Online Lending Platform Registration Verification Philippines SEC

Here’s a comprehensive, practice-oriented explainer—written without web searches—on how to verify the registration and legitimacy of an Online Lending Platform (OLP) in the Philippines under SEC rules, plus what to do if something’s off. Where specific caps, forms, or memo numbers can change by issuance, I’ll flag them so you can double-check the current circular before you rely on an exact number.

Online Lending Platform Registration Verification (Philippines, SEC)

1) What “legit” means in PH lending

A consumer-facing online lending app is legitimate only if all of the following are true:

  1. There is a Philippine corporation behind the app (not just a brand or foreign shell).
  2. That corporation is registered with the SEC and holds an active Certificate of Authority (CA) to operate as a Lending Company (LC) or Financing Company (FC)—separate from its SEC Certificate of Incorporation.
  3. If it runs an online/app channel, the company has formally disclosed its online platforms/domain(s)/app(s) to the SEC (through the reportorial/registration process for OLPs) and follows online conduct rules (advertising, disclosures, debt-collection behavior, privacy, security).
  4. It complies with consumer disclosure rules (e.g., Truth in Lending Act requires clear disclosure of finance charges), data privacy rules (DPA), and anti-harassment standards for collections.
  5. It pays applicable taxes and keeps books/records the SEC or BIR can examine.

Working rule: No SEC CA = not allowed to lend to the public, even if the company is incorporated. A CA can also be suspended/revoked—so “once-licensed” isn’t the same as “currently authorized.”

2) The legal pillars you’re checking against (stable core)

  • Lending Company Regulation Act (LCRA; RA 9474) – requires SEC CA to engage in lending to the public; sets baseline governance and capital requirements for lending companies.
  • Financing Company Act (FCA; RA 8556, as amended) – similar regime for financing companies (often larger ticket/asset-based or installment finance).
  • Truth in Lending Act (RA 3765) – mandates clear cost-of-credit disclosure (finance charge, effective rate, fees) before consummation.
  • Data Privacy Act (RA 10173) – lawful basis, proportional collection, privacy notices, security, breach handling; no fishing of your phonebook/contacts without a lawful basis.
  • Cybercrime Prevention Act (RA 10175) – certain online threats, doxxing, libel, and system offenses may ride on top of lending abuses.
  • Anti-Money Laundering framework – lending/financing companies are treated increasingly like covered or monitored persons; many must implement KYC, report suspicious transactions, and retain records (verify the current coverage and thresholds for your exact entity type).
  • SEC Memorandum Circulars – cover OLP registration/reporting, in-app/online disclosures, advertising standards, prohibited debt-collection practices (e.g., harassment, public shaming, contacting uninvolved third parties), and periodic reports (GIS, AFS, lists of active apps/domains).
  • BSP e-payments rails – if the OLP integrates e-wallets or cards, those rails have chargeback/dispute processes you can trigger when there’s fraud or non-delivery.

(Exact minimum paid-in capital for LCs/FCs and some SEC form numbers can change—confirm the current figures if you need them for a compliance opinion.)

3) How to verify an online lender step-by-step (no special access needed)

A) Identity & corporate footprint

  • Company name (not just the app brand). Legit operators disclose:

    • Exact corporate name (as filed with SEC),
    • SEC Registration Number, and
    • SEC Certificate of Authority Number (LC/FC), with issue date or “valid/active” cue.

  • Registered office address in the Philippines and working landline (or official email) for complaints—not just a chat bot.

  • Directors/DPO contacts listed in privacy notices or policy pages.

B) Certificate of Authority (the non-negotiable)

  • Look for language like: “Certificate of Authority to Operate as a Lending Company (No. ___)” or the FC counterpart.
  • If the app only touts “SEC-registered corporation” but no CA, treat as red flag.
  • CA must be current (not expired, suspended, or revoked).

C) App/website mapping to the company

  • The Terms of Use and Privacy Policy should name the same PH corporation and list all domains/apps associated with lending.
  • Multiple brand names funneling to one entity can be fine—if that entity lists all those apps in its SEC filings and disclosures.

D) Pre-contract disclosure (Truth in Lending)

A legitimate OLP presents, before you agree:

  • Principal, finance charge, effective interest rate (EIR or APR),
  • All fees (service fees, processing, late charges, collection fees),
  • Repayment schedule with due dates,
  • Cooling-off/cancellation rules if any,
  • Total amount payable. If these are missing or buried in dark-pattern popups, that’s a compliance risk.

E) Collections behavior (bright-line rules)

The following practices are typically prohibited by SEC circulars and general law:

  • “Debt shaming” (posting your debt in social media/GCs, contacting your employer/family unrelated to the loan).
  • Threats, obscene language, doxxing, or public exposure of personal data.
  • Unconsented scraping of your phonebook and mass texts to your contacts.
  • Harassment via calls/messages at unreasonable hours or volume. A single, polite reminder is normal; a barrage or shaming campaign is not.

F) Data privacy hygiene

  • Privacy Notice should state: what data are collected, why, retention, sharing (e.g., to credit bureaus), cross-border transfers, your data-subject rights, and the DPO contact.
  • Permissions: The app should not require your contact list, gallery, or microphone unless clearly necessary and consented; camera access only for KYC.
  • Erasure: There should be a clear path to close your account and request deletion when lawful.

4) “Lending” vs “Financing” vs “Broker/Aggregator”

  • Lending Company (LC) – lends own funds to the public. Needs SEC CA (LC).
  • Financing Company (FC) – purchases receivables, provides installment/asset financing; also needs SEC CA (FC).
  • Loan Broker/Lead Generator – matches borrowers with LCs/FCs, may not lend own funds. Must be transparent about who the actual lender is and not misrepresent itself as a licensed lender. If it collects payments or handles data, it carries privacy and consumer obligations.

5) Quick red-flag checklist (walk away if you see 3+)

  • □ No SEC CA number displayed (only “SEC-registered”).
  • □ App demands phonebook/gallery access to proceed.
  • No pre-contract finance charge/total cost disclosure.
  • Withdrawals/repayments routed to personal bank/e-wallet accounts (not in company name).
  • Harassing or shaming collection scripts; threats of arrest over civil debt.
  • □ Brand changes every few months; no stable company identity.
  • □ Terms say disputes governed by foreign law despite PH targeting.
  • □ “New borrower 0%” but hidden processing fees make the cost non-zero.

6) Borrower rights & protections (what you can insist on)

  • Clear, written disclosure of total cost (RA 3765).
  • Privacy rights: access, rectification, objection, erasure, and complaint to the NPC.
  • Fair collection: no public shaming, threats, or third-party harassment.
  • Receipts/ledgers: exact statements of payments and balances.
  • Dispute channels: working helpdesk, and escalation path identified in the policy.

7) What to do if something’s wrong (parallel tracks)

A) With the lender

  • Lodge a formal complaint via its official channel; ask for a ticket/reference and a timeline for resolution.
  • Request full statements, a copy of the executed loan agreement, and the legal basis for any disputed fees.

B) With regulators/authorities

  • SEC (corporate/consumer protection) – report unlicensed lending, use of undeclared apps, abusive collection, misleading ads. Attach screenshots, loan docs, receipts, call recordings (if lawful), and the app package/URL.
  • National Privacy Commission (NPC) – for phonebook scraping, doxxing, mass messages to contacts, or refusal to erase when lawful.
  • Law enforcement – for threats, extortion, identity theft, or harassment that crosses into crimes (cyber libel, grave threats/coercion).
  • BSP-linked rails/card networks – dispute unauthorized debits or billing errors through your e-wallet/bank/card chargeback processes (mind strict timelines).

C) In court (if needed)

  • Small Claims for refund of unlawful fees or damages within the small-claims ceiling (no lawyer required).
  • Injunction/TRO if the lender is actively publishing your data or harassing third parties—ask the court to order a cease and data takedown.
  • Civil damages under Civil Code Arts. 19/20/21/26 for privacy invasion and abusive practices.

8) Clean templates you can reuse

(1) Email to verify SEC authority

Subject: Verification of SEC Certificate of Authority (OLP) Hello, please confirm:

  1. Corporate name and SEC Registration No.
  2. Certificate of Authority number (LC/FC) and current status;
  3. Official list of apps/domains you operate for lending;
  4. DPO contact and privacy notice link. I’m a PH resident and will rely on your response in deciding whether to proceed.

(2) Demand to stop abusive collection/privacy breach

Subject: Cease Unlawful Collection Practices / Data Disclosure Your representatives have [describe conduct]. This violates debt-collection and privacy rules. Cease immediately, limit communications to my number/email during business hours, and confirm in writing within 48 hours. I will escalate to SEC and NPC with evidence if this continues.

(3) Data-Subject Rights request (DPA)

Subject: Exercise of Data Rights—Access/Erasure Please provide: (a) the personal data you hold about me; (b) the lawful basis for processing; (c) recipients and retention; and (d) erase/block data no longer necessary. Kindly reply within your lawful period. DPO: please acknowledge receipt.

9) For founders/compliance teams (how to stay clean)

  • Get the right license (LC or FC) before going live; keep CA current.
  • Register/notify your apps/domains; keep the list updated.
  • Truth in Lending: show total cost clearly; no dark patterns.
  • Collections SOP: ban shaming; train agents; record and audit calls.
  • Privacy program: appoint a DPO, run PIAs, minimize data, restrict permissions, secure storage, and set a breach plan.
  • KYC/AML appropriate to product—document thresholds and screening.
  • Keep records & file reports (AFS/GIS/other SEC filings) on time.

10) Bottom line

  • A legitimate PH online lender is more than a pretty app—it’s a Philippine corporation with an active SEC Certificate of Authority and declared online channels, operating under disclosure, privacy, and fair-collection rules.
  • No CA or abusive conduct = walk away and report.
  • If you’re already entangled, run parallel remedies: lender complaint → SEC and NPC filings → payment-rail disputes → civil/criminal action when necessary.

If you want, I can turn this into a 1-page due-diligence checklist for borrowers, plus ready-to-send emails (license verification, DPO rights request, cease-and-desist for shaming) that you can fill with your details.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login