Identifying Illegal Online Lending Apps in the Philippines

Identifying Illegal Online Lending Apps in the Philippines

1. The landscape at a glance

Online lending platforms (OLPs) exploded in the Philippines after 2016, filling a real credit-access gap for the un- and under-banked. Unfortunately, many apps operate outside the law—either because they never secured a Certificate of Authority (CA) from the Securities and Exchange Commission (SEC) or because their collection and data-handling practices violate consumer-protection and privacy rules. Since 2019 the SEC, National Privacy Commission (NPC), Bangko Sentral ng Pilipinas (BSP) and even Google Play have tightened the noose on abusive players, issuing moratoria, blacklists and takedown orders.

2. Governing statutes & regulators

Pillar Key provisions Regulator(s) Relevance to OLPs
RA 9474 (2007) Lending Company Regulation Act Requires every lending company to be an SEC-registered stock corporation and to hold a CA before it can “grant loans from its own funds.” SEC Baseline licence—absence of a CA makes an app per se illegal.
RA 8556 (1998) Financing Company Act Parallel framework for financing companies that also run OLPs. SEC Same licensing logic as RA 9474.
SEC MC 18-2019 Lists unfair debt-collection practices (threats, profane language, public shaming, etc.). SEC Apps that engage in these acts can be shut down even if licensed.
SEC MC 19-2019 Obligates licensed lenders to declare and register every OLP they operate. SEC Unregistered apps of a licensed company = illegal platform.
SEC MC 10-2021 Moratorium on new OLP registrations after 2 Nov 2021; existing ones kept under close watch. SEC Any app launched after the cut-off, even by a licensed company, is automatically illegal.
RA 11765 (2022) Financial Products and Services Consumer Protection Act Criminalises abusive collection, false advertising and mis-selling; grants SEC, BSP & others joint enforcement powers. SEC / BSP / IC / CDA Additional penalties (₱50 k – ₱2 M fine + up to 2 yrs jail).
RA 10173 (2012) Data Privacy Act + NPC Circular 20-01 (2020) Bars apps from harvesting contacts, photos, GPS, etc. that are not strictly necessary for credit evaluation or KYC. NPC Data-privacy violations trigger takedown and criminal liability (up to ₱5 M + 3 yrs). citeturn7search0turn7search1
Google Play Developer Policy (2024) Requires every Philippine-focused loan app to display its SEC Registration No. & CA No. in the store listing and to prove compliance before publication. Google Acts as an extra filter; non-compliant APKs are removed.

3. When is an online lending app “illegal”?

  1. No SEC licence or CA – The company behind the app is either not in the SEC’s list of licensed lending/financing companies or it never filed the sworn OLP forms under MC 19-2019.
  2. Launched after 2 Nov 2021 – Violates the MC 10-2021 moratorium. Cashtrees Lending Corp. lost its licence on this ground alone in 2022.
  3. Engages in banned collection tactics – e.g., debt shaming, threats, obscene language or contacting people in the borrower’s phonebook. Even a duly licensed lender can have a single app shut down for these acts.
  4. Harvests excessive personal data – NPC found apps like JuanHand non-compliant for requesting camera and contact permissions beyond what Circular 20-01 allows. citeturn7search6
  5. Uses deceptive interest or fee disclosures – Violates RA 9474, the Truth-in-Lending Act (RA 3765) and RA 11765.
  6. Operates despite a cease-and-desist order (CDO) – SEC routinely publishes CDOs; continuing operations converts the violation into a criminal offence.

4. How to verify an app’s legality

Step What to do Why
A. Check SEC masterlists Go to sec.gov.ph → Lending & Financing → “List of Recorded Online Lending Platforms” or use the Check-With-SEC portal. Confirms both corporate licence and specific OLP registration.
B. Review the app store listing A legitimate Philippine loan app must plainly show: (i) Corporate name, (ii) SEC Registration No., (iii) CA No., (iv) interest, fees & tenor. Required by Google Play policy and SEC MC 19-2019.
C. Look for SEC/NPC Advisories Search “SEC advisory + [App Name]” and “NPC bulletin”. Active CDOs, revocations and privacy takedowns are posted here. citeturn5search8turn7search2
D. Permission audit On Android: Settings → App Info → Permissions. Red-flag: full contact list, photo gallery, audio recorder, GPS. Violates NPC Circular 20-01 if unnecessary for loan processing.
E. Interest-rate sanity check Rates above ~1%-1.5% per day (360-540% p.a.) are routinely declared “unconscionable” by Philippine courts and the SEC. Even without a statutory cap, extremely high rates invite enforcement.

5. Telltale red flags

  • No verifiable office address or landline
  • Pushy marketing via SMS or social media groups
  • Urgent “promo” to download an APK outside Google Play
  • Disclaimers like “no SEC registration required” or reference to being “foreign-registered”
  • Requests to upload live selfies plus access to contacts, files and GPS
  • Threats to sue for estafa while loan is only a few days overdue

6. Enforcement tools & penalties

Violation Who may act Sanctions
Operating without CA / post-moratorium OLP SEC Revocation, CDO, up to ₱1 M fine + ₱10 k/day, criminal: ₱100 k &/or ≤ 6 mos jail under RA 9474 §23.
Unfair collection SEC (MC 18-2019) Suspension or revocation of CA; fines; criminal complaint under RA 11765.
Privacy abuse NPC Stop-processing order, takedown from app stores, ₱500 k – ₱5 M fine, ≤ 3 yrs jail.
False advertising / mis-selling SEC, DTI, BSP Fines & cease-trade orders; liability under RA 11765 & Consumer Act.
Cyber-harassment threats PNP-ACG, NBI-CCD Charges under RA 10175 (Cybercrime) & Revised Penal Code.

7. Recent trends (2023 – Q1 2025)

  • Google removed another 33 unregistered apps in February 2023 at the SEC’s request.
  • Criminal cases filed – December 2022: SEC sued Suncash and Ucash for post-moratorium OLP launches.
  • Senate scrutiny (March 2025) – Lawmakers questioned why the SEC’s list still shows 181 OLPs despite the moratorium, signalling possible legislative tweaks or stricter audits this year.
  • NPC enforcement – 2024-2025 orders continue to target apps that ignore Circular 20-01’s data-minimisation rules; Google and NTC now coordinate on domain blocking. citeturn7search7

8. What consumers can do

  1. Verify first – 30 seconds on the SEC website can save months of harassment.
  2. Document everything – screenshots of chat threads, call logs, and the app’s Play-store page are vital in SEC/NPC complaints.
  3. Complain to the right office
    • Unlicensed / abusive collection: SEC – Corporate Governance & Finance Dept.
    • Privacy violations: NPC – Online Complaint Form
    • Cyber-threats: PNP-ACG hotline 0966-627-9722
  4. Refuse blanket permissions – Under NPC rules, you may legally deny an OLP access to your contacts and still be evaluated.
  5. Consider accredited alternatives – Legit digital lenders (e-wallet cash loans, buy-now-pay-later, bank mobile apps) are now plentiful and regulated by the BSP.

9. Take-aways

An illegal online lending app is ultimately easy to spot: no SEC credentials, launched after the 2021 moratorium, or breaking privacy/collection rules. The Philippines now has a well-layered legal armour—RA 9474, RA 11765, SEC MCs 18/19/10, and NPC Circular 20-01—to protect borrowers. Yet the first line of defence remains vigilant consumers who check licences before clicking Install and who assert their rights when lenders cross the line.

Stay informed, and share this guide—because financial inclusion should never come at the cost of harassment, data abuse or illegal interest.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login