LabanPH

SEC Memorandum Circular No. 18 (2019)Prohibition on Unfair Debt Collection Practices of Financing and Lending Companies

Issued by the Philippine Securities and Exchange Commission on 11 September 2019. SEC MC 18 prohibits financing companies, lending companies, and their third-party service providers from using unfair, deceptive, or abusive practices in debt collection โ€” including contacting persons in a borrower's phone contacts (other than guarantors or immediate family), public shaming, and after-hours calls.

๐Ÿ“„ Official PDF โ€” SEC MC 18, Series of 2019

Direct from sec.gov.ph. Save a copy โ€” regulators may move or rename the URL.

Download PDF โ†’

Full Text โ€” Section 1 (Prohibited Acts)

Official text of SEC Memorandum Circular No. 18, Series of 2019, Section 1. Reproduced for reference; see the official PDF above for the complete circular including definitions, penalties, and effectivity.

Section 1. Unfair Debt Collection Practices. It shall be considered as deceptive, unfair, or abusive act or practice in connection with the collection of receivables for a Financing Company (FC), a Lending Company (LC), or any of its third-party service providers, to engage in any of the following conduct:

  1. The use or threat of violence or other criminal means to harm the physical person, reputation, or property of any person;
  2. The use of obscenities, insults, or profane language which amount to a criminal act or offense under applicable laws, or which tend to humiliate, debase, or shame the borrower;
  3. Disclosure of the names of debtors who allegedly refuse to pay debts, except as allowed under Section 7 of the Implementing Rules and Regulations of Republic Act No. 9510 (Credit Information System Act);
  4. Threats to publish, or actual publication of, the names of debtors who allegedly refuse to pay debts;
  5. Threat to take any action that cannot legally be taken;
  6. Communicating or threatening to communicate to any person credit information which is known or which should be known to be false, including failure to communicate that a debt is being disputed;
  7. Any false representation or deceptive means to collect or attempt to collect any debt or to obtain information concerning a borrower; and
  8. Making contact at unreasonable times or hours which shall be defined as contact before 6:00 A.M. or after 10:00 P.M., unless the account is past due for more than sixty (60) days or the borrower has given express permission or said times are the only reasonable or convenient opportunities for contact.

Read alongside SEC Memorandum Circular No. 19, Series of 2019 (Implementing Rules) and the Data Privacy Act of 2012 (RA 10173). Apps that programmatically access a user's full contact list, SMS, or call log on install โ€” and use that data to contact third parties during collection โ€” violate both MC 18 (debt collection conduct) and RA 10173 (data-side lawful basis).

The audit below cross-references this rule against publicly-declared Android permissions of major Philippine lending apps. The presence of a permission in a Play Store listing means the app has the right to use it โ€” direct, public, cite-able evidence of an apparent MC 18 violation. Last updated June 14, 2026.

7

Apps audited

6

With MC 18 violations

10

Total violations

Per-app findings

Tala Philippines

com.inventureaccess.safarirahisi

โš ๏ธ 4 MC 18 violationsFull report โ†’
โ€ข
"find accounts on the device"โ€” Listing accounts (which act as contact-list proxies)
โ€ข
"find accounts on the device"โ€” Listing accounts (which act as contact-list proxies)
โ€ข
"read your text messages (SMS or MMS)"โ€” Reading SMS/MMS
โ€ข
"receive text messages (SMS)"โ€” Intercepting incoming SMS

Cebuana Lhuillier

com.clrb.eCebuana2

โš ๏ธ 2 MC 18 violationsFull report โ†’
โ€ข
"modify your contacts"โ€” Modifying contacts
โ€ข
"read your contacts"โ€” Reading user's contact list

Cashalo

com.oriente.cashalo

โš ๏ธ 1 MC 18 violationFull report โ†’
โ€ข
"read your text messages (SMS or MMS)"โ€” Reading SMS/MMS

JuanHand

com.juanhand.fast.cash.peso.loan.app

โš ๏ธ 1 MC 18 violationFull report โ†’
โ€ข
"read your text messages (SMS or MMS)"โ€” Reading SMS/MMS

Atome Philippines

ph.atome.paylater

โš ๏ธ 1 MC 18 violationFull report โ†’
โ€ข
"read your text messages (SMS or MMS)"โ€” Reading SMS/MMS

M Lhuillier Financial Services

com.mlhuillier.mlwallet

โš ๏ธ 1 MC 18 violationFull report โ†’
โ€ข
"read your contacts"โ€” Reading user's contact list

Digido

com.finsmartsloan.dmentoring

โœ“ CleanFull report โ†’

Methodology

  1. For each lending app available on Google Play Philippines, fetch the publicly-listed permissions via the standard Play Store metadata endpoint.
  2. Match each declared permission against keywords explicitly tied to MC 18 prohibitions (read contacts, modify contacts, read SMS, receive SMS, send SMS, read call log, write call log).
  3. List each match with the exact Play Store wording, the permission group, and a short description.
  4. Refresh weekly via automated cron. Apps may add or remove permissions over time; this report reflects the most recent snapshot.

This audit is informational and limited to declared permissions. It is not a legal determination of violation. SEC, NPC, and DTI are the agencies with statutory authority to determine MC 18 compliance. If you believe a lending app has misused the data they collected, file a complaint with the SEC Corporate Affairs Department or the National Privacy Commission.

Frequently Asked Questions

Where can I download the official SEC MC 18 (2019) PDF?

The official PDF of SEC Memorandum Circular No. 18, Series of 2019 (Prohibition on Unfair Debt Collection Practices) is published on sec.gov.ph โ€” use the download button at the top of this page. If that direct link ever moves, the circular is also reachable from the SEC's MC-2019 issuances index. Section 1, the eight prohibited acts, is reproduced in full text on this page.

What are the prohibited acts under SEC MC 18?

Section 1 lists eight unfair debt-collection practices: (a) violence or threats of harm; (b) obscene, insulting, or shaming language; (c) disclosing names of debtors who allegedly refuse to pay; (d) threatening to publish such names; (e) threatening action that cannot legally be taken; (f) false credit-information representations; (g) any false or deceptive means to collect; and (h) contact at unreasonable hours โ€” before 6:00 AM or after 10:00 PM โ€” unless the account is over 60 days past due or the borrower consented.

Can a lending app access my phone contacts under SEC MC 18?

Contacting people in a borrower's phone contacts โ€” other than a named guarantor or co-maker โ€” to collect a debt is an unfair practice under SEC MC 18, and harvesting the full contact list can also breach the Data Privacy Act of 2012 (RA 10173). Apps that declare read-contacts, read-SMS, or read-call-log permissions to enable this are flagged in the per-app audit below.

Is SEC MC 18 still in effect in 2026?

Yes. SEC Memorandum Circular No. 18, Series of 2019 remains in force and is actively enforced by the SEC against financing companies, lending companies, and their third-party collection agents. It is read together with its Implementing Rules (MC 19, Series of 2019) and the SEC's lending- and financing-company regulations.

Affected by debt-shaming or contact-list harassment?

File an NPC + SEC complaint citing this app's declared permissions as evidence. We help you generate the formal letter for both agencies in under 5 minutes.

๐Ÿ’ฌ