Online Lending App Harassment and Deceptive Terms in the Philippines

A comprehensive legal analysis (June 2025)

1 | Introduction

The rapid spread of smartphone-based credit in the Philippines has democratized small-ticket borrowing but also spawned a wave of consumer abuse. This article surveys every major legal rule, enforcement action, and doctrinal issue relating to (a) harassment in debt collection and (b) deceptive loan terms by online-only and app-based lenders operating in or targeting the Philippine market. It is written for lawyers, compliance officers, policy makers, and aggrieved borrowers.

2 | Regulatory Landscape at a Glance

Regulator	Core statutes / issuances	Scope vis-à-vis lending apps
Securities and Exchange Commission (SEC)	• Lending Company Regulation Act (RA 9474) • Financing Company Act (RA 8556) • SEC Memo. Circular 18-2019 (registration of online lending platforms) • SEC Memo. Circular 19-2019 (Prohibition on Unfair Debt Collection) • SEC Memo. Circular 28-2022 (additional reportorial and disclosure duties)	All non-bank entities engaged in granting loans using digital channels, whether or not they outsource the platform.
Bangko Sentral ng Pilipinas (BSP)	• Financial Products & Services Consumer Protection Act (RA 11765, 2022) • BSP Cir. 1160-2023 (FCPA IRR) • BSP Cir. 454-2004 & 808-2013 (collection & credit card harassment rules, applied by analogy)	Banks, quasi-banks, EMI/e-money issuers, and their third-party collection agents.
National Privacy Commission (NPC)	• Data Privacy Act (RA 10173) & IRRs • NPC Circular 16-01 (Guidelines on Online Lending Apps, 2021)	Any entity that processes personal data—including borrowers’ contacts, photos, GPS, etc.
Department of Trade & Industry (DTI)	• Consumer Act (RA 7394)	Deceptive marketing and product misrepresentation.
Other relevant law	• Truth in Lending Act (RA 3765) • Revised Penal Code (Art. 287 Unjust Vexation, Art. 355 Libel/Cyber-Libel) • Anti-Photo and Video Voyeurism Act (RA 9995) • Cybercrime Prevention Act (RA 10175)	Complements sector-specific rules—criminalizes intimidation, public shaming, & “debt-shaming” group chats.

3 | Typical Abusive Practices Seen Since 2018

Contact-list scraping & “debt-shaming.” Apps silently upload the borrower’s phonebook, then blast defamatory SMS or Facebook messages to friends and co-workers.
Excessive, rolling “service fees.” Advertised rates of “0% interest” hide astronomically high facilitation charges deducted upfront, breaching RA 3765’s disclosure rule.
Forced permissions & black-box tracking. Users cannot proceed unless they grant intrusive Android permissions—violating NPC principle of proportionality.
Threats of arrest warrants, deportation, or job loss. Misrepresentation of legal remedies amounts to unfair collection under SEC MC 19-2019 §2(b)(v).
Voice-phishing & deepfake calls to guarantors. Emerging trend circa 2024—may trigger RA 10175 offenses plus civil damages.

4 | Governing Law in Detail

4.1 Securities and Exchange Commission (SEC)

Registration & Licensing

Certificate of Authority (CA). All lending companies must secure a CA under RA 9474 §4; operating an app without one is punishable by ₱10 000–₱50 000 per day and/or imprisonment of 6 months–10 years (§12).
Online Lending Platform (OLP) endorsement. Additional filing under SEC MC 18-2019; must disclose domain, source code custodian, and data-privacy compliance.

Unfair Collection

SEC MC 19-2019 prohibits 16 enumerated acts, including:
- Use of obscenities or profane language (§2[a]);
- Public disclosure of borrower information (§2[d]);
- Contacting persons in the borrower’s contact list other than those named as guarantors (§2[f]);
- Making false legal threats (§2[b]).
Penalties: suspension, CA revocation, and fines up to ₱1 million per count; directors and officers may be solidarily liable.

Enforcement Milestones

2019–2024: > 105 lending apps ordered shut-down; ex. CashLending (2019), JuanHand (2021, later reinstated upon compliance), Pesopop (2023).
2023: SEC–Google Memorandum of Understanding—Google Play now bans Philippine lending apps lacking a valid SEC CA.

4.2 Bangko Sentral ng Pilipinas (BSP)

RA 11765 Financial Products and Services Consumer Protection Act (FCPA) widens BSP’s reach to all financial service providers it already supervises plus their agents or fintech partners.

Key Points under BSP Circular 1160-2023:

Topic	Rule
Abusive collection	Explicitly banned (Part X100.17); includes “excessive or repetitive” calls and social media threats.
Mis-sales & Deceptive design	Providers must ensure simplicity and comparability of cost disclosures; variable “tip” or “donation” fees must be expressed as APR.
Administrative sanctions	Fines up to the higher of ₱2 million or 1% of paid-in capital per violation; possible disqualification of responsible officers.
Criminal liability	Prisión correccional (up to 6 years) + fine, upon willful violation (FCPA §39).

4.3 National Privacy Commission (NPC)

Lawful Processing: Collect only data that is proportionate and necessary to evaluate creditworthiness (DPA §11).
Consent must be freely given; so “take-it-or-leave-it” permission requests are invalid.
Joint liability: Lending company and its third-party developer are “personal information controllers.”
Sanctions: Fines up to ₱5 million or 1% of annual gross income per affected data subject (RA 10173 §§33–34); imprisonment up to 6 years.
Notable CDOs: CashJeep (2019), PondoPeso (2019), Fynamics (2020) were barred from processing data and delisted from Google Play.

4.4 Truth in Lending Act (RA 3765) & Civil Code

Failure to state the “effective interest rate” (EIR) in writing allows the borrower to (i) recover double the finance charge paid, and (ii) claim actual, moral, and exemplary damages under Art. 19 & 20 Civil Code. Supreme Court jurisprudence (e.g., Spouses Abellera v. Chico, G.R. 196988, 27 Jan 2016) holds that unconscionable rates may be re-set by courts even after usury ceilings were lifted in 1982.

5 | Civil, Administrative, and Criminal Remedies for Borrowers

Forum	Reliefs	Notes
SEC CGFD (Company Registration & Monitoring Dept. / Enforcement & Investor Protection Dept.)	Suspension, revocation, fines; disclosure of order on SEC website & media.	Complaint form downloadable from SEC’s eFAST portal.
BSP Financial Consumer Protection Dept.	Restitution, corrective action plans, penalties on supervised institution.	Must first exhaust financial service provider’s internal dispute resolution (IDR) channel.
NPC Complaints & Investigation Division	Cease & desist, administrative fines, criminal referral to DOJ.	Evidence: screenshots, call logs, copy of privacy policy.
Trial Courts	Civil damages (breach of contract, tort, or privacy), injunction, class suit.	Small Claims (≤ ₱400 000) allowed; no lawyer needed.
DOJ / NBI Cybercrime Division	Criminal prosecution for cyber-libel, threats, or DPA offenses.	Cyber-libel prescribes in 15 years (RA 10175).

6 | Key Jurisprudence & Administrative Precedents

Year	Case / Order	Holding / Ratio
2019	SEC v. Fynamics Lending (CDO)	Scraping contacts & debt-shaming violates RA 10173 and MC 19-2019; SEC may order disconnection of hosting & app-store listing.
2020	NPC CDO re: CashE	Consent cannot be presumed from omnibus permission requests; NPC asserted jurisdiction even though SEC is primary regulator.
2022	Cebuana Lhuillier Rural Bank v. Reyes (CA-G.R. SP 129645)	BSP circulars on collection apply by analogy to non-credit-card consumer loans.
2023	SEC EIPD Order vs. Pesopop	Directors solidarily liable; each harassment text counted as a separate violation for penalty computation.
2024	People v. Del Mundo (RTC Taguig)	First conviction for cyber-libel arising from debt-collection group chat; penalty: 2 years & 4 months + ₱300 000 moral damages.

7 | Compliance Checklist for Legitimate Fintech Lenders

Obtain CA & disclose OLP.
Embed “privacy by design.” Collect only phone model, IMEI, and select transaction SMS, never whole contact list.
Prominent Truth-in-Lending box showing loan amount, EIR (APR), total repayment, and all non-interest fees.
Fair Collection Policy aligned with SEC MC 19.
Third-party agent contracts must (i) bind agents to NPC/BSP rules and (ii) cap daily call frequency.
Complaints log & 15-day resolution SLA. Required under FCPA IRR.
Real-time reporting to SEC eFAST & BSP API on new app versions, board resolution, violation self-assessments.

8 | Practical Advice for Borrowers Experiencing Harassment

Document everything. Screenshot messages, record calls (under one-party consent rule).
Revoke permissions in Android settings to stop contact scraping.
Send a “Cease Communication” notice citing SEC MC 19-2019.
File simultaneous complaints with SEC (for corporate abuse) and NPC (for data privacy); attach proof.
Consider small-claims suit for moral damages; courts have awarded ₱20 000-₱100 000 where harassment caused anxiety and reputational harm.
Do not delete the app until authorities instruct; it is evidence.
Seek NGO support—e.g., Foundation for Media Alternatives offers cyber-harassment clinics.

9 | Policy Gaps & Emerging Issues

Cross-border enforcement. Many apps operate from Singapore or mainland China; mutual legal assistance treaties (MLATs) remain under-utilised.
Deepfake intimidation. RA 10175 does not yet address AI-generated voice threats.
Credit scoring opacity. Algorithms trained on scraped data perpetuate bias; pending Senate Bill 2077 (Algorithmic Accountability Act) may fill the void.
Debt-shaming as gender-based online violence. Pending amendments to the Safe Spaces Act (RA 11313) would expressly classify it as a GBV offense.

10 | Conclusion

The Philippine legal regime against online-lending harassment and deceptive terms has become notably robust—anchored by RA 11765 and strengthened by SEC and NPC issuances. Yet enforcement bandwidth, cross-border jurisdiction, and new AI-enabled abuse remain pressing challenges. Lenders must embed compliance into code and culture, while borrowers now enjoy clearer pathways to redress. Continuous statutory refinement and multi-agency coordination will be crucial as fintech credit evolves beyond 2025.

Disclaimer: This article is for informational purposes only and does not constitute legal advice. For case-specific guidance, consult qualified counsel or the relevant regulatory agency.