ONLINE LENDING DEBT HARASSMENT IN THE PHILIPPINES A 2025 Legal Primer
1. Why the Issue Matters
The pandemic-driven explosion of mobile “cash-loan” apps gave millions of Filipinos instant credit—but it also unleashed an epidemic of abuse: contact-list scraping, public shaming group chats, deep-fake threats, and aggressive field collectors pounding on doors. By April 2025 the SEC had already booted more than 500 lending companies off its register and ordered Google to delist another 33 unlicensed apps from Play Store (Inquirer Business, ABS-CBN). Complaints of privacy violations tied to OLAs (online lending apps) now make up roughly one-third of all cases before the National Privacy Commission (NPC) (National Privacy Commission).
2. Core Statutes Governing Online Lending & Collections
| Cluster | Legal Basis | Key Take-aways |
|---|---|---|
| Licensing & Prudential | Financing Company Act (RA 8556) & Lending Company Regulation Act (RA 9474) | SEC Certificate of Authority required before any entity—online or offline—may lend to the public. |
| Consumer Market-Conduct | Financial Products and Services Consumer Protection Act (FPSCPA, RA 11765, 2022) | Empowers SEC/BSP/IC/CDA to issue cease-and-desist orders, disgorge profits, or fine violators up to ₱10 M; also gives regulators adjudicatory power over claims ≤ ₱10 M (ACCRALAW). |
| Unfair Collection | SEC Memorandum Circular (MC) 18-2019 | Black-lists specific tactics—e.g., obscene language, threats of violence, public posting of borrower data, calls before 6 a.m. or after 10 p.m.—and scales penalties up to license revocation (Credit Information Corporation). |
| Platform Registration & Moratorium | SEC MC 10-2021 | Imposes a moratorium on new lending apps; each APK/TestFlight build must be separately approved, or the app is illegal (Inquirer Business). |
| Data Privacy | Data Privacy Act (RA 10173) plus NPC Circular 20-01 (2020) & Circular 2022-02 (amendments) | Requires purpose-specific, proportional data collection; bans “contact-harvest-to-harass.” NPC may impose ₱5 M per violation or a temporary processing ban (National Privacy Commission, National Privacy Commission). |
| Interest--Fee Caps | BSP Circular 1133-2021 (small-value loans 6 %/15 %/5 % cap trio) & BSP Memo M-2020-072 (credit-card 24 % p.a., later 36 % p.a.) | SEC enforces the same caps on its supervised lenders via MC 3-2022 (Respicio & Co., RESPICIO & CO.). |
| Criminal Back-stop | Revised Penal Code (grave threats Art. 282, unjust vexation Art. 287, libel Art. 353 ff.), Cybercrime Prevention Act (RA 10175), VAWC (RA 9262), Safe Spaces Act (RA 11313) | Harassment that includes threats, defamation, or gender-based online violence may trigger criminal liability (Respicio & Co.). |
3. How “Harassment” Is Defined by the Regulators
| SEC MC 18-2019 – Prohibited Debt-Collection Acts (Credit Information Corporation) |
|---|
| ✖ Use of profane, obscene or insulting language |
| ✖ Threats of violence or damage to person/property |
| ✖ Public posting or group-chat shaming of a borrower’s personal data |
| ✖ False representation as a law-enforcement officer, court official, or attorney |
| ✖ Continuous calls/texts before 06:00 or after 22:00 without written consent |
| ✖ Contacting anyone in the borrower’s phonebook except guarantors/co-makers |
First offense carries a ₱25 k–₱50 k fine; third offense can mean a ₱1 M penalty plus revocation of the Certificate of Authority.
NPC Circular 20-01 mirrors this list for data-privacy purposes and outlaws the “contact-list permission as a pre-condition to apply” flow common to many OLAs (National Privacy Commission).
4. Enforcement Snapshot (2021-2025)
- License revocations: 547 lending companies struck from the SEC register since 2019, with dozens more under CDO (cease-and-desist order). (SEC Appointment)
- Store takedowns: Google now vets every Philippine-facing finance APK against the SEC’s “white-list” before Play Store listing (GMA Network).
- Privacy sanctions: 2023 NPC decision In re Populus Lending (Pesopop) upheld a temporary ban on data processing after finding forced contact-harvesting ; a similar order (January 2024) against JuanHand followed (National Privacy Commission).
- Criminal arrests: PNP Anti-Cybercrime Group regularly serves cyber-libel and grave-threats warrants against rogue collectors (Facebook, Facebook).
5. Borrower Remedies—Step-by-Step
- Document the conduct. Keep screenshots of text threads, call logs, and abusive group-chat posts.
- File with the SEC (Corporate Governance and Finance Dept., cgfd@sec.gov.ph) for any violation of MC 18-2019/MC 10-2021.
- File with the NPC via complaints@privacy.gov.ph if the app scraped contacts, disclosed personal data, or processed information without valid consent.
- Report to PNP-ACG/NBI-CCD for threats, libel or identity-theft elements (RPC + RA 10175).
- Consider civil damages under Civil Code Arts 19-21 & 26 (abuse of rights and privacy), or under RA 11765’s adjudicatory track (claims ≤ ₱10 M). Barangay conciliation (RA 7160) is optional but may speed up low-value claims (Respicio & Co.).
6. Compliance Checklist for Lenders & Their 3ᴿᴰ-Party Collectors
| Must-Have | Source |
|---|---|
| SEC Certificate of Authority and individual approval for each app (MC 10-2021) | (Inquirer Business) |
| Board-approved “Fair Debt Collection Manual” aligned with MC 18-2019 | (Credit Information Corporation) |
| Privacy Impact Assessment + purpose-specific consent flow (NPC 20-01/22-02) | (National Privacy Commission, National Privacy Commission) |
| Consumer assistance unit & single-hotline rule (RA 11765, IRR) | (ACCRALAW) |
| Interest & fee schedules within BSP caps, disclosed in-app and in loan contract | (Respicio & Co.) |
7. Pending Legislative & Policy Developments
- Senate Bill No. 2407 seeks to criminalize doxxing-based debt collection with penalties of prision correccional and fines up to ₱500 k (Sen. Gatchalian press statement, 23 Apr 2025) (Philippine Information Agency).
- SEC draft MC on “Buy-Now-Pay-Later” (BNPL) will extend MC 18-2019 collection rules to zero-interest pay-later merchants (public consultation closed May 2025).
- NPC “Guidelines on Admin Fines” (2024) introduce tiered penalties up to 5 % of gross annual turnover for repeat privacy offenders (National Privacy Commission).
8. Practical Tips for Borrowers
- Check the SEC white-list at checkwithsec.sec.gov.ph before installing an app.
- Never grant contact or storage permission unless genuinely necessary; legit apps cannot require it.
- Send a written “cease & desist” email citing MC 18-2019 if harassment begins—this often helps later to prove bad faith.
- If threats escalate (e.g., “posting nude edits” or “sending police to your workplace”), go straight to PNP-ACG with your evidence bundle.
9. Conclusion
Philippine law now offers a layered defense against predatory digital lenders: administrative teeth (SEC & NPC), monetary caps (BSP), and criminal back-stops (RPC & RA 10175). Yet enforcement remains reactive; borrowers must still be proactive in gathering evidence and invoking the correct forum. As regulators push fresh rules (BNPL, higher privacy fines) and Congress mulls stiffer criminal penalties, the compliance bar for fintech credit will only rise.
This primer is for information only and does not constitute legal advice. Consult counsel for advice on specific situations.