Proper Agency to File Complaints Against Online Lending Apps Philippines

1) Why “the proper agency” depends on the violation

Online lending apps (OLAs) can violate the law in different ways—operating without authority, charging undisclosed fees, harassing borrowers, or misusing personal data. In the Philippines, there is no single “super-agency” for all OLA problems. The correct forum depends on (a) what the app did and (b) what kind of financial provider it is.

A practical rule:

  • Regulator complaints stop or penalize the business (license, registration, administrative sanctions).
  • Privacy complaints address data misuse (contacts scraping, doxxing, unlawful disclosure).
  • Law enforcement / prosecutor complaints address crimes (threats, coercion, cyber offenses, defamation).
  • Civil cases seek injunctions and money damages.

2) First step: identify what kind of lender you’re dealing with

Before filing, determine whether the app is:

  1. An SEC-regulated lending/financing company using an online platform, or
  2. A BSP-supervised financial institution (e.g., bank/digital bank, certain regulated non-banks), or
  3. A cooperative (often regulated by CDA), or
  4. A pure scam (no legitimate registration and often quickly disappears).

Why this matters: the primary regulator changes, and filing with the wrong agency can waste time.

3) The core agencies and what each one handles

A. Securities and Exchange Commission (SEC)

When SEC is the proper agency

File with the SEC when the online lending app is run by a:

  • Lending company or financing company, including those operating through websites or mobile apps; and/or
  • Entity suspected of operating an OLA without proper SEC authority.

What SEC complaints typically cover

  • Illegal operation / no authority as a lending/financing company.

  • Unregistered online lending platform/app used by an SEC-registered lending/financing company.

  • Unfair or abusive debt collection practices, such as:

    • Harassment, threats, obscene or insulting messages
    • Shaming/defamation tactics
    • Contacting your phonebook/contacts and disclosing your loan
    • Repeated calls/texts at unreasonable hours
    • Misrepresentation (posing as law enforcement/courts)

  • Misleading disclosures about fees, interest, penalties, or total cost.

  • Violations of SEC rules governing lending/financing companies and their online lending platforms.

What SEC can do (typical outcomes)

  • Investigate and require the company to explain.
  • Impose administrative sanctions (fines, suspensions, revocation).
  • Order corrective actions and, in appropriate cases, pursue enforcement against non-compliant operators.

Use SEC when the problem is fundamentally “this lender/app is operating as a lending/financing business wrongfully or abusively.”

B. Bangko Sentral ng Pilipinas (BSP)

When BSP is the proper agency

File with the BSP when the online credit product is offered by a BSP-supervised financial institution, such as:

  • Banks (including digital banks)
  • Certain regulated non-bank financial institutions under BSP supervision
  • BSP-supervised e-money issuers (depending on the product and entity)

What BSP complaints typically cover

  • Financial consumer protection issues involving BSP-supervised entities
  • Unfair treatment, mishandling of complaints, improper disclosures, unauthorized transactions (where applicable)
  • Issues tied to BSP-regulated operations (depending on the institution)

Use BSP when the lender is a bank/digital bank or another BSP-supervised entity. If the “app” is merely a front-end but the lender is a BSP-supervised institution, BSP is often the primary regulator for consumer complaints.

C. National Privacy Commission (NPC)

When NPC is the proper agency

File with the NPC when the harm involves personal data misuse, especially common in OLA harassment patterns.

NPC complaint triggers commonly seen in OLA cases

  • The app accessed your contacts, photos, files, or device data beyond what is necessary or without valid consent.
  • The lender/collector texted/called your contacts and disclosed your debt.
  • Posting your personal information online (doxxing) or circulating it in group chats.
  • Using your personal data for shaming, threats, or coercion.
  • Processing personal data without a lawful basis or without meeting transparency requirements.

What NPC can do

  • Investigate privacy violations and require explanations and compliance measures.
  • Issue orders and impose administrative penalties under the Data Privacy Act framework (depending on findings and the applicable enforcement regime).
  • Provide a formal venue to establish that data processing and disclosure were unlawful.

Use NPC when the complaint is “they abused my personal data,” even if you also file with SEC and/or law enforcement.

D. PNP Anti-Cybercrime Group (PNP-ACG) and NBI Cybercrime Division

When law enforcement is the proper agency

Go to PNP-ACG or NBI Cybercrime when the OLA conduct may be a crime, including online/ICT-enabled acts.

Common criminal angles in OLA situations

  • Threats (e.g., threats of harm, threats to ruin your reputation, threats to expose private information).
  • Coercion/extortion-like behavior (forcing payment through intimidation or threats).
  • Identity-related offenses (using your identity, fake accounts, impersonation).
  • Cyber-enabled defamation (public shaming posts, false accusations online).
  • Unauthorized access or hacking behavior (rare but possible).

What these agencies do

  • Receive complaints and evidence.
  • Conduct cyber tracing/investigation, preserve digital evidence, and prepare for referral to prosecutors.
  • Assist in identifying perpetrators and building a case file fit for prosecution.

Use PNP-ACG/NBI when there is credible criminal behavior—especially threats, coercion, organized harassment, or online posting of defamatory content.

E. Office of the City/Provincial Prosecutor (DOJ prosecution)

When the prosecutor is the proper agency

A criminal case ultimately needs to be filed for evaluation and prosecution through the Office of the Prosecutor (city/provincial), typically via a complaint-affidavit with attachments.

When to go straight to the prosecutor

  • Serious threats, repeated coercion, or coordinated harassment
  • Public shaming posts and doxxing
  • You already have sufficient evidence and want formal criminal proceedings

Often, people first report to PNP/NBI for assistance and then file with the prosecutor, but direct filing can be appropriate depending on readiness and urgency.

F. Courts (civil actions)

When a civil case is the proper route

Civil cases are appropriate when you need:

  • An injunction to stop continuing harassment or unlawful acts;
  • Damages for injury (financial loss, emotional distress under appropriate legal grounds);
  • Relief tied to violations of rights that persist even if regulators impose sanctions.

Civil actions can be pursued alongside administrative and criminal routes, depending on circumstances.

G. Cooperative Development Authority (CDA) and Insurance Commission (IC) — situational regulators

CDA (Cooperatives)

If the “lending app” is operated by or is actually a cooperative lending program, the CDA may be relevant for regulatory/administrative issues.

IC (Insurance-related add-ons)

If the issue is about insurance bundled with the loan (credit life, loan protection) and the dispute is against an insurer/intermediary, the Insurance Commission may be relevant—but this is not the main regulator for the lending conduct itself.

4) A practical “Where do I file?” decision guide

Scenario 1: “The app is harassing me / shaming me / calling my contacts”

File with:

  • SEC (unfair collection practices, misconduct of lending/financing company or OLP)
  • NPC (personal data misuse, contacting third parties, disclosure of your debt)
  • PNP-ACG or NBI Cybercrime and/or Prosecutor (if threats/coercion/defamation are present)

Scenario 2: “The lender is not registered / looks like an illegal OLA”

File with:

  • SEC (primary for lending/financing company authority and OLP issues)
  • PNP-ACG/NBI (if it also looks like a scam operation or involves cyber offenses)

Scenario 3: “The lender is a bank/digital bank (or clearly BSP-supervised)”

File with:

  • BSP (consumer complaint/regulatory handling)
  • NPC (if personal data misuse is involved)
  • PNP-ACG/NBI/Prosecutor (if criminal threats/harassment occur)

Scenario 4: “They posted my name/photo and called me a criminal on social media”

File with:

  • PNP-ACG/NBI Cybercrime and/or Prosecutor (possible cyber-enabled defamation and related crimes)
  • NPC (if personal data disclosure is unlawful)
  • SEC (if the actor is an SEC-regulated lender using prohibited collection tactics)

Scenario 5: “They keep texting my employer/family and disclosing my loan”

File with:

  • NPC (privacy and unlawful disclosure)
  • SEC (collection misconduct if SEC-regulated lending/financing company)
  • Prosecutor (if coercive/threatening)

Scenario 6: “Hidden charges / unclear total cost / misleading terms”

File with:

  • SEC (if lending/financing company/OLP)
  • BSP (if BSP-supervised institution)
  • Consider civil action if damages are substantial and persist

5) Barangay conciliation: when it applies (and when it usually doesn’t)

Many neighbor-type disputes require barangay conciliation before court under the Katarungang Pambarangay system. OLA disputes often involve:

  • Corporate entities,
  • Parties in different cities/provinces,
  • Or issues better handled by regulators and prosecutors.

Barangay conciliation may be procedurally irrelevant in many OLA cases, but it can still be used for local peace-and-order intervention if collectors are physically present in your area. For formal regulatory/criminal actions against OLAs, barangay processes are usually not the main path.

6) What to prepare before filing (evidence checklist)

Stronger complaints are specific, documented, and organized. Prepare:

Identity and account proof

  • Your ID (as required for affidavits/complaints)
  • Screenshots of the app profile/account and loan details
  • Any e-contracts, disclosures, promissory note, terms, repayment schedule

Harassment and misconduct proof

  • Screenshots of SMS, chat messages, emails
  • Call logs (date/time/frequency)
  • Names/handles/phone numbers used
  • Screenshots of social media posts (with URL/time if possible)
  • Statements from contacts who were called/texted (screenshots from them)

Data privacy proof

  • Screenshots showing the app requesting permissions (contacts/files/photos/camera/location)
  • Proof that contacts were messaged and what was disclosed
  • Evidence of personal data posted/shared

Payment and financial proof

  • Proof of payments (receipts, e-wallet confirmations, bank transfers)
  • Collection demands showing alleged balances, fees, penalties
  • Computation showing discrepancies (principal vs. fees vs. interest vs. penalties)

A clear incident timeline

  • A chronological log: date, what happened, who did it, what platform/number, impact on you.

7) Filing mechanics (what “a complaint” usually looks like)

Different agencies accept different formats, but generally:

For SEC (administrative complaint)

  • A written complaint statement with facts, dates, and the relief requested
  • Attachments (screenshots, loan documents, payment proof)
  • Identification of the company/app name and any known corporate details

For NPC (privacy complaint)

  • A complaint narrative focusing on what data was collected/used/disclosed, how, without lawful basis, and harm caused
  • Evidence showing processing and disclosure
  • Where possible, copies of communications sent to third parties

For PNP-ACG/NBI and Prosecutor (criminal complaint)

  • A complaint-affidavit (often notarized), plus supporting affidavits (e.g., from contacts/employer if they were contacted)
  • Evidence attachments arranged and labeled
  • For cyber-related matters, preservation of original digital files is helpful

8) Special cautions that matter in OLA cases

A. Be careful about recording phone calls

Philippine law on private communications can create risk for secretly recording calls. Safer evidence is often:

  • Written messages, screenshots, call logs, witness statements, and official reports. If recording is considered, obtaining clear consent reduces legal risk.

B. Do not retaliate with public shaming

Posting collectors’ names/numbers online can backfire through defamation and privacy counterclaims. Focus on regulator and law-enforcement channels.

C. Expect “rotating numbers” and fake identities

Many abusive collectors use changing SIMs and accounts. Preserve every instance; patterns matter.

D. Administrative and criminal routes can run in parallel

It is common to:

  • File with SEC to address the lender’s authority and collection practices,
  • File with NPC for data misuse,
  • File with PNP/NBI/Prosecutor for threats/coercion/online defamation.

9) What each agency is best at (strategic view)

  • SEC: stopping or sanctioning abusive or illegal lending/financing operations and their online platforms.
  • BSP: consumer complaints against BSP-supervised financial institutions.
  • NPC: data misuse—contacts scraping, disclosure to third parties, doxxing, unlawful processing.
  • PNP-ACG/NBI + Prosecutor: threats, coercion, cyber-enabled harassment/defamation, identity-related crimes—building criminal cases.
  • Courts: injunctions and damages, especially when harm is ongoing and needs enforceable court orders.

Summary

For online lending app complaints in the Philippines, the “proper agency” is determined by the nature of the misconduct and the lender’s regulatory status: SEC for lending/financing companies and online lending platforms (including abusive collection and illegal operation), BSP for BSP-supervised institutions, NPC for personal data misuse, and PNP-ACG/NBI plus the Prosecutor for criminal conduct such as threats, coercion, cyber-enabled harassment, and online defamation—while civil courts handle injunctions and damages where needed.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login