Verifying Legitimate Lending Companies in Philippines

Verifying Legitimate Lending Companies in the Philippines

A practitioner’s guide for consumers, in-house counsel, and compliance teams

1) Why verification matters

Lending is a regulated activity in the Philippines. Verifying that a counterparty is duly authorized—and that its conduct complies with law—protects you from void or abusive transactions, data-privacy risks, criminal exposure (e.g., to anti-harassment or cybercrime complaints), and downstream enforcement issues. This article lays out the Philippine legal framework, the documentary and technical checks you should perform, red flags to avoid, and practical remedies if things go wrong.

2) The regulatory map

Primary regulators and laws

  • Securities and Exchange Commission (SEC) – Registers corporations and authorizes Lending Companies (LCs) and Financing Companies (FCs).

    • Lending Company Regulation Act of 2007 (Republic Act No. 9474) and its IRR: LCs must be corporations with paid-in capital of at least ₱1,000,000, and must secure an SEC Certificate of Authority (CA) before operating.
    • Financing Company Act (Republic Act No. 8556): Parallel regime for FCs (e.g., installment financing, factoring, leasing). FCs also need an SEC CA.

  • Financial Products and Services Consumer Protection Act (Republic Act No. 11765) – Cross-sector consumer protection, enforced by the financial regulators (including the SEC). Covers disclosure, fair treatment, and redress.

  • Truth in Lending Act (Republic Act No. 3765) – Requires clear disclosure of the true cost of credit (total finance charge, effective interest).

  • Data Privacy Act of 2012 (Republic Act No. 10173) – Requires lawful, transparent processing of personal data; limits data collection (e.g., access to contacts, photos) and governs retention, breach notification, and data subject rights.

  • Anti-Money Laundering Act (AMLA, R.A. 9160, as amended) – Financing and lending companies are generally covered persons and must perform KYC, maintain records, and file CTR/STR via AMLC rules.

  • Civil Code & Revised Penal Code – Harassment, unjust vexation, grave threats, and defamation may attach to abusive collection tactics.

  • Local Government Code, Tax Code – Mayor’s/business permits and BIR registration are still required.

Interest and fees. The Usury Law ceilings are effectively suspended (no general statutory cap), but special caps and conduct rules may apply to particular products (e.g., credit cards under BSP rules) and abusive or unconscionable charges can be struck down under consumer-protection and civil-law principles. Always assess effective rates, not just nominal ones.

Online lending platforms (OLPs). LCs/FCs offering loans through mobile apps or websites must ensure the platform itself is registered/declared with the SEC (via applicable memoranda) and that their digital collection, disclosures, and privacy practices comply with SEC/NPC rules. Unregistered OLPs and “loan-shaming” practices have been the subject of SEC enforcement.

3) What a legitimate lender looks like (minimum hallmarks)

  1. Corporate status: A Philippine stock corporation (not a sole proprietorship/partnership for LCs), with articles/bylaws and an SEC Certificate of Incorporation in good standing.
  2. Certificate of Authority (CA): An SEC CA to Operate as a Lending Company or as a Financing Company (distinct from the certificate of incorporation).
  3. Permits and tax: BIR registration (Form 2303), Mayor’s/Business Permit for the current year, and official receipts.
  4. Registered principal office: A verifiable business address (not “care of” a co-working mailbox only).
  5. Data-privacy compliance: Privacy notice, lawful purposes, limited data collection; NPC registration/DPO designation if applicable.
  6. AMLA compliance: Documented KYC/Customer Acceptance procedures, beneficial-owner identification for corporate borrowers, and recordkeeping.
  7. Fair-collection policies: Written policies aligned with SEC rules prohibiting harassment, public shaming, or contacting a borrower’s phonebook.
  8. Clear disclosures: Loan contract and Key Facts Statement (or equivalent) stating total finance charge, fees, default interest, repayment schedule, and penalties in plain language.
  9. Complaints channel: A working consumer-assistance email/phone and escalation mechanism; logs retained under RA 11765.

4) A step-by-step verification checklist

Use this sequence for both consumer and enterprise due diligence. Keep dated screenshots/copies for your file.

A. Corporate authority

  • Obtain the exact legal name and SEC Registration Number.
  • Ask for a copy of the SEC Certificate of Incorporation, Articles/Bylaws, and—crucially—the SEC Certificate of Authority as Lending Company or Financing Company.
  • Confirm trade names/DBAs used in advertising match the corporate entity. Many scams use a different “brand” name than the SEC-registered name.

B. Licensing scope & channel

  • If loans are granted via app/website, request proof of SEC registration/notification of the Online Lending Platform tied to that entity.
  • Check whether any outsourced service providers (collection, KYC, servicing) are disclosed and under written agreements.

C. Business existence

  • Ask for the current Mayor’s/Business Permit, BIR Certificate of Registration, and sample official receipt or OR series.
  • Verify the principal office exists (video call walkthrough, courierable address, or in-person visit for high-value lines).

D. Data privacy

  • Review the Privacy Notice and Consent Form. Red flags include:

    • Requiring access to contacts, photos, SMS, or microphone unrelated to loan provision.
    • Blanket consent to share data with “partners/affiliates” without purpose limits.
    • No Data Protection Officer contact or process for access/correction/erasure.

  • For corporate borrowers: confirm the lender’s data-processing agreements with processors (e.g., credit scoring vendors) and cross-border transfer safeguards.

E. AML/KYC

  • Ask for Customer Identification Program summaries and specimen KYC forms.
  • Confirm beneficial ownership disclosure requirements and PEP/sanctions screening tools in use.
  • For large facilities: request evidence of AMLC registration and training records.

F. Product terms & disclosures

  • Obtain a draft loan contract and Key Facts/Disclosure Statement showing:

    • Principal, tenor, all fees and total finance charge;
    • Effective interest rate or APR-style computation;
    • Repayment schedule;
    • Default/penalty interest, prepayment and late-payment policies;
    • Security (if any), cross-default, and set-off clauses;
    • Cooling-off or cancellation windows (if offered).

  • Ensure pre-contract disclosures are provided before you are bound (Truth in Lending compliance).

G. Collection practices

  • Ask for the Collections Policy. It should:

    • Prohibit threats, profanity, public shaming, and contacting third parties not named as co-makers/guarantors.
    • Limit call times to reasonable hours, document call attempts, and provide hardship/repayment plans.
    • Route disputes to a formal complaints channel.

H. Financial soundness (for business counterparties)

  • Request recent audited financial statements, NPL metrics (if available), and funding sources.
  • For warehouse-funded lenders, review assignment/participation mechanics and servicing continuity provisions.

5) Red flags—walk away if you see these

  • No SEC Certificate of Authority (they show only the incorporation certificate).
  • Different app/website name from the SEC entity, and they refuse to link them.
  • Loan-shaming tactics: threatening to post photos, message contacts, or create group chats to coerce payment.
  • Upfront “processing” or “insurance” fees demanded before any contract is provided.
  • Inability to issue BIR-registered Official Receipts.
  • Insistence on accessing your phone’s contacts, gallery, or GPS as a condition for approval.
  • Pressure to sign immediately; refusal to provide a Disclosure Statement with the total cost of credit.

6) Special topics

A. Corporate vs. individual lenders

  • Lending Companies must be corporations with a CA. Individuals who regularly engage in lending without a CA risk administrative/criminal liability. (Occasional private loans between individuals are not “lending company” activity, but consumer laws and civil/penal statutes still apply.)

B. Interest, fees, and “no-cap” misconceptions

  • While general usury ceilings are suspended, lenders remain constrained by:

    • Mandatory disclosure (R.A. 3765);
    • Unconscionability doctrines (Civil Code);
    • Sector-specific caps (e.g., credit cards) and SEC consumer-protection powers;
    • Prohibitions on unfair debt collection and deceptive marketing.

  • Always compute the effective rate including all non-interest charges.

C. Digital lending apps

  • Legitimate apps will:

    • Identify the SEC-authorized entity prominently;
    • Ask only for necessary permissions (e.g., ID capture, liveness check);
    • Provide in-app disclosures and downloadable contracts;
    • Offer a working help/complaints path and data-deletion process.

  • Sideloaded APKs, social-media DMs offering loans, or payment to personal e-wallets are classic fraud vectors.

D. Collections and borrower dignity

  • The SEC prohibits harassment, threats, and contacting non-authorized third parties.
  • Borrowers can keep call logs/screenshots/voicemails; these support complaints for regulatory action and potential criminal cases (grave threats, unjust vexation, libel).

E. MSME and secured lending

  • If collateral is involved, confirm the lender’s ability to perfect security (e.g., Chattel Mortgage registration, or Personal Property Security Act filings under the PPSA e-registry) and to release encumbrances upon full payment.

7) Practical playbooks

A. Consumer borrower—10-minute pre-signing routine

  1. Ask for the SEC CA and company legal name; match with the app/website/contract name.
  2. Read the Key Facts/Disclosure Statement; compute your all-in cost.
  3. Check the repayment channel (official corporate bank account/biller, not a personal wallet).
  4. Read the Privacy Notice; refuse unnecessary phone permissions.
  5. Screenshot everything; keep copies of IDs submitted and terms shown.

B. Corporate borrower/in-house counsel—DD pack to request

  • SEC CA, Incorporation docs, GIS (latest), Board resolutions authorizing signatories.
  • Permits (Mayor’s, BIR), audited FS/latest management accounts.
  • Compliance manuals: AML/KYC, Privacy, Collections, Complaints Handling.
  • Standard form loan agreement + Disclosure Statement; sample OR.
  • OLP registration proof (if digital).
  • Insurance or credit-life arrangements (if any), including cost pass-through details.

C. Contract clauses to insist on

  • Clear fee schedule; cap on default interest/penalties; no unilateral variation without notice.
  • Data-privacy warranties; no contact-harvesting; deletion on demand when lawful.
  • Fair-collection covenant; breach = event of default in your favor.
  • Regulatory compliance warranty (valid SEC CA; OLP properly registered).
  • Receipts and SOA issuance obligations.

8) Where to complain or verify (no links—just who does what)

  • SEC (Enforcement & Investor Protection / Corporate Governance & Finance) – Verify SEC Certificates; complain about unregistered/abusive lenders and OLP violations.
  • National Privacy Commission (NPC) – Complain about data misuse, excessive app permissions, or breaches.
  • Bangko Sentral ng Pilipinas (BSP) – If the entity is a bank/quasi-bank or a credit-card issuer, route complaints here.
  • Anti-Money Laundering Council (AMLC) – Report suspicious transactions or non-compliant AML practices.
  • DTI/Fair Trade – Deceptive marketing or sales practices by non-SEC-supervised players.
  • NBI/PNP-ACG – Harassment, doxxing, grave threats, cyber libel, or extortion.

9) Documentation you should receive (and keep)

  • SEC Certificate of Authority (LC/FC) and Certificate of Incorporation
  • Disclosure Statement / Key Facts (true cost of credit)
  • Loan Agreement (signed), Amortization Schedule, and Payment Instructions
  • Official Receipts for every payment and Statement of Account on request
  • Privacy Notice/Consent Form and Data-Subject Rights procedure
  • Collection Policy summary or borrower Code of Conduct

10) Frequently asked practical questions

Q: The lender is registered as a corporation but has no CA. Is that okay? A: No. Operating a lending/financing business without an SEC Certificate of Authority is illegal.

Q: The app asks for my phone contacts to “assess credit risk.” Legit? A: This is generally not necessary and risks violating data-minimization principles. Treat as a red flag.

Q: Are extremely high rates automatically illegal? A: Not automatically—general usury ceilings are suspended—but undisclosed or deceptive charges, or unconscionable terms, can be struck down. Some products have special caps. When in doubt, seek counsel.

Q: Can they message my employer or relatives about my debt? A: Not unless they are authorized parties (e.g., co-makers/guarantors) or you explicitly consented. The SEC prohibits harassment and “loan-shaming.”

11) A concise, reusable verification template

For individuals:

  • ☐ SEC CA (copy) matches brand/app name
  • ☐ Full disclosure of total finance charge and all fees
  • ☐ Reasonable privacy permissions; DPO contact shown
  • ☐ Receipts and official payment channels verified
  • ☐ Collections policy reviewed; no third-party contact allowed

For companies:

  • ☐ SEC CA + GIS + Board resolution of signatories
  • ☐ AML/KYC & Privacy policies furnished
  • ☐ OLP registration (if app/web)
  • ☐ Financials and funding sources (if material exposure)
  • ☐ Security perfection path (PPSA/Chattel) if applicable

12) Final caution

Fraudsters often wave around generic SEC certificates or borrowed business permits. The document that truly matters for lenders/financiers is the SEC Certificate of Authority—and that the entity using the brand/app is the same entity named on the CA. Pair that with sound privacy, AML, disclosure, and collection-conduct checks, and you will avoid the vast majority of illicit operators.

This article is for general information only and is not legal advice. For high-value or sensitive transactions, consult Philippine counsel experienced in financial-services regulation and fintech.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login