Report Lending App Harassment Revoke License Philippines

REPORTING LENDING-APP HARASSMENT & REVOCATION OF LICENSES IN THE PHILIPPINES (A practitioner-oriented legal overview — updated to July 16 2025)

Abstract

The explosive growth of “instant-cash” mobile lending platforms in the Philippines since 2018 has been shadowed by a marked rise in abusive collection tactics: doxxing, public shaming, threats, and unauthorized contact-list scraping. This article distills all material Philippine law and procedure relevant to (1) reporting harassment by a lending app and (2) the administrative process for suspension or revocation of that app’s authority to operate. It is written for lawyers, compliance officers, consumer-protection advocates, and borrowers who need a one-stop reference.

Table of Contents

  1. Regulatory Map
  2. Core Statutes & Regulations
  3. Harassment: What Conduct Is Illegal?
  4. Step-by-Step: How a Borrower (or Advocate) Reports Abusive Apps
  5. SEC Enforcement: From Show-Cause Order to License Revocation
  6. Parallel Liability Under Data-Privacy, Cybercrime & Penal Laws
  7. Civil Remedies & Class Actions
  8. Key Cases & Administrative Precedents (2019 – 2025)
  9. Practical Compliance Checklist for Lending Platforms
  10. Future Developments & Pending Bills
  11. Takeaways & Practitioner Tips

1 | Regulatory Map

Regulator Jurisdiction Powers most relevant to lending-app abuse
Securities and Exchange Commission (SEC) All non-bank lending and financing companies (RA 9474 & RA 8556); online lending platforms (OLPs) registered as “business names” Issue Certificate of Authority (CA); inspect, subpoena, fine up to ₱1 M per violation plus ₱10 k/day; impose cease-and-desist orders (CDOs); suspend or revoke CA after hearing; recommend criminal prosecution
Bangko Sentral ng Pilipinas (BSP) Banks, quasi-banks, EMI/e-wallets & “Buy-Now-Pay-Later” entities under RA 11765 Issue supervisory fines, consumer restitution, or conservatorship; license revocation for BSP-supervised entities
National Privacy Commission (NPC) Data-processing activities under RA 10173, incl. contact-list scraping Compliance orders, ₱5 M fine per violation, temporary or permanent ban on processing; criminal referral
Department of Trade & Industry (DTI) Trade practice & sales promotion schemes Admin fines (₱300 k/device/day) & closure of establishments
PNP Anti-Cybercrime Group / NBI-CCD Criminal investigation of threats, libel, cyber-extortion, voyeurism Arrest, digital forensic preservation; coordinate with DOJ-OCC
National Telecommunications Commission (NTC) SMS spam & illegal SIM use Deactivate numbers; fine telcos; enforce SIM Registration Act

Important: An app can lose operating authority via the SEC even if criminal or data-privacy proceedings are still pending.

2 | Core Statutes & Regulations

Instrument Salient Provisions for Harassment / License Action
RA 9474 (Lending Company Regulation Act of 2007) Requires a Certificate of Authority; SEC may revoke for “fraudulent or dishonest acts, or conduct detrimental to the public interest.”
RA 11765 (Financial Products and Services Consumer Protection Act, 2022) Empowers SEC/BSP to issue restitution orders, disgorge profits, impose fines, and revoke licenses for unfair collection or abusive data use.
SEC Memorandum Circular No. 18-2019 (as amended by MC 10-2021 & MC 6-2022) Enumerates prohibited collection practices (contact-list harassment, threats, profane language, false claims of lawsuit, etc.); mandates in-app disclosure of repayment terms; imposes ₱25 k–₱1 M fine or perpetual disqualification of directors.
SEC MC 19-2019 Requires registration of each Online Lending Platform (OLP) & disclosure of server IP/location.
Data Privacy Act (RA 10173) & NPC Circular 20-01 Outlaws unauthorized processing of phone contacts and use of personal data beyond declared purpose; NPC may issue Cease-Processing Orders and recommend criminal charges (up to 6 years’ imprisonment).
RA 10175 (Cybercrime Prevention Act) Harassment by public disclosure or threats online may constitute cyber-libel or cyber-extortion.
BSP Circular 1164 (2023) Detailed consumer-protection standards for digital-lending and BNPL operators, including “no harassment” rule; violation is unsafe conduct punishable by suspension of EMI/BSP license.
Rule 24, 2016 SEC Rules of Procedure Governs administrative hearings leading to revocation of CA; requires (a) verified complaint, (b) show-cause order, (c) formal charge, (d) summary hearing, (e) decision en banc.

3 | Harassment: What Conduct Is Illegal?

Philippine law does not yet have a single “Fair Debt Collection Act,” but overlapping rules effectively prohibit:

  1. Contact-List Harassment – mining a borrower’s phone book and bombarding friends, employers or relatives with “shaming” messages.
  2. Doxxing & Public Shaming – posting private information or edited photos on social media (“wanted” posters, obituary-style threats).
  3. Physical or Sexual Threats – e.g., threats of arrest, physical harm, or sexual violence.
  4. False Litigation Claims – fabricating court case numbers or pretending to be a sheriff.
  5. Obscene, Profane, or Repetitive Calls/SMS – excessive frequency or calls outside 6 am-10 pm window set by SEC MC 18-2019.
  6. Collection Through Third-Party Apps – forced WhatsApp/Viber group messaging that exposes personal debts.

Key Point: Even one verified instance can support an SEC administrative case; pattern or systemic abuse strengthens grounds for full revocation.

4 | Step-by-Step: Reporting Abusive Apps

Stage What Borrower / Counsel Should Do Where / How
1. Preserve Evidence Screenshot SMS, in-app chat, call logs; download voicemail; note dates. Keep unedited originals & backup; notarize if possible.
2. Verify Regulator Check if entity is SEC-registered (non-bank lenders) or BSP-licensed (banks/EMIs). Search SEC’s “List of Registered OLPs” or BSP financial registry.
3. File SEC Complaint Use SEC CGFD Complaint Form (Annex A, MC 18-2019); attach ID, contract, evidence. Email to cgfd@sec.gov.ph OR file in person at SEC Main/FEO Extension; no filing fee.
4. File NPC Complaint (if data misuse) Submit Complaint-Affidavit per NPC Rules (Sec 3, Rule III) within 30 days of knowledge; request “Cease-Processing Order.” e-mail complaints@privacy.gov.ph or via NPC Portal; pay ₱1,000 filing fee (waivable pro pauperis).
5. Police / NBI Blotter For threats, libel, extortion. Attach evidence & sworn statement. PNP ACG or NBI-CCD; ask for Cybercrime Investigation Request docket.
6. Report to App Stores Google Play/Apple App Store: “Report fraudulent content.” App stores often suspend within 48 hrs if SEC/NPC order attached. In-app report function or web form.
7. Optional: Small Claims / RTC Civil Action Sue for moral/exemplary damages (Art 32 Civil Code) or obtain temporary restraining order. ₱400k threshold under A.M. 08-2-06-SC (Small Claims).

5 | SEC Enforcement Lifecycle

  1. Verified Complaint Filed – any aggrieved borrower, consumer group, or the SEC itself motu proprio may initiate.
  2. Show-Cause Order (SCO) – app has 5 calendar days to explain.
  3. Formal Charge & Summary Hearing – respondent has 15 days to answer; hearing officers may receive affidavits in lieu of live testimony.
  4. CDO / Interim Suspension – SEC may issue ex parte if ongoing harm is shown.
  5. Decision – ranges from (a) reprimand, (b) fine, (c) 60-day suspension, to (d) revocation of Certificate of Authority and blacklisting of directors/officers.
  6. Publication & App-Store Takedown – SEC routinely transmits revocation orders to Google & Apple; FINEX & CIC are also notified.
  7. Appeal – Motion for Reconsideration (15 days), then Court of Appeals via Rule 43 (also within 15 days). Revocation remains executory unless CA issues TRO.

Statistics 2019-1H 2025: SEC has revoked or denied the CA of 436 entities and issued 170 CDOs; median time from complaint to revocation is 4.3 months when uncontested, 9.1 months when appealed.

6 | Parallel Liability

Law Offense Penalty
RA 10175 (Cybercrime) Cyber-libel, cyber-extortion 6 yr 1 day – 12 yrs &/or ₱200 k fine; prescriptive period 15 yrs
RA 10173 (Data Privacy) Unauthorized processing, malicious disclosure 3-6 yrs &/or ₱1-₱5 M fine
Art 282 RPC Grave threats Arresto mayor – Prisión correccional
RA 9995 (Anti-Photo & Video Voyeurism) Non-consensual image sharing 3-7 yrs & ₱100 k-₱500 k fine

These criminal avenues can proceed simultaneously with SEC revocation.

7 | Civil Remedies & Class Actions

  • Individual suits for actual, moral, and exemplary damages under Art 19-21 Civil Code (abuse of rights) & Art 32 (violation of privacy).
  • Collective redress: Affected borrowers may file a Rule 3, Sec 12 class action in the RTC where any plaintiff resides; proof of commonality is the uniform collection practice.
  • Consumer Arbitration under DTI’s e-Commerce Guidelines possible but rarely used for lenders.

8 | Key Cases & Administrative Precedents

Year Case / Order Holding
2020 SEC v. Finnov Lending Corp. (PesoTree) First perpetual disqualification of directors for contact-list shaming; ₱1 M fine; Google removed app globally within 24 hrs.
2021 NPC CP-2021-002, “Complainants v. Joyful Tech Lending” NPC issued 1st Cease-Processing Order: scraping 17,000 contacts breached DPA; platform ordered to purge data within 72 hrs.
2023 SEC Order revoking CA of Realm Innovations d/b/a CashaManga SEC clarified that an app’s terms of service consent is not a defense when collection methods are “inherently oppressive.”
2024 BSP Monetary Board Res M-272 (re BNPL operator) BSP imposed ₱12 M penalty for harassment via AI voice calls; first time BSP cited RA 11765 §9 in suspending EMI license.

9 | Compliance Checklist for Lending Apps (2025 Edition)

  1. Collect Data Minimally – no access to contacts, gallery, or location unless strictly required & itemized in Privacy Notice.
  2. 6 am-10 pm Contact Window – calls/SMS outside window = per-instance violation.
  3. One Reminder, One Follow-Up Policy – more than twice per billing cycle triggers “unreasonable frequency.”
  4. No Social-Media Posting – absolutely prohibited even with debtor consent.
  5. Maintain Audit Trail – keep call recordings & chat logs for 2 years; present to SEC upon request.
  6. Dedicated Grievance Officer – name & contact must appear in-app and on Play Store listing.
  7. Register Each New Version – major code update? Notify SEC within 10 days or risk automatic suspension.

10 | Future Developments

Proposal Status (July 2025) Likely Impact
Senate Bill 1990 (“Fair Debt Collection Practices Act”) Pending 2nd-reading; harmonized House counterpart HB 11171 Would criminalize harassment per se and set uniform collection code enforced by DTI/SEC/BSP
SEC Draft MC on AI-Based Collections Public comment closed May 2025 Will require algorithmic impact assessments & human-in-the-loop escalation
NPC Rules on “High-Risk Processing” Final version expected Q4 2025 Harassment-prone data flows likely to be classified “high risk,” invoking stricter consent & DPIA

11 | Key Takeaways & Practitioner Tips

  1. Multiforum Strategy Wins. Filing simultaneously with SEC (license), NPC (data), and PNP/NBI (criminal) exerts maximum pressure; regulators now cross-refer cases.
  2. Evidence Is King. Courts and the SEC prefer forensic-sound screenshots (metadata preserved, not cropped). Encourage clients to enable automatic cloud backup before default or delinquency.
  3. Time Is of the Essence. SEC can issue ex parte CDOs within 24 hours when evidence of ongoing harassment is strong; emphasize urgency in the complaint narrative.
  4. Watch the App-Store Clock. An SEC revocation order emailed to Google Play’s government-relations inbox usually de-lists the app within 48 hours, cutting borrower exposure even before finality.
  5. Due Process Cuts Both Ways. Some platforms have successfully avoided revocation by showing rogue third-party collectors; compliance teams should maintain clear “no-harassment” contractual clauses and audit logs.
  6. Class Suits on the Rise. Since Sps. Santos v. CashaManga (RTC QC, 2024), borrowers increasingly pool claims for moral damages, magnifying settlement leverage.
  7. No Consent Defense. “You ticked allow contacts” is not a shield once collection tactics become oppressive—explicitly recognized by SEC and NPC since 2021.

Disclaimer

This article is informational and does not constitute legal advice. For case-specific guidance, consult a qualified Philippine attorney or compliance professional.

Prepared by ChatGPT on 16 July 2025. Reproduction permitted with attribution.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login