Prohibition on Harassment by Online Lending Companies

Prohibition on Harassment by Online Lending Companies in the Philippines: A Comprehensive Legal Guide

1. Background and Policy Rationale

The rapid growth of mobile-app-based and social-media-driven lending in the Philippines has produced convenient access to micro-credit—but also spawned abusive collection tactics: public shaming, doxxing, threats, obscene calls, and the misuse of phone-book contacts. Regulators responded by weaving together consumer-protection, data-privacy, and financial-sector laws to outlaw harassment and give borrowers concrete remedies.

2. Key Regulatory and Statutory Sources

Instrument Issuing Body Core Coverage
Securities and Exchange Commission (SEC) Memorandum Circular No. 18-2019 (“Prohibition on Unfair Debt-Collection Practices of Financing and Lending Companies”) SEC Enumerates specific harassment acts; sets penalties and revocation triggers.
SEC Memorandum Circular No. 19-2019 SEC Registration and disclosure rules for online-lending platforms (OLPs); tie-in with MC 18.
Republic Act No. 11765 (Financial Products and Services Consumer Protection Act, 2022) Congress / multi-regulator enforcement (SEC, BSP, IC, CDA) Codifies the right to “equitable and fair treatment,” bans abusive collection across all financial products, increases fines, adds criminal liability.
Data Privacy Act of 2012 (RA 10173) & NPC circulars/advisories National Privacy Commission Prohibits unauthorized processing or disclosure of contacts, photos, messages, etc.; empowers NPC to order takedown of apps and impose hefty fines.
Revised Penal Code & Cybercrime Prevention Act (RA 10175) DOJ / courts Cyber-libel, grave threats, unjust vexation, coercion—often invoked when collectors post defamatory or threatening content online.
Special Penal Laws (e.g., Safe Spaces Act RA 11313) Various May apply if harassment is gender-based or sexually degrading.

3. SEC Memorandum Circular No. 18-2019 in Detail

3.1 Scope Applies to all lending and financing companies (LCs/FCs) and to their directors, officers, employees, agents, and third-party service providers—including call centers and collection agencies.

3.2 Definitions Harassment is any conduct intended to humiliate, abuse, or threaten a borrower or any third person in the course of collection. Borrower contact list means names/numbers scraped from a borrower’s device or social-media account.

3.3 Prohibited Acts (non-exhaustive):

  1. Use or threat of violence or other criminal means.
  2. Obscene, profane, or insulting language.
  3. Public shaming—posting or threatening to post personal data, photos, debts, or delinquency on social media or group chats.
  4. Contacting people in the borrower’s phonebook (other than guarantors/spouses) to disclose the debt or demand payment.
  5. Multiple daily contact: calling or sending more than once per day unless the borrower has actively responded.
  6. Calling between 10 p.m. and 6 a.m. without the borrower’s prior voluntary consent.
  7. Representation as a lawyer, prosecutor, or law-enforcement officer without authority.
  8. False threats of arrest, litigation, garnishment, or wage-deduction when such action has not yet been initiated.
  9. Any deceptive means to obtain information about the borrower or induce payment.

3.4 Penalties Corporate level

  • 1st offense: ₱25,000 fine
  • 2nd offense: ₱50,000
  • 3rd offense: revocation of Certificate of Authority to Operate (CA).

Individual level (directors, officers, employees):

  • ₱10,000-₱30,000 and/or imprisonment of 1-3 years under the Financing Company Act and Lending Company Regulation Act.

4. Integration with the Financial Consumer Protection Act (RA 11765)

Enacted 6 May 2022, RA 11765:

  • Grants the SEC explicit power to issue cease-and-desist orders (CDOs), restitution directives, and fines up to ₱2 million plus ₱100,000 per day of continuing violation (indexed to inflation).
  • Recognizes abusive collection, intimidation, and harassment as forms of “conduct of business that is unconscionable, unfair or dishonest,” exposing violators to criminal penalties of up to ₱2 million and/or 5 years imprisonment.
  • Establishes Alternative Dispute Resolution mechanisms that borrowers may pursue before or instead of litigation.

5. Data Privacy Nexus

Online lenders often require borrowers to grant “all-contact” permissions. Under RA 10173:

  • Collecting excessive data (e.g., entire phonebook) fails the proportionality test.

  • Text-blasting relatives or co-workers is unauthorized processing and a ground for criminal prosecution (punishable by up to 6 years and ₱4 million).

  • The National Privacy Commission (NPC) has:

    • ordered 72 rogue lending apps shut down (2019-2024);
    • issued ₱10 million aggregate fines;
    • referred offenders to the DOJ for cyber-libel where appropriate.

6. Enforcement Practice & Jurisprudential Notes

  • SEC enforcement: Hundreds of CDOs and CA revocations (e.g., Fynamics Lending, Peso Tree, CashBee, 2019-2023) cite MC 18 violations and deceptive Facebook posts.
  • NPC decisions: NPC CID Case No. 18-044 (2019) declared scraping contacts without free, informed consent illegal; mandated deletion and 72-hour compliance reporting.
  • Courts: No Supreme Court decision squarely on OLP harassment yet, but trial courts have convicted collectors of grave threats and cyber-libel for group-chat shaming messages (e.g., People v. Espiritu, RTC Manila, 2022).
  • Administrative synergy: SEC and NPC signed a 2022 Memorandum of Agreement on joint enforcement; DICT and NTC assist in domain/app takedown.

7. Borrower Remedies

Forum Cause of Action Reliefs
SEC - CGFD/EIPD Violation of MC 18 or RA 11765 Cease-and-desist order, administrative fines, revocation of CA, mediation
NPC Unauthorized processing / disclosure of personal data Compliance order, ban of the app, administrative fines, criminal referral
Courts (civil) Damages under Art. 32 & 33 Civil Code, moral/ exemplary damages, injunction Monetary award; TRO or injunction vs. collector
Courts (criminal) Grave threats, unjust vexation, libel, cyber-libel Imprisonment and/or fine
Bangko Sentral & Barangay Mediation under Katarungang Pambarangay for small claims Settlement, payment plan

Tip: Keep screenshots, call logs, voice messages, and app permissions as evidence; file notarized complaints with SEC’s Electronic Complaint Monitoring System (eCMS) or NPC’s Complaints and Investigation Division.

8. Compliance Obligations of Online Lenders

  1. Register each online-lending platform under MC 19-2019; secure a separate CA for each app.
  2. Fair Collection Policy publicly disclosed in English and Filipino.
  3. Limit data collection to borrower identity, device ID, and selfie—not phonebook.
  4. Use consent-driven notifications; no contact outside 9 a.m.–9 p.m. unless borrower opts in.
  5. Keep detailed call logs for SEC audit for two years.
  6. Train staff and third-party collectors; adopt “mystery-call” monitoring.
  7. Designate a Data Protection Officer and register with NPC; conduct annual privacy impact assessments.
  8. Report to SEC within 10 days any third-party harassment incident and remedial actions.

9. Penalties Matrix (Post-RA 11765)

Violation First-level Fine Continuing Violation Criminal Exposure
MC 18 harassment (corporation) ₱25k–₱50k CA revocation on 3rd offense
MC 18 harassment (individual) ₱10k–₱30k 1–3 years imprisonment
Abusive collection under RA 11765 Up to ₱2 M ₱100k per day Up to 5 years
Data-privacy breach (malicious disclosure) ₱500k–₱2 M 3–6 years

10. Recent & Emerging Developments

  • 2024 SEC Draft Circular proposes raising corporate fines to ₱5 million and allowing public-interest litigation by NGOs on behalf of harassed borrowers.
  • House Bill 9312 seeks to criminalize contact harvesting explicitly, with penalties up to ₱10 million.
  • NPC-Apple/Google collaboration has delisted 370 apps lacking privacy-impact assessments.
  • Fintech Alliance codes now require member OLPs to embed AI-driven risk-based contact limits.

11. Practical Checklist for Consumers

  1. Read app permissions; deny contact-list access.
  2. Document everything—screenshots, caller IDs, chat threads.
  3. Send a written cease-and-desist notice citing MC 18; collectors who ignore it aggravate liability.
  4. Escalate to SEC via cgfd@sec.gov.ph; attach evidence.
  5. File a privacy complaint at NPC’s portal if contacts were scraped.
  6. Consider small-claims court for moral damages ≤₱400k (as of 2022 threshold).

12. Compliance Road-map for Legitimate Lenders

Adopt “Privacy-by-Design,” limit daily attempts, prohibit contact scraping, and invest in dignified digital reminders. A transparent loan-restructuring policy reduces delinquency without resort to harassment.

13. Conclusion

Philippine regulators now treat harassment by online lending companies as a multi-faceted offense: a breach of consumer-finance rules, a data-privacy violation, and often a crime. SEC Memorandum Circular 18-2019 remains the centerpiece, but RA 11765, the Data Privacy Act, and ordinary penal statutes reinforce the prohibition. Borrowers possess escalating remedies—administrative, civil, and criminal—while compliant lenders must re-engineer collection practices toward respectful, privacy-preserving engagement. The landscape continues to evolve, with higher fines and AI-assisted monitoring on the horizon. Staying abreast of these rules is therefore indispensable both for consumer protection and for sustainable fintech growth in the Philippines.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login