Complaint Procedures Against Online Lending Scams in the Philippines

A comprehensive legal‑practice guide
(Updated as of 19 April 2025 | Philippine jurisdiction)

1. Why online‑lending scams thrive ‑ and why procedure matters

The mushrooming of “instant‑cash” mobile apps and social‑media lenders since 2017 has outpaced regulation. Many operate without a secondary licence from the Securities and Exchange Commission (SEC) or disguise themselves as “agent” or “service” platforms to escape direct supervision. Typical abuses include:

Phantom fees & usurious rates (often 30 % – 100 % for 7–14 day loans)
Harvesting phone contacts/photos and “shaming” borrowers through mass texts, threats, fake arrest warrants, edited nude pictures, etc.
Serial refinancing that snowballs the debt in violation of the Consumer Act and Civil Code provisions on unconscionable terms.

Complaints therefore cut across administrative, criminal, civil, consumer‑protection, cybercrime and data‑privacy regimes. Victims almost always have more than one remedy available; the key is filing in the right forum ― or parallel forums ― with complete evidence.

2. Governing laws & regulations (core list)

Instrument	Salient coverage	Penalties/Reliefs
R.A. 9474 (Lending Company Regulation Act, 2007) & its 2022 amendments under R.A. 11765 (Financial Products and Services Consumer Protection Act or FPSCPA)	SEC licence; cap on foreign ownership; disclosure of effective interest; unfair‑collection powers granted to SEC under FPSCPA	₱10 k–₱1 m fine + 6–10 yrs imprisonment; SEC cease‑and‑desist, suspension, revocation; restitution; administrative damages ≤ ₱2 m
SEC Memorandum Circulars (MC) 18‑19‑28, s. 2019; MC 34‑2020; MC 3‑2022; MC 2‑2023 (FPSCPA rules)	Specific to online or app‑based lending: registration moratorium, naming conventions (“LoanPeso”), 48‑hour take‑down orders to app stores, mandatory complaint desk & recording of collection calls	Fines up to ₱1 m per count; permanent app delisting
R.A. 10173 (Data Privacy Act, 2012)	Non‑consensual scraping of phonebook, exposure of selfies/IDs, “doxxing,” unlawful disclosure of sensitive personal data	₱500 k–₱5 m + 1–6 yrs imprisonment per act; NPC compliance orders, damages
R.A. 10175 (Cybercrime Prevention Act, 2012)	Computer‑related fraud, identity theft, libel, threats, voyeurism	Penalties one degree higher than analog crimes; data preservation orders; search & seizure of servers
Article 315, Revised Penal Code (Estafa) & Article 318 (Other deceits)	Fraudulent inducement to part with money/property; issuance of bouncing e‑wallet promises, forged contracts	Prisión correccional to prisión mayor; restitution
BSP ISR (2021) & BSP Circular 1161 s. 2023 on digital financial service providers	Banks/e‑money issuers’ in‑house or partner lending apps; requires internal Consumer Assistance Mechanism (CAM)	Monetary sanctions; suspension; mandatory reimbursement
Consumer Act (R.A. 7394) & Civil Code Art. 24, 1306, 1390, 1933‑1956	Unfair or unconscionable sales acts; nullity of contracts contrary to law, morals or public policy	Contract rescission; refund of interest; moral/exemplary damages

(Other relevant issuances: NTC MC x‑2020 on SMS spam; Google/Apple Developer Policies; Barangay Justice System Act for amicable settlement.)

3. Evidence first: what to gather before filing

Screenshots or screen‑recordings of:
- loan offer, repayment schedule, in‑app interest computation
- threats, harassment messages, calls (include caller ID)
Full copy of the APK or iOS build (download via APK extractor, preserve SHA‑256 hash).
Proof of payment (GCash, Maya, bank slip); audit trail or SMS/email confirmation.
Certification of business registration (or lack thereof) via SEC Express System print‑out.
Affidavit of Complaint (notarised or sworn via e‑notary) enumerating dates, acts, and violations.
Witness statements from relatives/friends who received shaming messages.
Copy‑certified police blotter if threats are violent.

Tip: Save files in non‑editable PDF/MP4; upload them with a secure cloud link when filing online.

4. Administrative complaint routes (quick‑action)

4.1 SEC Enforcement and Investor Protection Department (EIPD)

Step	Action	Notes & timelines
1	Fill out SEC Online Lending Complaint Form (EIPD‑OLC‑01) — available on SEC website or via email request	Include Google Play/App Store link; choose ‘Unregistered Lending’ or ‘Abusive Collection’
2	Email to financing@sec.gov.ph AND epd@sec.gov.ph* with subject “**Online Lending Scam Complaint – (App Name)”	Max attachments 20 MB; larger files via cloud URL
3	SEC evaluates within 10 calendar days; may issue Order to Explain to the operator	Complainant gets docket number via email
4	Operator given 3 days to answer; failure → Cease & Desist Order (CDO)	CDO copy furnished to app stores and NTC
5	Within 15 days, SEC may impose fines or begin criminal referral to DOJ	FPSCPA allows adjudication of money claims ≤ ₱2 m; decision appealable to SEC Commission En Banc then CA

4.2 National Privacy Commission (NPC)

File “Complaint for Unauthorized Processing & Malicious Disclosure” through the NPC e‑Complaint System within 15 days of knowledge of the violation (extendable for “reasonable cause”).
Attach Sworn Complaint‑Affidavit + proof that the corporate officer/ app developer can be identified (WHOIS, DTI certificate, SEC GIS, LinkedIn profile, etc.).
NPC will order Mediation, Summary Hearing or Formal Investigation; it can:
- levy administrative fines up to ₱5 m per infraction
- compel data‑deletion, issue Stop‑Processing Order, recommend criminal action.

4.3 Bangko Sentral ng Pilipinas (BSP) – for BSP‑Supervised FIs

File first with the bank’s Consumer Assistance Mechanism (CAM); the bank has 7 business days to reply.
If unsatisfied, elevate to BSP Consumer Protection and Market Conduct Office (CPMCO) via consumeraffairs@bsp.gov.ph.
BSP may require restitution, impose monetary penalties or suspend new loan disbursements.

5. Criminal prosecution path

Agency	Typical offenses lodged	How to file
PNP Anti‑Cybercrime Group (ACG) or NBI‑CCD	Estafa (Art. 315), Unlawful Means of Publication (Art 287), Cyber‑libel (RA 10175 §4(c)(4)), Identity Theft (RA 10175 §4(b)(3))	Bring affidavits + digital evidence on USB; booking at Camp Crame (PNP) or NBI‑Taft Ave.; investigators may apply for search‑seizure warrants for servers/phones
DOJ‑Office of Cybercrime	Same as above; issues Mutual Legal Assistance Treaty (MLAT) requests for offshore operators	Complaint‑Affidavit + annexes filed at Padre Faura or via e‑mail during e‑complaint pilot; DOJ investigates then files Information in RTC cyber‑courts
Barangay & City Prosecution	Grave threats, unjust vexation, falsification, light coercions	Initial barangay conciliation required if parties reside in same barangay and penalty ≤ 1 year; otherwise direct to Office of the Prosecutor

Statute of limitations:
Estafa – 10 years if fraud > ₱1.2 m; Data Privacy – 3 years; Cybercrime – 15 years. Clock is interrupted by the filing of the complaint with the proper office.

6. Civil & consumer remedies

Annulment or rescission of loan contract (Civil Code Arts. 1390, 1397) in RTC; seek declaration of nullity + restitution of interest.
Damages suit for moral, exemplary, and attorney’s fees based on harassment and privacy invasion.
Small Claims (A.M. 08‑8‑7‑SC as amended) for amounts ≤ ₱400 000 filed in the first‑level court; filing fee minimal, no lawyer required.
FPSCPA Adjudication before SEC or BSP for money claims up to ₱2 million with simplified rules of evidence; decision executory after 10 days unless appealed.
Class or representative suit under Rule 3 §12 of Rules of Court or New Class‑Action Rules (A.M. 21‑06‑01‑SC, 2024) if multiple users harmed by same app.

7. Alternative & ancillary actions

Take‑down request to Google Play or Apple App Store (Developer Program Rule 4.4, “Deceptive Financial Products”); send SEC CDO as supporting doc → app removed globally within 24 h.
NTC complaint – spam texts/calls; NTC issues stop‑use order or blocks numbers.
Local government closure – submit SEC CDO to city mayor’s BPLO; business permit can be revoked, premises padlocked.
Credit Bureau correction – If bad‑faith reporting to CIC or TransUnion, file dispute; bureau must reinvestigate within 30 days.

8. Practical timelines at a glance

Forum	Average time from filing to first agency action	Typical final disposition
SEC (administrative)	10–30 days to CDO; 3–6 months to final order	Fine, revocation, or referral to DOJ
NPC	15 days for prima‑facie evaluation; 3 months mediation; 6‑12 months decision	Compliance order + fines
BSP CAM + CPMCO	7 bd initial response; 30–60 days BSP directive	Refund, sanctions
PNP/NBI → Prosecutor	1–3 months investigation; 6 months to file Information	Criminal prosecution
Civil RTC	60 days pre‑trial; 1–3 years decision	Damages, nullity
FPSCPA adjudication	45 days resolution; 15 days appeal window	Award up to ₱2 m

9. Common mistakes — and how to avoid them

Pitfall	Why it hurts your case	Fix
Paying under duress before complaining	Appears as acquiescence, weakens estafa angle	Lodge complaint immediately, then deposit contested amount in court if needed
Deleting the app & messages	Loses chain of custody; screenshots alone can be challenged	Export phone backup first; sign an Evidence Integrity Affidavit
Sending “demand letters” via chat that admit the debt	Admissions against interest are binding	Stick to “Under protest and without prejudice” language
Filing with wrong regulator (e.g., DTI)	Causes dismissal for lack of jurisdiction	Use flow‑chart below or seek counsel
Missing 15‑day NPC deadline	Case summarily dismissed	Calendar deadlines; request extension citing force majeure

10. Flow‑chart: Where should you file?

Is the lender SEC‑licensed?
Yes → BSP/SEC FPSCPA adjudication & CAM → Police (if harassment)
No → SEC EIPD complaint → NPC (if privacy breach) → Police
Is there illegal data disclosure? → NPC parallel filing
Amount disputed ≤ ₱400 k? → Small Claims after CDO issued
Physical threats? → PNP blotter first, then cybercrime complaint

(You may file in multiple forums; proceedings are not mutually exclusive.)

11. Preventive tips for borrowers

Verify any lender in SEC’s List of Registered Lending & Financing Companies (updated quarterly).
Never grant “Contacts” permission unless the app is SEC‑licensed and you are comfortable with possible disclosure.
Calculate Effective Interest Rate (EIR); if > 54 % p.a. it is presumptively unconscionable (based on BSP Opinion No. 049‑2021).
Keep a single email address solely for loan apps to isolate spam.
Use e‑wallets with per‑transaction limits to avoid automatic debit of whole balance.

12. Key agency hotlines & links

SEC Enforcement and Investor Protection Department – (02) 8818‑6337 | https://sec.gov.ph (→ EIPD)
NPC Complaints & Investigation Division – (02) 8234‑2228 | ecomplaints@privacy.gov.ph
BSP Consumer Protection – (02) 8708‑7087 | consumeraffairs@bsp.gov.ph
PNP ACG 24/7 – 0998‑598‑8116 | acg@pnp.gov.ph
NBI Cybercrime Division – (02) 8523‑8231 local 3455

(Always call ahead; most offices now accept e‑filings and schedule face‑to‑face only for clarificatory hearings.)

13. Final remarks

The Philippine complaint architecture is deliberately multi‑layered: it lets regulators stop the abuse quickly (through SEC/NPC/BSP administrative orders) while preserving the victim’s right to pursue criminal accountability and civil damages. Proper sequencing ‑ evidence preservation → administrative filing → criminal or civil escalation ‑ maximizes leverage and often results in early settlement or debt condonation.

Disclaimer: This article is for informational purposes only and does not create an attorney‑client relationship nor constitute formal legal advice. For situations involving substantial amounts, cross‑border elements, or threats to life and safety, consult a qualified Philippine lawyer or public prosecutor.

Remember: swift, well‑documented action is the most effective antidote to online‑lending abuse. Use the procedures above as your road‑map, and don’t hesitate to enforce your rights.