Reporting Pre-Due Date Harassment by Online Lenders in the Philippines

A comprehensive legal guide for borrowers and advocates

What counts as “pre-due date harassment”?

Pre-due date harassment happens when a lender, collection agent, or their app pressures, shames, or threatens a borrower before the loan’s due date—for example:

Spam calls or messages demanding “immediate” payment even though the account is not yet due
Threats to contact your employer, family, or entire phonebook “today” if you don’t pay now
Premature “final demand” notices implying legal action or public shaming before maturity
Sending messages to your contacts (debt-shaming) to coerce you ahead of due date

These practices are illegal or sanctionable under multiple Philippine laws and regulations summarized below.

Legal foundations and why pre-due date harassment is unlawful

1) Financial Consumer Protection Act (FCPA) — Republic Act No. 11765 (2022)

Establishes the right of financial consumers to fair treatment and protection against abusive collection.
Prohibits misleading, deceptive, and unconscionable collection practices by financial service providers (FSPs) and their third-party collectors.
Implemented through sector regulators (BSP for banks/e-money/BSFIs, SEC for lending/financing companies, IC for insurers/HMOs). Sanctions include administrative fines, suspension, and other corrective actions.

2) SEC rules for Lending/Financing Companies

SEC Memorandum Circular No. 18, s. 2019 (Unfair Debt Collection Practices) bars:
- Threats, profane/obscene language, and contacting persons other than the borrower, guarantor, or surety except to obtain location/phone details;
- Contacting at unreasonable hours or using false representations;
- Debt-shaming, including social-media blasts or mass texts to the borrower’s contacts.
Registration/Authorization: Online lending apps must be operated by SEC-registered lending/financing companies. Unregistered “lenders” can be shut down and penalized.

3) Bangko Sentral ng Pilipinas (BSP) standards (if the lender is a bank, EMI, or other BSP-supervised entity)

The FCPA IRR and the BSP Consumer Protection Framework require fair, respectful, and proportionate collections, aligned with due dates and accurate account status.
Misconduct by outsourced collection agencies binds the supervised institution.

4) Data Privacy Act of 2012 — Republic Act No. 10173

Requires lawful, transparent, and proportional processing of personal data.
Harvesting a borrower’s contacts and messaging them for “collections” is generally unlawful (no lawful basis, beyond declared purpose, not proportional), especially before any delinquency.
The National Privacy Commission (NPC) may order stoppage, deletion, and impose fines/other penalties. Borrowers may also claim damages for privacy harms.

5) Revised Penal Code and special penal laws (when conduct crosses into crime)

Grave threats (Art. 282), grave coercion (Art. 286), unjust vexation (Art. 287), and libel/cyber-libel (R.A. 10175) may apply if messages include threats of harm, arrest, or public defamation.
Anti-Photo and Video Voyeurism and Anti-Wiretapping can be implicated by certain doxxing/recording tactics.

6) Civil Code remedies

Articles 19, 20, 21 (abuse of rights, acts contrary to law/morals) support claims for damages against abusive lenders and collectors.

Are lenders ever allowed to contact you before due date?

Yes—only for legitimate, proportionate purposes, such as account verification, courtesy reminders clearly stating the loan is not yet due, or to respond to your inquiry. Anything coercive, misleading, shaming, or sent to third parties (your contacts) is unlawful.

Evidence checklist (collect before reporting)

Loan documents: contract, disclosure statement, screenshots of due date.
Harassing communications: screenshots of texts/chats/emails, call logs (date/time/number), recorded voicemails. Save original files; don’t alter metadata.
App permissions: screenshots of permissions (contacts, SMS, storage).
Third-party messages: statements or screenshots from family/friends contacted by the lender.
Your notes: a running timeline (who contacted you, when, what was said, and how you felt/impacts at work/home).
Proof of lender identity: app name, website, social pages, company name in receipts or messages.

Where and how to report (choose all that apply)

You can file in parallel. Use the same evidence set.

A) Securities and Exchange Commission (SEC) — Lending/Financing companies & OLAs

What to report:
- Pre-due date demands, threats, or debt-shaming;
- Contacting people other than the borrower/guarantor;
- Unreasonable calling hours;
- Any app operating without SEC authorization.
What you’ll need: identity of the app/company (name, links), screenshots, copy of the loan, due date proof, and contact details of affected third parties (if any).
Possible outcomes: fines, suspension/revocation, takedown of the app/pages, referral for prosecution.

B) National Privacy Commission (NPC) — Data privacy violations

What to report: scraping/using your contacts, mass messages to third parties, unnecessary data collection, retention beyond necessity, lack of privacy notice, refusal to honor data subject rights.
What you’ll need: evidence that contacts were harvested/used, your consent flow screenshots, privacy policy captures, and the harmful effects (e.g., job risk, anxiety).
Possible outcomes: compliance orders, monetary penalties, deletion orders, and directive to stop processing.

C) BSP (if the lender is a bank/EMI/BSFI)

Use the bank’s internal complaints channel first (required under FCPA), then escalate to BSP if unresolved or egregious. Attach complaint case number and all evidence.

D) Law enforcement (PNP-ACG / NBI-CCD / local prosecutor)

When to go criminal: explicit threats, doxxing, defamation, blackmail, or impersonation (fake “court orders”, fake “arrest warrants”). Bring a sworn statement, your evidence set, and IDs. Ask for assistance preserving service-provider logs.

E) Workplace/School (if they were contacted)

Provide an advisory memo that the lender’s contact is unlawful; request HR/Administration to preserve the message and avoid further engagement.

Step-by-step reporting flow (practical roadmap)

Secure your device & data
- Revoke the app’s permissions (Contacts/SMS/Storage). Change account passwords.
- If you’ll delete the app, export evidence first and consider keeping it installed (but off) until you complete screenshots.
Send a cease-and-desist (C&D) notice (optional but helpful)
- State the account is not yet due, demand the cessation of harassment, data processing limited to lawful purposes, and deletion of scraped contacts.
- Reference RA 11765, SEC MC 18-2019, and DPA RA 10173. Give a response window (e.g., 48 hours).
- Send through the app’s official channel and the company email if available.
File your formal complaint(s)
- SEC (for lending/financing firms/OLAs).
- NPC (privacy violations, debt-shaming).
- BSP (if a BSP-supervised entity).
- Police/NBI for criminal aspects.
Preserve and extend evidence
- Ask your telco for incoming call/SMS logs (some keep short windows).
- Ask your employer/contacts to forward the messages they received.
Follow up & document retaliation
- Any post-complaint surges in harassment are aggravating; record and report immediately.

Model C&D notice you can adapt (short form)

Subject: Unlawful Pre-Due Date Harassment and Privacy Violations — Cease and Desist

I am the borrower under Loan No. ____ with your company. The due date is [DATE]. Despite this, your representatives have made repeated demands and threats on [dates], including contacting third parties (my contacts) and sending misleading “final demand” messages.

These acts violate RA 11765 (Financial Consumer Protection Act), SEC MC 18-2019 (Unfair Debt Collection Practices), and the Data Privacy Act (RA 10173).

I demand that you:

Cease all collection communications until due date;

Stop contacting any third party about my loan;

Delete all harvested contact data and limit processing to lawful, necessary purposes; and

Confirm in writing within 48 hours.

Failure to do so will result in reports to the SEC, NPC, and appropriate law-enforcement agencies, and pursuit of civil/criminal remedies.

Sincerely, [Name], [Mobile/Email]

Dos and Don’ts while your complaint is pending

Keep replies factual and minimal; acknowledge receipt but avoid arguments.
Route everything to one written channel (email or in-app support) to create a trail.
Save every interaction (including call recordings if you announce/consent as required).
Inform family/employer not to engage and to forward any messages for evidence.

Don’t

Don’t pay earlier than due date out of fear when the dispute is about harassment (unless you actually want to prepay).
Don’t provide additional personal data via links/attachments sent by collectors.
Don’t post your evidence publicly if it reveals sensitive personal data of others.

Special issues & FAQs

The app asked for “Contacts” permission — is that valid consent?

Usually no for collection purposes. Consent must be freely given, specific, informed, and documented. A blanket permission to access your phonebook to “improve services” is not a lawful basis to broadcast debt info, especially before default.

Can they tell my employer or family?

Not without a lawful basis. SEC MC 18-2019 generally prohibits contacting third parties about the debt (beyond limited location/phone info). Doing this before due date is especially egregious.

They threatened arrest or “NBI blotter tomorrow.”

Private lenders cannot arrest you. Empty threats of arrest/cases by collectors may constitute grave threats or unjust vexation and are sanctionable.

I borrowed from an unregistered online app.

You can still report. Using an unregistered platform doesn’t waive your rights; it may worsen the lender’s liability.

Can I sue for damages?

Yes. Under the Civil Code (Arts. 19–21) and DPA, you may claim moral, exemplary, and actual damages for harassment and privacy violations. Consult counsel for strategy and venue.

Practical templates (bullet points you can paste into forms)

Regulator summary (SEC/NPC/BSP):

Parties: Borrower [Name], Lender/App [Name] (Company if known)
Loan details: Amount ₱___; Due date [DATE] (not yet due)
Misconduct: Pre-due date demands; threats; third-party contact; debt-shaming; unreasonable hours; misleading “final demand”
Evidence list: Attach screenshots/call logs/privacy policy/permissions
Relief sought: Stop harassment; delete contacts data; penalties; written assurance; app takedown (if applicable)

Law-enforcement summary:

Nature: Threats/coercion/libel/doxxing related to a consumer loan before due date
Channels used: SMS/Messenger/Calls/Email; include numbers/links
Immediate risk: Workplace harassment/reputational harm
Request: Investigation, preservation of telco/platform logs

Quick reference (pin this)

Core laws: RA 11765 (FCPA), SEC MC 18-2019, RA 10173 (DPA), RA 10175 (Cybercrime), RPC Arts. 282, 286, 287; Civil Code Arts. 19–21.
Red flags: demands before due date, threats, contacting anyone else, “we’ll post you online,” “we’ll call your boss,” calls at late night/early morning, fake legal notices.
Action pack: screenshots + call logs + due date proof + app permissions → C&D (optional) → SEC/NPC/BSP → PNP-ACG/NBI (if criminal) → keep a timeline.

Final note

This article provides general information on Philippine law and regulatory practice. For case-specific advice—especially if there are criminal threats, large sums, or cross-border elements—consult a Philippine lawyer or a legal aid clinic.