Online Lending App Harassment and Overcharging Philippines

Online Lending App Harassment and Over-Charging in the Philippines

A comprehensive legal overview (updated to 18 June 2025)

1. Introduction

The explosion of smartphone‐based “online lending apps” (OLAs) has expanded financial inclusion in the Philippines—especially during the pandemic years—but has also spawned an alarming rise in borrower harassment, privacy violations, and usurious charges. While much of the early fintech ecosystem grew faster than the law, regulators and Congress have since erected an increasingly dense web of statutes, circulars, and jurisprudence to curb abuses. This article distills everything a Philippine lawyer, compliance officer, or aggrieved borrower needs to know about the subject as of mid-2025.

2. Core Statutes and Regulatory Actors

Law / Instrument Key regulator(s) Salient provisions
Lending Company Regulation Act of 2007 (RA 9474) Securities and Exchange Commission (SEC) Licensing for “lending companies”; imprisonment + ₱10 k–₱50 k fine for operating without authority.
Financing Company Act of 1998 (RA 8556) SEC Parallel framework covering “financing companies.”
Truth in Lending Act (RA 3765) Bangko Sentral ng Pilipinas (BSP) / SEC Mandatory cost-of-credit disclosures; penalties for nondisclosure.
Financial Products and Services Consumer Protection Act (FPSCPA, RA 11765, 2022) BSP, SEC, Insurance Commission, Cooperative Development Authority Over-arching consumer-protection powers, including cease-and-desist (CDO), restitution, and administrative fines of up to ₱50 million or 0.5 % of total income, whichever is higher.
Data Privacy Act (RA 10173) National Privacy Commission (NPC) Lawful basis, proportionality, and consent for data processing; fines up to ₱5 million and imprisonment for malicious disclosure.
Cybercrime Prevention Act (RA 10175) DOJ-OOC / PNP-ACG Cyber-libel, computer-related threats, and “doxxing.”
Consumer Act (RA 7394) & Civil Code Arts. 19-21, 1229, 1306, 1956 DTI / Courts Unconscionable interest may be equitably reduced; moral-damages basis for harassment.

Special SEC Memorandum Circulars (MC)

  1. MC 18-2019Registration of Online Lending Platforms (OLPs).
  2. MC 19-2019Prohibition of Unfair Debt-Collection Practices.
  3. MC 28-2021 – Mandatory disclosure of all websites, apps, and social-media accounts; non-compliance is prima facie evidence of illicit operations.
  4. MC 1-2024 (revoking MC 16-2020 pilot sandbox) – Tightens OLA accreditation; introduces ₱100 k processing fee and quarterly IT audits.

BSP Circulars 1097-2020 (credit-card caps) and 1165-2023 (small-loan rate guidance) provide persuasive benchmarks when courts evaluate OLA interest, even though non-bank lenders are not directly covered.

3. Licensing and Operational Requirements

  1. Corporate form. An OLA must first be a stock corporation (> ₱1 million paid-in capital under RA 9474; ₱10 million under RA 8556).
  2. Certificate of Authority (CA). Issued by the SEC’s Corporate Governance and Finance Department (CGFD). Operating without a CA is both an administrative and criminal offense.
  3. Online Lending Platform (OLP) registration. Each mobile app or website must be separately reported under MC 18-2019 and re-confirmed semi-annually (MC 28-2021).
  4. Disclosure & TILA compliance. Effective interest rate (EIR), total loan amount, all fees, and collection methods must appear on the first user screen before any data capture.
  5. NPC registration & privacy-by-design. Apps that scrape contacts, photos, or location must document a lawful basis and file a Privacy Impact Assessment (PIA).

4. Harassment and Unfair Debt Collection

4.1 Prohibited acts (SEC MC 19-2019, § 1)

  • Publishing or broadcasting the borrower’s personal data, debts, or photos (“shaming”).
  • Using profane, obscene, or threatening language.
  • Misrepresenting oneself as a lawyer, officer of the court, or law-enforcement agent.
  • Threatening arrest, garnishment, or service of fake “subpoenas.”
  • Contacting the borrower’s phone contacts or social-media friends.
  • Collection calls/messages outside 6 a.m.–10 p.m. without prior written consent.

Violations trigger: (a) administrative fines up to ₱1 million + ₱10 k/day of continuing offense; (b) CA revocation; or (c) criminal prosecution under RA 9474 § 13 or the Revised Penal Code (grave threats, unjust vexation, libel, etc.).

4.2 Data-Privacy Overlay

Using a borrower’s phone book to pressure payment is an unauthorized processing (§ 25, DPA) and often a malicious disclosure (§ 31). The NPC has repeatedly slapped OLAs with cease-and-desist orders (“Fynamics Cash-on-Line,” 2020; “SunCash,” 2023) and administrative fines of ₱300 k+ per count.

5. Over-Charging, Usury, and Interest-Rate Limits

The Usury Law (Act 2655) ceilings were suspended by Central Bank Circular 905-1982, but unconscionable rates remain voidable. Courts have reduced or nullified interest ranging from 5 % to 15 % per month as “iniquitous” (e.g., Spouses Abay v. Gullas, G.R. 214461, 11 Jan 2018; Nacar v. Gallery Frames, 716 Phil. 267 [2013]). Relevant guardrails:

Reference rate Typical cap
BSP Circular 1165-2023 (≤ ₱10 k, ≤ 4 months) 0.15 %/day (≈ 4.5 %/mo) interest + 5 % one-time fee
Credit-card cap (Circular 1097-2020) 3 %/mo interest; ₱200 late-payment fee

Under RA 3765 and §4 of MC 18-2019, undisclosed charges are per se illegal and must be refunded with legal interest.

6. Criminal Exposure of OLA Operators

Offense Law Penalty
Unlicensed lending RA 9474 § 13 6 mo–10 yr + ₱10 k–₱50 k
Simulation of official title / use of fake subpoenas RPC Arts. 177, 171 Arresto mayor to prisión correccional
Grave threats / cyber-threats RPC Art. 282 / RA 10175 §6 Up to 12 yr
Libel / cyber-libel RPC Art. 355 / RA 10175 §4(c)(4) Up to 8 yr
Unlawful processing of personal data DPA § 25-34 Up to 7 yr + ₱5 million

7. Enforcement Milestones (2019-2025)

  • 2019 Q4: SEC shutters 65 unregistered OLAs; first-ever MC 19-2019 fines imposed.
  • 2020 Q2: NPC issues landmark CDO vs Fynamics for phone-book scraping.
  • 2021 Q3: SEC publishes “List of 3,011 blacklisted apps” and launches e-Search portal.
  • 2022: RA 11765 signed (6 May 2022); SEC Consumer Protection and Market Integrity Division (CPMID) created.
  • 2023 Q4: First FPSCPA case—₱12 million restitution order vs FastPeso Lending, Inc. for undeclared penalties.
  • 2024: Joint BSP-SEC Fintech Sandbox repealed; replaced by separate “DIY-sandbox” regimes (SEC MC 1-2024).
  • 2025 Q1: Court of Appeals affirms SEC revocation of Realm Shifters Lending, Inc.; defines “repetitive data-privacy breach” as fraudulent conduct under § 6(i), Securities Regulation Code.

8. Remedies for Borrowers

  1. Regulatory complaint

    • SEC CGFD / CPMID: Online or walk-in; attach screenshots, contracts, call recordings.
    • NPC: For privacy violations—use the Online Complaint Management System.
    • BSP Consumer Assistance Mechanism (CAM): If the lender is a bank, EMI, or pawnshop.

  2. Civil action

    • Small Claims (A.M. 08-8-7-SC, as amended): Up to ₱400 k; harassment damages are recoverable.
    • Ordinary action for nullity of unconscionable interest under Arts. 1229 & 1956 Civil Code.

  3. Criminal complaint

    • PNP Anti-Cybercrime Group or NBI Cybercrime Division.

  4. Alternative dispute mechanisms under SEC Memorandum Circular 6-2023 (mandatory mediation for monetary claims ≤ ₱2 million).

9. Compliance Checklist for Legitimate OLAs

Item Minimum standard (2025)
Corporate/CA status CA number displayed on app store listing & in-app “About” page
KYC & AML BSP Circular 1108 (digital onboarding)
Rate disclosure APR/EIR + sample amortization table before sign-up
Consent Granular toggles (contacts, camera, location) with “Decline” option
Collection policy Internal manual aligned with MC 19-2019; staff training records
Data-retention Auto-deletion after 5 years or 1 year after full settlement, whichever is shorter
Grievance redress Live human hotline; response within 2 business days

10. Future Outlook

  • Pending bills. Senate Bill 2287 (Interest-Rate Regulation Act) seeks a 24 % APR nationwide cap. House Bill 7764 proposes criminalizing “debt-shaming” with penalties up to prisión correccional.
  • Reg-Tech integration. The SEC will pilot its API-based “FinData” portal in late 2025, enabling real-time monitoring of loan portfolios and collection messages.
  • Cross-border enforcement. A 2024 MOU between the NPC and Singapore’s PDPC allows data-breach evidence sharing, a response to OLAs migrating servers offshore.

11. Practical Tips for Consumers

  1. Verify before you borrow. Check the SEC’s List of Registered Online Lending Platforms—updated every Friday.
  2. Screen-record abusive calls. One-party consent applies; recordings are admissible under the Rules on Electronic Evidence.
  3. Send a cease-and-desist email citing MC 19-2019 before escalating to regulators—many OLAs settle quickly.
  4. Negotiate interest. Courts often slash penalties to 6 % p.a. (the current legal interest) from the date of demand.

12. Conclusion

The Philippine legal environment has moved from laissez-faire to muscular intervention in just six years. Today, a mosaic of SEC circulars, privacy rules, consumer-protection statutes, and court precedents offers borrowers multiple shields against harassment and over-charging. Yet enforcement gaps persist, especially against offshore or “fly-by-night” apps. Vigilant regulators, informed consumers, and compliant fintech players must work in concert to ensure that digital credit remains both inclusive and just.

Disclaimer: This article is for informational purposes only and does not constitute legal advice or create an attorney-client relationship. Laws and regulations may change; consult counsel or the relevant regulator for specific guidance.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login