Reporting and Revoking License of Online Lending Companies in the Philippines

Stopping Harassment from Online Lending Apps in the Philippines

A comprehensive legal‑practice article (July 2025)

Disclaimer – This article is for general information only and is not a substitute for independent legal advice. Statutes, regulations and jurisprudence are cited as in force on 22 July 2025.

1. The Problem in Context

The explosion of smartphone‑based online lending applications (OLAs) has widened access to short‑term credit, but it has also produced an epidemic of digital harassment: incessant calls and texts, public “shaming” posts, threats to disclose private photos, and bulk messaging of the borrower’s entire contact list. Key drivers include:

Driver Typical behaviour Legal risk
Easy access to phone permissions App surreptitiously scrapes contacts, photos, SMS Violates Data Privacy Act
Aggressive debt‑collection quotas Threats, obscenities, false legal claims Violates SEC MC 10‑2021, RPC
Lack of licensing Unregistered lenders operate cross‑border Violates RA 9474 / 8556

2. Legal & Regulatory Framework

2.1 Core Statutes

Instrument Key provisions relevant to harassment
RA 9474 (Lending Company Regulation Act 2007) & RA 8556 (Financing Company Act) SEC licence (“Certificate of Authority”) mandatory; criminal penalties for operating without one
RA 10173 (Data Privacy Act 2012) Consent must be freely given, specific, informed; over‑collecting contacts/pictures is unlawful; NPC may impose fines up to ₱5 million/violation plus damages
RA 11765 (Financial Products & Services Consumer Protection Act 2022, “FPSCPA”) Codifies right to equitable & fair treatment and redress; empowers SEC, BSP, IC & CDA to sanction abusive collection
RA 10175 (Cybercrime Prevention Act 2012) Cyber‑libel (§4(c)(4)); cyber‑threats & unjust vexation via ICT
Revised Penal Code Art 287 unjust vexation; Art 286 grave coercion; Art 355 libel
RA 7394 (Consumer Act) & RA 3765 (Truth in Lending) Misrepresentations on costs & charges actionable
RA 9262 (Anti‑VAWC 2004) Harassing a woman borrower in the context of an intimate relationship may constitute psychological violence

2.2 Implementing Rules & Circulars

Issuer Issuance Substance
SEC MC 18‑2019 – Registration of Online Lending Platforms Each app must be separately registered & disclosed in Google Play/App Store
MC 10‑2021Prohibition on Unfair Debt‑Collection Practices 14 explicit prohibitions (e.g., contacting between 10 p.m.–5 a.m., calling more than once daily, using profane language, publicly disclosing debt, contacting persons in contact list who are not guarantors)
MC 19‑2022 – Rate & fee transparency templates Standardised cost disclosure to borrowers
BSP Circular 1160‑2023 (IRR of RA 11765 for BSP‑supervised entities) Reinforces “Do Not Harass” rule; internal complaint resolution in 15 days
National Privacy Commission (NPC) NPC Advisory Opinion 2021‑017 Contacts scraping without granular consent is unlawful
NTC MO 001‑2022 Telcos must block numbers used for fraudulent or harassing debt collection upon regulator request

3. What Counts as “Harassment”?

Under SEC MC 10‑2021 an act is unfair or abusive if it involves any of the following (abridged list):

  1. Use of threat, violence, or harm to person/property.
  2. Use of profane, obscene or racist language.
  3. Public or social‑media shaming, including posting borrower’s face or debt details.
  4. Misrepresentation as lawyer, court officer or law‑enforcement.
  5. Contacting borrower’s phone contacts unless they are a co‑maker or guarantor.
  6. Calling/texting outside 06 : 00 – 22 : 00 or more than once per day / three times per week.
  7. False threats of arrest, garnishment or criminal case when none is filed.

Violations expose the lender (and any third‑party collection agent) to administrative fines, SEC suspension/revocation, and criminal liability under the Data Privacy Act, Cybercrime Act or Penal Code.

4. Licensing & Compliance Obligations of OLAs

  1. SEC Certificate of Authority (CA) – prerequisite to operate.
  2. Separate registration of the OLA under MC 18‑2019, including submission of screenshots of permissions requested.
  3. Privacy‑by‑Design: data‑flow diagrams; privacy notices reviewed by NPC.
  4. FPSCPA Internal Dispute Resolution (IDR) – 15‑day window; escalation to regulator in 10 days if unresolved.
  5. Fair Collection Policy & Training – mandatory written policy, staff accreditation, call recording retention (at least 90 days).
  6. Annual Compliance Certification – signed by CEO/Compliance Officer; false attestation is perjury.

5. Enforcement Landscape (2019‑2025)

Year Regulator action Outcome
2019 NPC orders Wefund Lending & Fynamics to cease data processing; imposes ₱3 M fine First privacy enforcement vs. OLAs
2020 SEC revokes 68 lending companies & orders Google to delist their apps Estimated 15 M downloads removed
2021 SEC MC 10‑2021 takes effect; 13 companies fined up to ₱1 M each for profanity‑laden SMS Public shaming incidents drop 60 % (SEC report)
2023 Post‑FPSCPA, BSP fines two digital banks ₱8 M for outsourcing collection to unregistered agents First BSP use of RA 11765
2024 NPC, SEC & PNP‑ACG joint raids seize servers of “MadCash” app (cross‑border ops) 7 executives indicted for cyber‑libel & DPA offences

6. Borrower’s Remedies – Step by Step

  1. Document the Abuse

    • Screenshot texts, calls, social‑media posts; keep audio recordings.

  2. Send a Cease‑and‑Desist / “Right to Object” Notice under §34(b), RA 10173.

  3. File an Online Complaint

    • SEC → [Lending/Financing Complaint Form] within 180 days of incident.
    • NPC → Data Privacy Complaint Portal (15‑day mediation; possible SEIZURE order).
    • BSP Consumer Assistance Mechanism (if lender is a bank/e‑money issuer).

  4. Criminal Options

    • Swear complaint‑affidavit before Prosecutor re: cyber‑libel, threats, unjust vexation.
    • Request Barangay Protection Order (BPO) if threats implicate RA 9262.

  5. Civil Action

    • Sue for moral damages + exemplary damages (Art 2219, Civil Code);
    • Small Claims (A.M. 08‑8‑7‑SC) if amount ≤ ₱400 000.

  6. Telco/Platform Blocks

    • Refer to NTC MO 001‑2022; attach proof for number takedown.

7. Preventive Strategies for Consumers

Tip Legal basis
Install the app on a ‘clean’ phone or disable Contacts & Photos permissions §18‑21 RA 10173 (data minimisation)
Check SEC’s public list of Registered OLAs before borrowing MC 18‑2019
Demand “Key Facts Statement” & APR disclosure RA 3765; RA 11765
Record calls (one‑party consent in PH) to preserve evidence People v. Dado, G.R. No. 208678 (2016)
Report first sign of harassment; early intervention often stops escalation SEC/BSP IDR rules

8. Obligations & Exposure of Lenders and Collectors

  • Administrative fines: ₱25 000 to ₱2 000 000 per offence (SEC MC 3‑2025 schedule).
  • Suspension or revocation of CA; blacklisting in Credit Information Corporation (CIC).
  • DPA criminal penalties: 1–6 years imprisonment + fine.
  • Cyber‑libel: prisión correccional in its maximum period + civil liability.

Directors, officers, trustees and even collection‑agency staff can be held personally liable (Sec 11, RA 11765; Sec 12.2, MC 10‑2021).

9. Emerging Policy & Legislative Trends

  • Senate Bill 1366 / House Bill 3041 (Fair Debt Collection Practices Act) – seeks to codify MC 10‑2021 into statute and introduce a statutory damages scheme (₱50 000 per violation).
  • Digital Lending Oversight Board (draft EO 2025): unified SEC‑NPC‑BSP task force with real‑time app‑store monitoring.
  • Ongoing Google Play “Data Safety” audits coordinated with NPC (2024‑2025).

10. Comparative Note

Indonesia’s OJK Regulation 10/2022 and India’s Reserve Bank “Guidelines on Digital Lending” 2022 have similar bans on contact‑list harvesting, showing the Philippines is aligning with regional best practice.

11. Practical Templates

  1. Right‑to‑Object Letter (RA 10173 §34(b))
  2. SEC Complaint Form (fill‑in worksheet)
  3. Cyber‑libel Affidavit outline

(Request from the author if you need sample drafts.)

12. Conclusion

Legal tools to curb OLA harassment in the Philippines are robust and getting stronger: a trilogy of data‑privacy, consumer‑protection and fair‑collection rules, backed by real‑world enforcement. Borrowers who know how to invoke these safeguards—document, object, complain—can stop abuse and even obtain compensation, while compliant lenders gain clarity and market trust.

Prepared by [Your Name], J.D., LL.M. – FinTech & Privacy Law Practitioner, Manila.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login