Registered Online Lending Apps in the Philippines

The rapid evolution of financial technology (Fintech) has revolutionized access to credit in the Philippines. Online Lending Applications (OLAs) or Online Lending Platforms (OLPs) have bridged the gap for the unbanked and underbanked populations. However, this rapid growth prompted the state to establish rigorous legal frameworks to curb predatory practices, protect consumer data, and ensure financial stability.

Under Philippine law, operating an online lending platform is a highly regulated activity requiring strict compliance with corporate, financial, and data privacy laws.

1. The Statutory Framework

The operations of online lending applications are primarily governed by two pieces of legislation, depending on the corporate structure of the provider:

  • Republic Act No. 9474 (Lending Company Regulation Act of 2007): Regulates individuals or entities engaged in granting loans from their own capital funds or from funds sourced from not more than 19 persons.
  • Republic Act No. 8556 (Financing Company Act of 1998): Regulates entities organized for the purpose of extending credit facilities to consumers or to industrial, commercial, or agricultural enterprises.

The Securities and Exchange Commission (SEC) is the primary regulatory body tasked with the registration, licensing, and oversight of these companies. Additionally, the Bangko Sentral ng Pilipinas (BSP) holds concurrent regulatory authority over interest rate ceilings and credit policies.

2. The Dual-Licensing Requirement

An online lending app cannot legally operate in the Philippines merely by deploying software on an app store. The SEC enforces a strict dual-licensing mandate:

  1. Certificate of Incorporation: The entity must be registered as a legitimate corporation with the SEC.
  2. Certificate of Authority (CA) to Operate as a Lending or Financing Company: This is a secondary license specifically authorizing the corporation to engage in lending activities.

SEC Memorandum Circular No. 19, Series of 2019

To prevent licensed corporations from operating unauthorized digital platforms, the SEC issued MC No. 19 (2019). This circular dictates that:

  • Lending and financing companies must explicitly register every OLP they operate with the SEC.
  • The OLP’s name, brand name, and operating platforms must be declared.
  • The corporation must display its Corporate Name, SEC Registration Number, and Certificate of Authority Number prominently on its website, advertisements, and within the OLA interface.

Legal Note: Operating an OLA without a Certificate of Authority, or operating an unregistered OLA under a licensed corporation, constitutes a violation of R.A. No. 9474 or R.A. No. 8556, rendering the operators subject to criminal prosecution and administrative fines.

3. Interest Rate Ceilings and Financial Caps

Historically, the Philippines followed a deregulated interest rate policy under BSP Central Bank Circular No. 905 (1982). However, due to systemic predatory pricing by digital lenders, the BSP intervened via BSP Circular No. 1133 (Series of 2021), effective January 2, 2022.

This circular imposes strict ceilings on interest rates and other charges for small-value, short-term unsecured loans granted by lending and financing companies and their OLPs:

Fee Category Maximum Allowable Cap
Nominal Interest Rate 6% per month (approximately 0.2% per day)
Effective Interest Rate (EIR)


(Includes interest, processing fees, service fees, and other charges) | 15% per month (approximately 0.5% per day) | | Late Payment Penalties / Charges | 5% per month on the outstanding principal amount due | | Total Cost Cap | 100% of the total amount borrowed (the total fees, interest, and penalties cannot exceed the principal) |

4. Fair Debt Collection Practices

Public outcry against "debt-shaming" led the SEC to promulgate SEC Memorandum Circular No. 18, Series of 2019, which defines and prohibits unfair debt collection practices.

Lending institutions and their third-party collection agencies are strictly prohibited from engaging in the following conduct:

  • Threats and Violence: Using or threatening physical violence or bodily harm against the debtor, their reputation, or their property.
  • Profanity and Insults: Utilizing obscene, profane, or abusive language to humiliate the borrower.
  • Disclosure and Shaming: Publishing or threatening to publish a list of debtors, or contacting the borrower’s contact list (friends, family, employers) without explicit consent, for the purpose of shaming them.
  • Misrepresentation: Falsely asserting that the collector is an attorney, a court officer, or a government agent, or misrepresenting that the debtor will face immediate imprisonment (as the Philippine Constitution explicitly prohibits imprisonment for non-payment of a debt, save for fraudulent schemes involving bouncing checks under B.P. Blg. 22 or Estafa under the Revised Penal Code).
  • Unreasonable Hours: Contacting the borrower before 6:00 AM or after 10:00 PM, unless the borrower has given prior consent.

5. Data Privacy and Cyber-Compliance

Online lending apps routinely require access to a user’s mobile device. This intersection of fintech and personal data is heavily regulated by Republic Act No. 10173 (Data Privacy Act of 2012) and enforced by the National Privacy Commission (NPC).

NPC Circular No. 20-01

Issued specifically to address online lending applications, this circular outlines the data processing limitations for OLAs:

  • Prohibition on Contact List Harvesting: OLAs are strictly prohibited from downloading or harvesting a borrower's entire phone contact list.
  • Prohibition on Excessive Permissions: Apps cannot require access to a phone’s camera, gallery, files, or location unless it is strictly necessary for identity verification ("Know Your Customer" or KYC) and the user has provided explicit, granular consent.
  • Purpose Limitation: Data collected for credit scoring or verification cannot be repurposed for harassment or unauthorized marketing.

6. Verification and Due Diligence

For legal practitioners, consumer advocates, and the public, verifying the legitimacy of an OLA is a critical preventative measure. The SEC maintains an updated public registry on its official website divided into:

  1. Lending Companies with Certificates of Authority
  2. Financing Companies with Certificates of Authority
  3. List of Regulated/Registered Online Lending Platforms

If an app is operating but its parent corporation or specific app name is absent from these official lists, it is classified as an unregistered/illegal OLA.

7. Remedies Against Violating or Unregistered OLAs

When an OLA violates the aforementioned laws, victims and legal representatives have access to several regulatory and administrative remedies:

  • SEC Enforcement and Investor Protection Department (EIPD): For filing complaints regarding unauthorized operations, violating interest rate caps, or violating MC No. 18. The SEC routinely issues Cease and Desist Orders (CDOs) and revokes Certificates of Authority for non-compliant entities.
  • National Privacy Commission (NPC): For filing complaints regarding data breaches, unauthorized contact accessing, and digital harassment. The NPC has the power to order the shutdown of apps and recommend the criminal prosecution of data privacy violators.
  • PNP Anti-Cybercrime Group (PNP-ACG) / NBI Cybercrime Division: For instances involving blackmail, extortion, or grave threats perpetrated by OLA collectors, violating the Cybercrime Prevention Act of 2012 (R.A. No. 10175).

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login