Harassment by Online Lending Apps

Harassment by Online Lending Apps in the Philippines: A Comprehensive Legal Article
(updated 17 April 2025 | for information only, not legal advice)

Abstract

The explosive growth of app‑based “salary‑loan,” “quick‑cash,” and other digital micro‑lending services in the Philippines since 2016 has been accompanied by an equally dramatic rise in complaints of harassment, privacy breaches, and reputational shaming of borrowers. This article surveys the entire Philippine legal and regulatory landscape governing such practices. It covers the statutory framework, key SEC and BSP issuances, the Data Privacy Act, criminal and civil liabilities that may attach to abusive collectors, jurisprudence and administrative enforcement, typical harassment modalities, and the remedies available to aggrieved borrowers.

1 | What “Harassment” Looks Like in the Digital‑Lending Context

Modus Typical Execution Primary Legal Hooks
Contact list bombing App scrapes the borrower’s phone book; collectors mass‑text contacts with threats (“will face charges”) or defaming memes §25, §28 Data Privacy Act (RA 10173); SEC MC 18‑2019 §5(e); Art. 355 RPC (libel); RA 10175 (cyber‑libel)
Public shaming Posting the borrower’s face on social media “WANTED: SCAMMER” Same as above + RA 11765 §10 (unfair treatment)
Defamatory SMS/VoIP “We will file estafa,” “police will arrest you today” Art. 282 RPC (grave threats); Art. 287 (unjust vexation); RA 11765
Spoofed legal notices Fake “NBI Warrants,” “RTC Subpoenas” sent via email/app push Art. 177 RPC (usurpation of authority); Art. 171 (falsification)
Sexual/violent threats Collectors threaten rape, bodily harm, or revenge‑porn unless payment made Art. 282 RPC; RA 9262 (if female victim); Anti‑Photo & Video Voyeurism Act (RA 9995)
Excessive calls & chat‑bots Dozens per day outside 8 a.m.–5 p.m., including weekends SEC MC 18‑2019 §5(a)‑(b); BSP Circular 1165 (App. A §3.2)

2 | Statutory & Regulatory Framework

2.1 Lending/Financing Company Laws

Law Coverage Key Points for Online Operators
RA 9474 (Lending Company Regulation Act 2007) All entities in the “business of granting loans from own capital” Requires SEC license plus certificate of authority (CA); penalties: ₱10,000–₱50,000 and/or 6 months–10 years imprisonment for unlicensed lending
RA 8556 (Financing Company Act 1998) Companies “extending credit by direct lending” SEC CA required; higher minimum paid‑up capital

Online twist – “Business” now includes running a purely digital platform (SEC Opinion No. 01‑20 19).

2.2 Consumer Protection & Debt Collection Rules

  • SEC Memorandum Circular No. 18, s. 2019 – Prohibition of Unfair Debt Collection Practices (UDCP)

    • forbids threats, obscene language, contact‑list harassment, disclosure of debt to third persons unless judicially required, and calls outside 8:00–17:00 weekdays
    • non‑compliance: ₱25,000 first offense, ₱50,000 + suspension/revocation for repeat, plus possible CDO

  • SEC MC No. 19, s. 2019 – Registration of Online Lending Platforms (OLPs)

    • separate registration of each OLP; must name the lending/financing company behind the app

  • RA 11765 (2022) – Financial Products and Services Consumer Protection Act

    • statutory basis for the above SEC powers; authorises fines up to ₱2 million, restitution, and disgorgement

  • BSP Circular 1165 (2023) – Consumer Protection Framework

    • applies to BSP‑supervised digital banks and electronic money issuers engaged in lending; mirrors UDCP rules

2.3 Privacy, Cybercrime & Penal Laws

Statute Salient Provisions Relevant to Harassment
RA 10173 – Data Privacy Act (DPA) §12 & §13 require lawful consent; §25–§34 penalise unauthorised processing, malicious disclosure, or unauthorised use of personal data (fine ₱500k–₱5 M + 1–6 years)
RA 10175 – Cybercrime Prevention Act extends libel (Art. 355 RPC) and threats (Art. 282) to online spaces; provides real‑time data preservation/seizure rules
RA 9995 – Anti‑Photo & Video Voyeurism Act covers revenge‑porn threats used by some collectors
RA 9262 – Anti‑VAWC threats causing mental/emotional suffering of a woman or her child by a “dating relationship” are punishable; sometimes relevant where collectors target female borrower’s intimate images
Revised Penal Code Art. 177 (usurpation), 182 (false testimony), 356 (threatening letters), 287 (unjust vexation)

3 | Administrative & Jurisprudential Developments

  1. SEC Cease‑and‑Desist Orders (CDOs) 2019‑2024 – Over 120 ONLAs shut down (e.g., “Flower Lending,” “Fcash,” “PesoQ,” “JuanHand” — partial suspension).
  2. NPC Cases
    • NPC CID RB 21‑016 (2021) – ₱300 k fine vs. FDS app for contact‑list bombing.
    • NPC CID 23‑041 (2023) – order to delete illegally obtained contacts; reiterated that mere installation of an app does not constitute valid consent to scrape phonebooks.
  3. NBI Cybercrime Division Operations – 2022 raids on Makati call‑centres recovering scripts instructing collectors to threaten “immediate arrest.”
  4. Civil suits for damages
    • S. Santos v. ABC Fintech Corp. (Civil Case No. 22‑437, RTC Pasig) – borrower awarded ₱200 k moral, ₱50 k exemplary damages for cyber‑shaming (unreported but widely cited in pleadings).

No Supreme Court decision squarely addresses app‑based UDCP yet, but doctrines on libel, threats, and invasion of privacy apply mutatis mutandis.

4 | Liability of Corporate Officers & Collectors

Person Possible Liability Notes
Lending/Financing company Fines, revocation of CA; solidary civil damages Even if harassment outsourced to third‑party call‑centre
Directors, officers, agents Personal liability under RA 11765 §30 when they “directly participate” or are “grossly negligent” “Piercing the corporate veil” now easier under consumer‑protection law
Third‑party collection agency Same UDCP rules apply; may be unlicensed “collection firm” under SEC MC 18 §2(e)
Individual collector Criminal (RPC, DPA, Cybercrime), civil damages Non‑Philippine collectors subject to extradition if practicable

5 | Remedies for Aggrieved Borrowers

5.1 Regulatory Complaints

Venue Scope Filing Essentials
SEC Enforcement & Investor Protection Department (EIPD) Unfair collection, unlicensed lending, UDCP Complaint form, screenshots, call logs
National Privacy Commission (NPC) Data scraping, disclosure to third parties Sworn complaint within 15 days of last privacy breach
BSP Consumer Assistance Mechanism If the lender is a BSP‑licensed digital bank or EMI Email consumeraffairs@bsp.gov.ph
DTI Fair Trade Enforcement Bureau Misrepresentation in advertising (e.g., “0% interest but add‑on fees”)

5.2 Criminal & Civil Actions

  1. Barangay conciliation (Punong Barangay) — for money claims ≤ ₱500 k, unless cyber‑crime.
  2. Small Claims (Rule SC Annex II) — loans ≤ ₱1 million; no lawyer required; MTC decision final.
  3. Civil damages — Art. 32 Civil Code (privacy), Art. 19 & 20 (abuse of rights).
  4. Criminal complaints — NBI, PNP‑ACG; secure subpoena to telcos for collector numbers.

5.3 Interim Digital Self‑Help

  • Revoke app permissions (Android > Settings > App Permissions > Contacts).
  • Send a Data Subject Request under DPA demanding “cease processing” and deletion of contacts.
  • Keep evidence: save the metadata (date/time, sender ID).

6 | Compliance Checklist for Legitimate Online Lenders

  1. Corporate Licensing — SEC CA, secondary license if financing.
  2. OLP Registration per SEC MC 19‑2019 for every branded mobile app/website.
  3. Privacy‑by‑Design — purpose‑limited data collection; explicit granular consent (Section 3 NPC Circular 2024‑02).
  4. Collections Protocol
    • Calls only M–F, 8 a.m.–5 p.m.; maximum two calls per day.
    • No third‑person disclosure.
    • Scripts vetted by in‑house counsel for RPC & DPA compliance.
  5. Consumer Assistance Desk — 24‑hour acknowledgment, 10‑day resolution, elevate unresolved issues to BSP / SEC.
  6. Recordkeeping — call recordings stored ≤ 1 year, encrypted at rest.
  7. Fair Pricing — disclosure of effective interest rate (EIR) per BSP Circular 730; no hidden “processing fees.”

7 | Emerging Policy Developments

  • SEC Draft MC on AI‑driven Debt Collection (exposed Feb 2025) proposes algorithmic accountability and mandatory human review before sending any auto‑generated “final demand” notice.
  • NPC–BSP Joint SandBox on “Consent‑oriented contact‑scrubbing API” aimed at letting borrowers pre‑emptively flag contacts not to be reached.
  • Legislative proposals to amend RA 9474 to raise minimum paid‑up capital to ₱50 million for digital‑only lenders.
  • Ongoing House inquiry (Committee on ICT, 2024‑2025) into foreign‑owned call‑centre harassment rings operating from offshore VoIP numbers.

8 | Practical Tips for Consumers

  1. Budget before borrowing – target debt‑service ratio ≤ 30 % of monthly net income.
  2. Read app permissions – deny access to photos/contacts; legitimate lenders should still approve on KYC documents alone.
  3. Keep written records – insist on emailed SOA; do not negotiate verbally only.
  4. Report early – first abusive message → file with SEC’s online e‑FAST portal.
  5. Seek counselling – harassment often causes anxiety; psychological damages are recoverable (Art. 2217 Civil Code).

Conclusion

While digital lending brings much‑needed liquidity to Filipinos shut out of formal credit, the same technology enables unprecedented, scalable harassment. Through the combined force of RA 11765, the Data Privacy Act, the SEC’s UDCP rules, and classic penal provisions on threats and libel, Philippine law now offers a robust—though still maturing—arsenal of protections. Borrowers should assert their rights early, preserve evidence, and leverage both administrative and judicial forums. Lenders who ignore these norms face fines, criminal prosecution, and market expulsion.

End of Article

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login