Verifying Registration of Lending Companies in Philippines

Verifying Registration of Lending Companies in the Philippines

A practical legal guide for consumers, compliance teams, and practitioners

1) Why verification matters

Unlicensed lenders expose borrowers to abusive pricing, illegal collection tactics, and zero recourse. Philippine law requires most non-bank lenders to be incorporated and licensed before they can “engage in the business of lending.” Verification is your first line of defense—both legally and financially.

2) The regulatory map (who regulates what)

  • Securities and Exchange Commission (SEC) Primary regulator of lending companies (under the Lending Company Regulation Act of 2007 or R.A. 9474) and financing companies (under R.A. 8556). Key concepts: corporate registration and a separate Certificate of Authority (CA) to operate.

  • Bangko Sentral ng Pilipinas (BSP) Regulates banks, quasi-banks, pawnshops, money service businesses, and certain digital banks/EMIs—not lending companies per se. If an entity claims to be a bank or pawnshop, you verify with the BSP, not the SEC.

  • Cooperative Development Authority (CDA) Regulates cooperatives. If a cooperative offers loans to members, it is not an SEC-licensed lending company.

  • National Privacy Commission (NPC) Oversees data privacy (R.A. 10173). Critical for online lending apps that access phone contacts, photos, SMS, etc.

  • Local Government Units (LGUs) & BIR Issue mayor’s/business permits and BIR Certificate of Registration (Form 2303). These are necessary but never sufficient; they do not substitute for an SEC Certificate of Authority.

  • Financial Consumer Protection Act (FCPA, R.A. 11765) Applies across financial service providers (including SEC-supervised lenders). It codifies standards for disclosure, fair treatment, complaint handling, and enforcement.

3) Lending company vs. financing company vs. others

  • Lending Company (R.A. 9474) Primarily extends loans using its own funds. Must be a corporation, not a sole proprietorship or partnership. Requires SEC registration and a Certificate of Authority (“CA as a Lending Company”).

  • Financing Company (R.A. 8556) Engages in financing of goods/services, consumer and business credit (e.g., installment plans, auto financing). Also requires SEC registration and CA as a Financing Company. Capital and other prudential requirements typically differ from those of lending companies.

  • Banks / Pawnshops / Cooperatives / Microfinance NGOs Different legal regimes and regulators. If an entity is any one of these, it doesn’t need an SEC lending CA—but it must hold the correct license from its proper regulator.

Practical tip: If a “lender” claims to be a sole proprietorship with only a DTI certificate and an LGU permit, that is not a compliant lending company under R.A. 9474.

4) The two documents that matter most

  1. SEC Certificate of Incorporation (or amended articles): proves corporate existence.
  2. SEC Certificate of Authority (CA) to Operate as a Lending Company (or as a Financing Company, as applicable).

Both must exist and match the exact legal name you’re dealing with. The CA is separate from the certificate of incorporation. No CA, no lending.

5) How to verify a lender (step-by-step)

A. On-paper due diligence (ask the company)

Request clear, readable copies of:

  • SEC Certificate of Incorporation and Articles/By-laws (or latest Amended Articles).
  • SEC Certificate of Authority (CA) showing it is as a Lending Company (or as a Financing Company, if that’s what they are).
  • Latest General Information Sheet (GIS) (to confirm officers, address).
  • Mayor’s/Business Permit (current year) and BIR Form 2303.
  • If online/app-based: details of each online lending platform (OLP) they operate (legal owner, app store listing name, publisher), privacy notice, and NPC registration/filings if applicable.

Match the details: legal name, trade/brand names, principal office address, and CA number across all documents. Watch for “doing business as” names that never appear in the SEC CA.

B. Cross-checks you (or counsel) can do without the lender

  • Confirm corporate identity: The exact corporate name, SEC registration no., and principal office must match what appears on the CA and GIS.
  • Check for revocations: SEC may revoke a CA for violations (e.g., failure to submit reports, unlawful collection practices).
  • Directors/Officers: Compare the signatories on contracts to the current GIS to verify authority.
  • OLP/App mapping: The app developer/publisher name in app stores should map back to the licensed corporate owner (or an authorized group entity). Mismatches are a red flag.

C. Red-flag sweep

  • Lending offered by a sole proprietorship or partnership.
  • No CA; only mayor’s permit/DTI/BIR papers.
  • Inconsistent names (invoice/receipt in a different corporate name).
  • Multiple app names not traceable to the licensed corporation.
  • Harassing or doxxing collection practices; scraping phone contacts without meaningful consent.
  • Hidden fees; blank or shifting schedules of charges.

6) Special issues for online lending platforms (apps/web)

  • Licensing still applies. Being “online only” doesn’t exempt a company from needing an SEC CA as a lending/financing company.

  • Platform registration/notification. The SEC has issued circulars addressing online lending platforms (OLPs)—covering disclosures, ownership, and conduct standards.

  • Data privacy:

    • Clear privacy notice and lawful basis for data processing.
    • No “contact-list scraping” or public shaming.
    • Data retention, security, and breach notification obligations under the Data Privacy Act.

  • Marketing and disclosures must be fair, accurate, and consistent with the lender’s authority and product terms (FCPA standards).

7) Pricing & fee legality (high-level)

  • The Usury Law ceilings are effectively suspended, but that does not mean “anything goes.”
  • The SEC has issued memorandum circulars imposing caps for certain small-value, short-term consumer loans by lending/financing companies and rules on penalties/fees.
  • Under the FCPA, total cost of credit, fees, and penalties must be clearly disclosed and not unfair or abusive.
  • Always ask for a sample amortization, full Schedule of Fees, and the Annual Percentage Rate (APR)/Effective Interest Rate (EIR) calculation.

Practice point: Because caps and technical definitions can change by circular, verify the current cap(s) and definitions applicable to loan size/tenor before you sign or release funds.

8) Collection practices—what’s allowed and what’s not

  • Harassment, threats, public shaming, and doxxing are prohibited.
  • Contacting persons in your phonebook who are not co-makers/refs and have not consented is generally unlawful under privacy and fair collection rules.
  • Borrowers retain rights to accurate account statements, fair dispute handling, and privacy.
  • Keep records of calls/messages. Improper conduct can be grounds for SEC enforcement and NPC action, and may also create civil or criminal exposure under other laws (e.g., cybercrime, libel).

9) Documentation you should see before transacting

  • Loan agreement with clear identity of the lender (exact corporate name).
  • Disclosure statement (principal, interest, fees, penalties, total cost of credit, APR/EIR).
  • Data privacy notice and consent form.
  • Receipt/invoice bearing the lender’s registered corporate name and TIN.
  • If secured: Chattel Mortgage/REM papers, insurance coverage (if any), and disclosure of add-on products.

10) Practical verification playbooks

A. Individual borrower (retail)

  1. Ask for copies of SEC Incorporation and SEC CA.
  2. Confirm the exact corporate name matches all paperwork and the app/website.
  3. Get the Schedule of Fees and APR/EIR in writing.
  4. Read the privacy policy; deny permissions that aren’t needed for underwriting/servicing.
  5. Keep copies/screenshots of all disclosures and chat/call logs.

B. Corporate procurement/commercial partner

  1. Obtain corporate records (Incorporation, CA, GIS, board resolutions).
  2. Run KYC on directors/officers/beneficial owners.
  3. Evaluate IT/security (esp. for OLPs), privacy compliance, and outsourcing.
  4. Contract for service-level, complaint handling, audit rights, and regulatory change clauses.
  5. Require warranties that the counterparty is and remains duly licensed, with termination triggers for loss of CA.

11) Common edge cases

  • Group structures: The app shows “BrandCo,” but the license is with “XYZ Lending Corp.” Ensure BrandCo is either the same entity, a registered business name of the licensed entity, or a properly disclosed affiliate/agent with authority—and that funds and contracts flow through the licensed entity.

  • Loan brokers/agents: Brokers don’t substitute for a lender’s CA. If a broker collects documents/fees, verify the principal lender and its CA, and ensure fees are disclosed and lawful.

  • Cooperative loans to non-members: Cooperatives typically lend to members; lending to the general public can cross into unauthorized lending territory.

  • Buy-Now-Pay-Later (BNPL)/merchant financing: Often structured via financing companies. Apply the same verification logic—company identity, CA, and disclosures.

12) Remedies and where to report

  • SEC (Enforcement and Investor Protection / Financing & Lending oversight): Unlicensed lending, misuse of corporate name, unlawful collection, undisclosed fees, OLP violations.

  • National Privacy Commission: Intrusive app permissions, contact-list scraping, unauthorized disclosure, data breaches.

  • BSP Consumer Protection: If the counterparty is actually a bank/pawnshop/MSB or a bank-linked digital lender.

  • LGU & BIR: Issues with permits/receipting (supplementary to licensing issues).

  • Courts / Small Claims: For monetary disputes (e.g., unlawful charges). Consider criminal or civil actions for harassment, threat, or defamation when facts warrant.

Documentation to attach: corporate papers you received, screenshots of app store pages, in-app permissions, chat/call logs, payment receipts, and your written requests for verification.

13) Quick checklists

Borrower’s 60-second checklist

  • Corporate name on contract = name on SEC CA
  • CA exists and is as a Lending/Financing Company
  • Full fees/APR/EIR disclosed in writing
  • Privacy permissions reasonable; no contact scraping
  • Receipts/invoices in the licensed corporation’s name

Compliance officer’s onboarding checklist

  • SEC Incorporation + CA (current and legible)
  • Latest GIS and IDs/board authority of signatories
  • App/website branding matches licensed entity
  • Privacy program (DPO, notices, NPC filings if required)
  • Complaint handling and collection policies aligned with FCPA and SEC circulars

14) FAQs

Q: Is a mayor’s permit enough? A: No. You still need an SEC Certificate of Authority. LGU permits don’t authorize lending by themselves.

Q: The lender says they’re a “DTI-registered business.” Is that okay? A: Not for lending companies. R.A. 9474 requires a corporation with an SEC CA.

Q: The app is “just a marketplace,” not a lender. A: If it facilitates lending or holds itself out as such, SEC rules on OLPs and fair marketing/disclosure can still apply. Always trace the licensed lender behind the app.

Q: Are high interest rates automatically illegal? A: The usury ceiling is suspended, but caps and fairness rules apply in certain loan categories; abusive or undisclosed pricing can trigger enforcement under SEC circulars and the FCPA.

15) Model clauses you can ask for (to protect yourself)

  • Licensing warranty: “Lender warrants it holds and will maintain a valid SEC Certificate of Authority as a [Lending/Financing] Company; loss, suspension, or revocation is a material breach.”
  • Change-in-law: “Fees/charges shall automatically adjust to comply with applicable SEC circulars and the FCPA; any excess charges will be refunded within 15 days.”
  • Data privacy: “No access to borrower contacts, photos, or content unrelated to underwriting/servicing; processing limited to specified purposes; no third-party disclosures without consent or lawful basis.”

16) Bottom line

To legally operate as a lender (outside of banks, pawnshops, and coops), an entity must be a corporation with SEC registration and a Certificate of Authority—and, for digital channels, comply with OLP and data privacy rules. Verification means matching names, checking the CA, confirming disclosures and privacy, and watching for collection-practice red flags. If anything doesn’t line up, don’t proceed and consider reporting it to the proper regulator.

Tip: Keep a one-page file for each lender: corporate identity, CA copy, fee schedule/APR, privacy notice, contact person. It turns a risky guess into a documented, defensible decision.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login