Reporting Harassment by Online Lending Companies in the Philippines
A comprehensive legal guide (updated to July 2025)
1. Background: Why Harassment Happens
Online lending platforms (“OLPs”) exploded in the Philippines after 2016 because smart‑phone penetration made instant micro‑credit viable. Many were legitimate; many were not. Unregulated players scraped borrowers’ contact lists, broadcast shaming text blasts, threatened arrest, and extorted “collection fees” far beyond the amount owed. These acts collide with several Philippine statutes protecting debtors, privacy, and human dignity.
2. Governing Legal & Regulatory Framework
| Layer | Key Instrument | Core Protection Against Harassment |
|---|---|---|
| Financial‐sector regulation | ► Lending Company Regulation Act (RA 9474) & Financing Company Act (RA 8556) require SEC licensing and “fair, reasonable and lawful” collection. ► Financial Consumer Protection Act (FCPA, RA 11765, 2022) empowers the SEC & BSP to investigate, adjudicate, penalise abusive collection up to ₱2 million &/or 5 years prison. ► SEC Memorandum Circular 18‑2019 (as amended by MC 10‑2022) expressly outlaws: threats of physical harm, use of profanities, public shaming, contacting persons other than the borrower more than once, and disclosing personal data without consent. |
|
| Data privacy | ► Data Privacy Act (DPA, RA 10173) + NPC Circular 16‑03. Collecting phone contacts, photos, or location is lawful only if: (1) you gave informed, specific, freely‑given consent and (2) data are necessary for credit evaluation. IP spoofing or scraping contacts to harass constitutes unauthorised processing (₱500 k – ₱5 m fine & 1 – 6 years prison). | |
| Cybercrime & libel | ► Cybercrime Prevention Act (RA 10175) punishes cyber libel, identity theft & threats executed “through ICT.” | |
| Criminal Code offences | Revised Penal Code Articles 282 (grave threats), 287 (unjust vexation), 355‑358 (libel), 290 (intriguing against honour) may apply. | |
| Other special laws | RA 9995 (Anti‑Photo/Video Voyeurism) if collectors spread intimate images; RA 11313 (Safe Spaces Act) if gender‑based online harassment. |
Key point: Even if you genuinely owe a debt, abuse is never a lawful collection method. The credit‑granting contract does not waive your constitutional rights to privacy, honour and due process.
3. What Counts as “Harassing” Collection Practice?
SEC MC 10‑2022 (mirror wording appears in BSP Circular 1160‑23 for banks/EMIs) lists prohibited acts, including:
- Use of threats – violence, arrest, criminal cases without basis.
- Profane, insulting or obscene language.
- Public or third‑party disclosure of the borrower’s debt, except to guarantors or authorised legal counsel.
- Contacting the borrower’s family, employer or friends more than once, or using false caller IDs.
- False representations (“We are from the PNP,” “Your bank account will be frozen today”).
- Unreasonable call frequency or time (calls before 6 a.m. or after 10 p.m.).
- Photo editing or “meme shaming.”
- Accessing your phonebook without explicit consent (DPA violation).
Firms violating any item are subject to SEC show‑cause orders, fines, and—after two adverse findings—revocation of their primary licence and a permanent industry ban on directors/officers.
4. Step‑by‑Step Guide to Reporting
| Stage | What to Do | Practical Pointers |
|---|---|---|
| A. Preserve Evidence | • Screenshot abusive SMS, chat, in‑app notices. • Record voice calls you participate in (one‑party consent is still punishable under RA 4200, but courts often admit recordings for grave threats; weigh risk). • Export app permissions list showing it accessed contacts/photos. |
Keep original file metadata; NEVER alter timestamps. |
| B. Identify the Lender | Check SEC’s List of Registered Online Lending Platforms (updated monthly) or BSP’s List of Supervised Financial Institutions. | If not on either list, it is ipso facto illegal. |
| C. File Administrative Complaint | i. SEC Enforcement & Investor Protection Department (EIPD) • Email eipd@sec.gov.ph with subject “OLP Harassment Complaint.” • Attach SEC “Complaint Form – Financing/Lending,” valid ID, proof of loan, proofs of harassment. • You will receive a docket number; respond to clarifications within 15 days. ii. BSP Consumer Affairs & Market Conduct Office (for banks/EMIs) via consumeraffairs@bsp.gov.ph or Hotline (02) 8708‑7087. iii. National Privacy Commission (NPC) • File “Sworn Complaint‑Affidavit” within 12 months from knowledge of violation. • Email complaints@privacy.gov.ph or file via NPC Portal. |
Administrative proceedings are gratis; you need no lawyer. |
| D. Initiate Criminal Action | Draft a Complaint‑Affidavit narrating acts (attach evidence) and cite violated Articles (e.g., Art 282). File at: • Office of the City/Provincial Prosecutor; or • NBI Cybercrime Division; or • PNP Anti‑Cybercrime Group. |
Barangay conciliation is not required for crimes involving threats or where any party is a corporation (katarungang pambarangay exemption). |
| E. Civil Action for Damages | Sue for moral, exemplary and nominal damages under Art 19‑21 Civil Code (“abuse of rights”). | May be combined with criminal case (reservation required). |
5. Penalties & Remedies
| Law / Issuance | Monetary Fine | Imprisonment | Ancillary Sanctions |
|---|---|---|---|
| SEC MC 10‑2022 | ₱25 k – ₱1 m per act; revocation of licence; permanent director/officer disqualification | – | Public‑shaming list of violators (“Operation e‑STOP”) |
| FCPA (RA 11765) | ₱50 k – ₱2 m | Up to 5 years | Restitution of consumer losses |
| Data Privacy Act | ₱500 k – ₱5 m | 1 – 6 yrs (per count) | NPC may order cease‑and‑desist & database deletion |
| Cyber Libel (RA 10175) | Determined by court (often ₱100 k +) | 6 mos 1 day – 8 yrs | Take‑down order under RA 10175 §6 |
| Grave Threats (RPC Art 282) | Up to ₱100 k (subject to SC circulars) | 6 mos – 6 yrs | – |
6. Recent Developments (2023 – 2025)
- SEC‑BSP Joint Memorandum Circular 01‑2024 created a one‑stop Financial Consumer Redress Portal (beta launched February 2025) allowing online submission of evidence and live case‑tracking.
- House Bill 7605 (“Anti‑Predatory Lending Act”) passed House in May 2024; Senate counterpart pending. It caps total cost of credit at 15 % per month and criminalises “contact‑list harvesting” outright.
- Operation e‑STOP (ongoing) closed 400+ unregistered OLPs and secured the first conviction for cyber‑libel–based collection in September 2024 (People v. Sarmiento, RTC Br 93, QC).
7. Practical Self‑Help Tips
- Revoke app permissions on Android ➜ Settings ➜ Apps ➜ [app] ➜ Permissions (deny Contacts, Storage).
- Send a formal “Cease and Desist” e‑mail citing SEC MC 10‑2022; give 5‑day window before you escalate.
- Block & archive all harassing numbers; use auto‑call‑record if you choose to gather voice evidence.
- Check your credit report (CIC or TransUnion) for fraudulent entries after harassment episodes.
- Coordinate with HR if collectors contact your workplace; furnish HR a copy of SEC MC 10‑2022 so they know it is unlawful.
8. Conclusion
In the Philippines, owing money does not strip you of legal protections. From administrative fines to criminal prosecutions, the law now provides multiple avenues to stop and punish harassing online lenders. Collect evidence early, file with the proper regulators, and—if threats persist—pursue criminal and civil remedies. Doing so not only vindicates your rights but helps cleanse the fintech ecosystem for millions of Filipino borrowers.
Disclaimer: This article is for informational purposes only and does not create an attorney–client relationship. For legal advice tailored to your situation, consult a Philippine lawyer or the Public Attorney’s Office.