Overview: what “legitimate” really means in Philippine practice

In everyday use, “legitimate” can mean any (or all) of the following:

1. Properly registered with the correct government agency (SEC, DTI, CDA, etc.).
2. Existing and in good standing (not dissolved, revoked, delinquent, or suspended).
3. Authorized to do the business it claims (including any required “secondary licenses,” industry permits, or professional accreditations).
4. Compliant enough to safely contract with (authority of signatories, permits, tax registration, and no obvious red flags).

A solid verification process separates entity existence from authority to operate and from authority to solicit money/investments.

---

Step 1: Identify what type of entity you’re dealing with

Before you check anything, determine the legal form—because the correct registry depends on it.

A. SEC-registered entities (generally)

You typically verify with the Securities and Exchange Commission (SEC) if the entity is a:

• Corporation (stock, non-stock, One Person Corporation/OPC)
• Partnership (general, limited, professional partnership)
• Foreign corporation licensed to do business in the Philippines
• Foundation / NGO organized as a non-stock corporation
• Certain other SEC-registered juridical persons

B. DTI-registered entities (generally)

You typically verify with the Department of Trade and Industry (DTI) if the “business” is a:

• Sole proprietorship using a registered business name

Important: A DTI Business Name (BN) registration is not the same as creating a corporation. A sole proprietorship is not a separate juridical person from the owner; liabilities generally attach to the owner personally.

C. Other common registries (don’t skip these when applicable)

Some organizations are legitimate but not SEC or DTI:

• Cooperatives → Cooperative Development Authority (CDA)
• Banks, quasi-banks, trust entities, many financial institutions → Bangko Sentral ng Pilipinas (BSP)
• Insurance companies → Insurance Commission (IC)
• Government suppliers → PhilGEPS registration matters (not proof of corporate existence, but relevant)
• Certain contractors → PCAB license (construction)
• Food/drug/cosmetics/medical devices → FDA authorizations
• Recruitment agencies → DOLE/DMW licensing (high-risk area)

If someone presents a “certificate” but the entity type doesn’t match the issuing agency, treat it as a red flag.

---

Step 2: SEC verification (corporations, partnerships, non-stocks, OPCs)

What SEC registration proves—and what it does not

SEC registration generally proves:

• The entity was formed/registered and had submitted formation documents.
• The entity has a SEC registration number and basic recorded details.

SEC registration does NOT automatically prove:

• The entity is currently active/in good standing.
• The entity has current permits (Mayor’s Permit, BIR, etc.).
• The entity is authorized to solicit investments from the public.
• The person you’re talking to has authority to bind the company.

Core SEC records to check (and why they matter)

1. SEC Certificate of Incorporation/Registration

   • Confirms the entity was registered.

2. Articles of Incorporation / Partnership / (and Amendments)

   • Shows corporate name, purposes, incorporators, capital structure, term, office address.

3. By-laws (for corporations that require them)

   • Governance rules; helpful for authority questions.

4. General Information Sheet (GIS)

   • Key officers/directors, address, and ownership information (for stock corporations).
   • A missing/delinquent GIS can indicate compliance issues.

5. Latest list of directors/officers / incumbency evidence

   • Practical for verifying signatories and authority.

6. SEC status / standing indicators

   • Look for tags like active/inactive, delinquent, suspended, revoked, dissolved (terminology can vary).

How to perform an SEC legitimacy check (practical workflow)

1. Get the exact registered name (including punctuation like “Inc.” “Corp.” “OPC”) and the SEC registration number if possible.

   • Scammers often use a “trade name” that resembles a famous brand or a legitimate company’s name.

2. Match the details across documents:

   • Registered name
   • SEC registration number
   • Principal office address
   • Date of incorporation/registration

3. Check current status:

   • Confirm it is not dissolved, revoked, or delinquent.

4. Verify the company’s purposes:

   • If they claim to be a lending company, broker, or investment house, check whether the primary purpose supports it and whether secondary licensing is required (see next section).

5. Verify people and authority:

   • Confirm the officers and board listed in the GIS align with who you’re dealing with.

6. Request certified copies when stakes are high:

   • For major transactions, rely on SEC-issued certified true copies (not just PDFs forwarded by the counterparty).

SEC “secondary licenses”: the most misunderstood legitimacy issue

A business can be a real SEC-registered corporation and still be unauthorized to do what it’s doing—especially with money.

Common activities that may require additional SEC authority (or another regulator’s authority), depending on the exact model:

• Soliciting investments from the public (sale of securities)
• Operating as a broker/dealer/salesman or similar securities market roles
• Operating as a lending company or financing company (often subject to SEC regulation and specific registrations)
• Pre-need and certain investment-like schemes (often regulated)

Key takeaway: If the entity is asking you to “invest,” “pool funds,” “earn fixed returns,” or join a “profit-sharing” arrangement, you must separately assess whether:

• The product is a security; and
• The entity and/or offering is properly registered/authorized.

Even a real Certificate of Incorporation is not a license to raise funds from the public.

Foreign companies

If you’re dealing with a foreign corporation claiming Philippine operations, ask:

• Are they licensed to do business in the Philippines (SEC license to transact)?
• Do they have a Philippine branch or representative office registration?
• Who is their resident agent?
• Are contracts being signed by a properly authorized local representative?

---

Step 3: DTI verification (sole proprietorship business name)

What DTI registration proves—and what it does not

DTI Business Name registration generally proves:

• A particular person (the owner) registered a business name for a sole proprietorship.

DTI registration does NOT automatically prove:

• The business has a Mayor’s Permit or barangay clearance.
• The business is BIR-registered and issuing compliant receipts/invoices.
• The “business” is a separate legal person (it isn’t).
• The business is authorized for regulated activities (recruitment, financing, etc.).

How to perform a DTI check (practical workflow)

1. Request the DTI Business Name Certificate (and confirm it’s current).

2. Confirm the registered owner’s name matches the person you’re contracting with.

3. Check the scope (territorial scope and business name details).

4. Treat the owner as the true contracting party:

   • Contracts should name the owner (and optionally “doing business under the name ____”).

Special caution: “DTI permits” is a scam phrase

DTI issues business name registration, not an all-purpose “permit to operate.” If someone claims “DTI permit” as if it’s a license, require the actual document and then check for the real operating permits (LGU/BIR).

---

Step 4: The “beyond SEC/DTI” minimum checks that matter in real transactions

A company can exist on paper and still be problematic. For most practical due diligence in the Philippines, add these:

A. LGU business permits (Mayor’s Permit / Business Permit)

• Usually issued by the city/municipality where the business operates.

• Look for:

  • Correct business name
  • Correct address
  • Current year coverage
  • Nature of business consistent with what they claim

B. Barangay clearance (often part of permitting)

• Not a substitute for SEC/DTI, but useful to confirm local presence.

C. BIR registration (tax legitimacy)

Ask for:

• BIR Certificate of Registration (COR) (often Form 2303)
• Authority to Print (ATP) / invoice details (depending on current BIR regime)
• Valid TIN
• Ability to issue official receipts/invoices compliant with BIR rules

A refusal to provide BIR registration for a supposedly operating business is a major red flag.

D. Proof of address and operations

• Lease contract, utility bills, office photos, verifiable landline, or site visit (when stakes justify it).
• Beware of “virtual offices” used solely for appearances.

E. Litigation / reputation signals (practical, not definitive)

• Look for patterns: multiple complaints, repeated name changes, pressure tactics, inconsistent addresses.
• Consider requesting references from real counterparties and verifying independently.

---

Step 5: Verifying authority to sign and bind the entity (often overlooked)

Even if the entity is real, the deal can still be invalid or disputed if the signatory lacks authority.

For corporations/partnerships (SEC entities)

Request and validate:

• Board Resolution approving the transaction (for significant contracts)
• Secretary’s Certificate stating the board approval and authorized signatories
• Incumbency proof (GIS/officer lists consistent with the Secretary signing the certificate)
• Valid IDs and specimen signatures of signatories
• For OPCs: check the OPC structure and documentation for authority

For sole proprietorships (DTI)

Since the owner is the business:

• Contract should be signed by the owner
• If signed by someone else: require a Special Power of Attorney (SPA)

---

Step 6: High-risk scenarios and red flags (Philippine scam patterns)

Treat these as triggers for deeper checks, certified documents, or walking away:

Identity and document red flags

• Certificates with misspellings, inconsistent fonts, odd seals, or mismatched registration numbers
• Company name on documents doesn’t exactly match the SEC/DTI record
• Different addresses across SEC/DTI, permits, invoices, and contracts
• Officers named in the GIS have no traceable connection or deny involvement

Behavioral red flags

• Pressure to pay immediately to “reserve,” “unlock,” or “avoid penalties”
• “Guaranteed returns,” “risk-free,” “double your money,” or unusually high fixed interest
• Payments requested to personal e-wallets/bank accounts unrelated to the entity
• Refusal to provide certified copies, IDs, or proof of authority

Business-model red flags (especially for investments and loans)

• “Investment” offers without clear disclosures, contracts, or regulatory basis
• “Lending” or “financing” operations without clear registration and compliant documentation
• Recruitment/job placement that asks for large upfront fees or uses tourist visas

---

Step 7: Handling name similarity, trade names, and brand impersonation

In the Philippines, a business might use:

• Registered corporate name (SEC)
• Business name (DTI for sole prop)
• Trade name / brand (marketing-facing)
• Secondary business names or branches

Best practice:

• Require the counterparty to state in writing the exact registered name and registration number.
• Ensure bank accounts, invoices, and contracts match the registered name (or are clearly tied via documentation).
• Be cautious with businesses that “sound like” famous companies but are unrelated.

---

Step 8: What to request: a practical due diligence checklist

Use this as a baseline package.

If the counterparty is a corporation/partnership

• SEC Certificate of Incorporation/Registration
• Articles of Incorporation/Partnership (and amendments)
• Latest GIS
• Valid government IDs of signatories
• Secretary’s Certificate + Board Resolution (as needed)
• Mayor’s/Business Permit (current)
• BIR COR (and invoicing/receipt compliance proof)
• Proof of office address / operations
• For regulated industries: proof of license (SEC secondary license, BSP/IC/FDA/PCAB/DOLE/DMW, etc.)

If the counterparty is a sole proprietorship

• DTI Business Name Certificate
• Owner’s valid government ID
• Mayor’s/Business Permit (current)
• BIR COR
• Proof of address / operations
• If someone else signs: SPA

---

Step 9: What “good standing” can mean—and why you should care

“Good standing” isn’t a single universal concept; it usually refers to whether the entity has complied with periodic reportorial requirements and has not been sanctioned.

Why it matters:

• A delinquent or revoked entity can create enforceability and collection problems.
• Banks, large counterparties, and government agencies often require proof of standing for onboarding.

For higher-stakes transactions, prefer:

• Certified true copies
• The most recent SEC filings
• Clear evidence the entity is not under dissolution/revocation proceedings

---

Step 10: If you suspect fraud or misrepresentation—what to do

If you believe an entity is misrepresenting SEC/DTI status, soliciting investments illegally, or running a scam:

1. Stop sending money and preserve evidence:

   • Screenshots, chats, emails, receipts, bank details, IDs presented, contracts, websites.

2. Verify the recipient accounts:

   • Payments to unrelated personal accounts are a frequent scam hallmark.

3. Report to the appropriate agency depending on the conduct:

   • For corporate/solicitation concerns: SEC enforcement/investor protection channels
   • For deceptive trade practices (consumer-facing): DTI
   • For cyber-enabled scams: PNP Anti-Cybercrime Group / NBI Cybercrime (as applicable)

4. Consider counsel early if amounts are material:

   • Timing matters for asset tracing and preservation remedies.

---

Practical examples: how to interpret common situations

Example 1: “We are SEC registered, so investing is safe.”

Not necessarily. SEC registration of the company is different from SEC authorization/registration of an investment offering or a securities-related activity.

Example 2: “We have a DTI certificate, so we’re legal.”

A DTI BN certificate means a business name is registered for a sole proprietorship. It is not proof of permits, tax compliance, or regulatory authority for controlled industries.

Example 3: “Our agent will sign the contract.”

Ask for proof of authority:

• For corporations: board authority/Secretary’s Certificate
• For sole props: SPA from the owner

---

Best-practice “verification standard” depending on your risk

Use a tiered approach:

Low-risk (small purchases)

• Confirm SEC/DTI existence
• Check basic contact and address consistency
• Use traceable payment channels

Medium-risk (service contracts, subscriptions, repeat suppliers)

• Add Mayor’s Permit + BIR COR
• Verify signatory authority
• Confirm operational presence

High-risk (large payments, loans, investments, long-term deals)

• Certified SEC documents
• Full authority package (board resolutions)
• Regulatory licensing confirmation (if applicable)
• Stronger contract protections (warranties, reps, indemnities, audit rights)
• Consider professional due diligence and legal review

---

Closing notes

SEC and DTI checks are foundational, but they are only the first layer. The most common real-world failures happen when people:

• confuse entity registration with permission to solicit funds, or
• skip verifying permits, tax registration, and signatory authority.

If you want, tell me the scenario (e.g., “investment offer,” “supplier onboarding,” “job recruitment,” “lending/borrowing,” “property transaction”), and I’ll give you a tailored verification checklist and red-flag guide for that exact situation.