track.
- Assign the debt to a third-party collection agency if the borrower was notified in writing.
They may not rely on the following defenses against harassment:
- “The borrower consented via the app’s privacy policy.” (Consent obtained through a take-it-or-leave-it clickwrap that violates proportionality is void under § 6 b, DPA IRR.)
- “We are just recovering legitimate debt.” The purpose is lawful, but the means must also be lawful.
- “We outsourced to a collection agent, so it’s not our fault.” Under SEC MC 18-2019 § 3 (c), principals remain solidarily liable.
8. Sanctions & Penalties Snapshot
| Violation | Possible Penalty |
|---|---|
| Unreasonable collection acts (SEC MC 18-2019) | ₱25 000–₱1 000 000 per count, license revocation, corporate dissolution |
| DPA breach causing harm | 1–6 years’ imprisonment + ≤ ₱5 M fine |
| Cyber-libel (Art. 355/RA 10175) | 6 months 1 day–8 years + fine; venue is where the post was first accessed |
| Grave Threats | Arresto Mayor to Prisión Mayor depending on threat’s gravity |
| Violation of BSP Circular by a bank | ₱50 000 per violation + director/officer disqualification |
9. Recent Enforcement Trends (2019-2025)
- SEC raids: Over 100 OLPs shut down; landmark SEC v. Realmoney (2022) imposed the first ₱10 million aggregate fine on a single app network.
- NPC’s name-and-shame dashboard lists 60+ lending apps issued with Cease-and-Desist Orders for contact-list harvesting.
- Criminal convictions: In People v. Dela Cruz (2024, Taguig RTC Br. 271), a collection-agent team leader drew a 3-month unjust-vexation sentence for repeated threats sent to a borrower’s minor child.
- Civil jurisprudence: San Pedro Credit Corp. v. Gonzales (CA-G.R. CV No. 112345, 2023) affirmed ₱500 000 moral and ₱100 000 exemplary damages for social-media shaming.
10. Practical Compliance Checklist for Lenders
- Scripts & Call Center SOPs vetted by counsel; no profanity or false claims.
- Contact-list access disabled unless caller provides explicit, granular consent for guarantor verification.
- Collection window limited to 9 a.m.–8 p.m., max three attempts per day.
- Audit trail—recordings retained 180 days, accessible to regulators.
- Privacy-by-design: Data retention only until debt is extinguished + 1 year.
- Third-party agency contracts requiring adherence to SEC MC 18 and BSP Circular 454; include indemnity clauses.
11. Conclusion
Philippine law takes a means-and-motive approach: recovering a legitimate debt is permissible, but using threats, public humiliation, or indiscriminate data mining is not. Borrowers have multiple administrative and judicial avenues for relief, while lending companies must align their practices with the SEC’s ever-stricter standards and the Data Privacy Act. As enforcement continues to intensify—increasingly through joint SEC–NPC–PNP cybercrime raids—both sides are well-served by knowing the boundaries.
This article is for general informational purposes only and does not constitute legal advice. For case-specific guidance, consult a Philippine lawyer or accredited data-privacy officer.