Executive Summary

Non-Bank Financial Institutions, or NBFIs, play an important role in the Philippine financial system. They provide financial services such as lending, financing, leasing, pawnshop services, remittance, money service business operations, investment services, quasi-banking, trust operations, and other financial activities without operating as full commercial banks.

Because NBFIs handle money, credit, customer information, financial transactions, and public trust, they are subject to regulation. Depending on the type of NBFI, the regulator may be the Bangko Sentral ng Pilipinas, the Securities and Exchange Commission, the Insurance Commission, the Cooperative Development Authority, or other government agencies.

For business owners, directors, compliance officers, accountants, and investors, the most important point is this: an NBFI is not an ordinary business. It must comply with licensing rules, capitalization requirements, corporate governance standards, anti-money laundering obligations, consumer protection rules, reportorial filings, data privacy requirements, tax compliance, and ongoing regulatory supervision.

This guide explains the key regulatory requirements for NBFIs in the Philippines in clear and practical language.

What Is a Non-Bank Financial Institution?

A Non-Bank Financial Institution is a financial entity that provides financial products or services but is not licensed as a bank.

NBFIs may include financing companies, lending companies, pawnshops, money service businesses, remittance agents, investment houses, securities brokers, non-stock savings and loan associations, quasi-banks, trust corporations, payment service providers, and other financial service providers.

Not all NBFIs are regulated in the same way.

Some are supervised by the BSP. Some are regulated primarily by the SEC. Some may need registration or licensing from multiple agencies depending on their activities.

This is why the first step in NBFI compliance is classification. A company must know exactly what financial activity it will perform before identifying the correct license, regulator, and compliance framework.

Why NBFI Regulation Matters

NBFIs deal with financial risk.

They may lend money, collect payments, process remittances, hold customer information, handle collateral, manage funds, or facilitate financial transactions.

Because of this, regulators require NBFIs to operate with transparency, adequate capital, proper governance, fair customer treatment, sound risk management, and strong internal controls.

Regulation protects the public.

It also protects the business.

A properly licensed and compliant NBFI is more credible to customers, banks, investors, payment partners, regulators, auditors, and business counterparties. A non-compliant NBFI may face penalties, license suspension, revocation, cease-and-desist orders, customer complaints, AML investigations, tax assessments, and reputational damage.

Step-by-Step Guide to NBFI Compliance

Step 1: Identify the correct type of NBFI

Before applying for registration, the business must identify its exact financial activity.

A company that grants loans from its own capital may be treated differently from a financing company that offers leasing, factoring, or installment financing. A remittance business may need a different license from a pawnshop. A company that performs quasi-banking or trust functions may fall under stricter BSP rules.

This classification matters because each type of NBFI has different capitalization, licensing, reportorial, governance, and compliance requirements.

The safest approach is to define the business model first, then match it with the proper regulatory category.

Step 2: Register the legal entity properly

Most NBFIs must first register as a legal entity before applying for a secondary license or authority to operate.

For corporations, registration is usually done with the Securities and Exchange Commission. The Articles of Incorporation must state the proper corporate purpose. If the purpose clause is vague, incomplete, or inconsistent with the intended regulated activity, the licensing application may be delayed or questioned.

For regulated financial businesses, SEC incorporation alone is usually not enough. The company may still need a separate authority, certificate, accreditation, or registration before it can legally operate.

This is a common mistake. Many founders believe that once a corporation is registered, it can already begin financial operations. For NBFIs, that assumption can be risky.

Step 3: Secure the required license or authority to operate

Each NBFI must determine which regulator has authority over its business.

For example, lending companies and financing companies generally require SEC authority. Pawnshops, money service businesses, certain payment system participants, quasi-banks, non-stock savings and loan associations, and trust-related NBFIs may fall under BSP supervision depending on their activities.

Some entities may need to register with one agency and comply with another.

A financial business may be SEC-registered as a corporation but BSP-supervised for its financial activity. It may also be required to register with the Anti-Money Laundering Council as a covered person.

The company should not launch operations until the proper licenses and registrations are secured.

Step 4: Meet capitalization and ownership requirements

Regulated financial businesses are often subject to minimum capital requirements.

Capitalization rules help ensure that the institution has enough financial capacity to support operations, absorb risk, protect customers, and comply with regulatory expectations.

Ownership rules may also apply.

Some NBFIs may be subject to nationality restrictions, fit-and-proper standards for directors and officers, beneficial ownership disclosure, or restrictions involving foreign equity.

A strong compliance review should examine not only the amount of capital but also the source of funds, shareholder structure, beneficial owners, and suitability of directors and officers.

Step 5: Establish corporate governance controls

NBFIs need clear governance structures.

This means having qualified directors, responsible officers, written policies, board approvals, internal controls, audit functions, risk management procedures, compliance monitoring, and proper records of corporate decisions.

Good governance is especially important because financial institutions handle public trust. Regulators expect responsible decision-making, accurate records, transparent ownership, and effective oversight.

A company should clearly identify who approves transactions, who handles compliance, who reviews customer complaints, who monitors AML obligations, and who reports to regulators.

Step 6: Register and comply with AML requirements

Many NBFIs are covered persons under anti-money laundering and counter-terrorism financing rules.

This means they may be required to register with the AMLC, conduct customer due diligence, verify customer identity, keep transaction records, monitor suspicious activity, report covered and suspicious transactions where applicable, train personnel, and maintain an internal AML program.

AML compliance is not optional for covered institutions. It should be built into the company’s operations from the beginning.

For example, a lending or financing company should know its borrowers, verify identities, monitor unusual transactions, and maintain records. A money service business should have stronger controls because it handles fund transfers.

Failure to comply with AML rules can result in serious regulatory consequences.

Step 7: Comply with consumer protection standards

NBFIs must treat customers fairly.

Consumer protection requirements may include clear disclosures, transparent pricing, fair collection practices, proper complaints handling, privacy protection, responsible marketing, and accurate information about fees, rates, penalties, and obligations.

This is especially important for lenders, financing companies, pawnshops, remittance businesses, online financial platforms, and other customer-facing financial institutions.

Customers should understand what they are agreeing to. Hidden charges, confusing fees, misleading advertisements, abusive collection methods, and poor complaints handling can create regulatory and legal exposure.

Step 8: Protect customer data and comply with privacy laws

NBFIs collect sensitive customer information.

This may include names, addresses, IDs, income documents, financial records, bank details, employment information, payment histories, collateral documents, device information, and transaction data.

Because of this, NBFIs must comply with data privacy requirements. They should have a privacy notice, data processing policies, access controls, cybersecurity safeguards, data retention procedures, breach response plans, and proper consent mechanisms where needed.

Data privacy is not just an IT concern.

It is a legal and operational requirement.

A data breach or misuse of customer information can lead to complaints, investigations, penalties, and loss of public trust.

Step 9: Prepare clear contracts and customer documents

NBFIs should use properly drafted contracts, disclosure statements, application forms, collection notices, privacy notices, receipts, payment confirmations, and customer communications.

For lending and financing transactions, documents should clearly state the principal amount, interest, fees, penalties, payment schedule, default consequences, collateral, borrower obligations, and dispute process.

For remittance or payment services, documents should clearly explain fees, processing time, refund rules, customer support channels, and transaction limits.

Clear documentation helps reduce disputes and supports regulatory compliance.

Step 10: File reportorial requirements on time

NBFIs are often required to submit regular reports to their regulators.

These may include audited financial statements, General Information Sheets, special regulatory reports, compliance certifications, AML reports, transaction reports, capital reports, and other submissions depending on the type of institution.

Late or inaccurate reportorial filings may result in penalties, loss of good standing, regulatory findings, or difficulty renewing licenses.

A compliance calendar is essential.

The company should track monthly, quarterly, annual, and event-based filing deadlines.

Step 11: Maintain proper books, records, and tax compliance

NBFIs must maintain accurate books of accounts and comply with BIR requirements.

This includes registration, invoicing, withholding tax, income tax, VAT or percentage tax where applicable, documentary stamp tax where relevant, payroll tax, and proper reporting of income, fees, interest, service charges, penalties, and other revenues.

Financial businesses are often document-heavy.

Accounting records, customer contracts, tax returns, regulatory filings, and financial statements must be consistent.

Discrepancies may trigger tax audits, regulatory questions, or due diligence problems.

Step 12: Monitor regulatory updates

Financial regulation changes frequently.

NBFIs should monitor issuances from the BSP, SEC, AMLC, BIR, National Privacy Commission, Insurance Commission, and other relevant agencies.

Regulatory updates may affect capitalization, reporting formats, interest rate rules, AML obligations, digital platform requirements, customer protection standards, cybersecurity controls, and penalties.

A compliance system should not remain static.

It must be reviewed and updated regularly.

Risks and Penalties

Operating an NBFI without the proper license or authority can lead to serious consequences.

Regulators may issue cease-and-desist orders, impose fines, suspend or revoke licenses, deny applications, publish advisories, or refer matters for investigation.

AML violations may result in penalties, regulatory sanctions, closer monitoring, and reputational harm.

Consumer protection violations may lead to complaints, investigations, refund orders, corrective measures, and loss of customer trust.

Data privacy violations may result in complaints before the National Privacy Commission, administrative penalties, civil liability, and reputational damage.

Tax non-compliance may result in BIR assessments, surcharge, interest, compromise penalties, and enforcement actions.

Corporate non-compliance may affect good standing, ability to secure certifications, ability to amend records, or ability to complete transactions with banks, investors, and counterparties.

The practical risk is not only legal.

A non-compliant NBFI may lose access to banking partners, payment channels, investors, customers, and strategic business relationships.

Practical Examples

Example 1: Lending business operating without SEC authority

A corporation is registered with the SEC and starts granting loans to the public. It assumes that incorporation is enough.

This is risky.

If the business is operating as a lending company, it may need a separate SEC authority to operate.

Without it, the company may face regulatory sanctions and complaints.

Example 2: Financing company with unclear loan disclosures

A financing company offers installment financing but does not clearly disclose fees, penalties, and total payment obligations.

Borrowers later complain that they did not understand the actual cost of the financing arrangement.

This creates consumer protection risk. Financing documents should clearly disclose all material terms before the customer signs.

Example 3: Money service business with weak AML controls

A remittance business processes transactions but does not properly verify customers or monitor suspicious patterns.

This may expose the company to AML risk. Money service businesses must have strong customer due diligence, transaction monitoring, and reporting controls.

Example 4: Pawnshop failing to protect customer data

A pawnshop collects customer IDs and transaction information but stores records without proper access controls.

If customer data is leaked or misused, the pawnshop may face privacy complaints and reputational damage.

Example 5: NBFI missing reportorial deadlines

An NBFI fails to submit annual reports and regulatory filings on time.

This may result in penalties and affect the company’s good standing or license renewal. A compliance calendar and assigned compliance officer can help prevent this.

Common Mistakes NBFIs Should Avoid

Mistake 1: Treating registration as the same as licensing

SEC registration creates the legal entity.

It does not automatically authorize the company to engage in regulated financial activities.

Mistake 2: Using generic contracts

Financial contracts should be customized to the product, regulator, customer type, fee structure, privacy rules, and consumer protection requirements.

Mistake 3: Ignoring AML obligations

Covered NBFIs must comply with AMLC rules.

AML compliance should not begin only after a regulator asks for documents.

Mistake 4: Weak complaints handling

A complaints system is a compliance tool.

It helps the company identify recurring issues, unfair practices, system errors, and possible violations.

Mistake 5: Poor coordination between legal, accounting, and operations

• NBFI compliance requires teamwork.

  
  

• Legal reviews licenses and contracts.

  
  

• Accounting handles books, tax, and reports.

  
  

• Operations applies policies daily.

  
  

• Weak coordination creates compliance gaps.

FAQ Section

What does NBFI mean?

NBFI means Non-Bank Financial Institution.

It refers to financial institutions that provide financial services but are not licensed as banks.

Are all NBFIs regulated by the BSP?

No. Some NBFIs are regulated by the BSP, while others are primarily regulated by the SEC, Insurance Commission, Cooperative Development Authority, or other agencies depending on their activities.

Is SEC registration enough to operate an NBFI?

Usually not.

Many NBFIs need a separate license, authority, registration, or accreditation before operating.

Do NBFIs need AMLC registration?

Many NBFIs are covered persons under AML rules and may need AMLC registration and compliance programs. The requirement depends on the type of institution and activity.

What are the main compliance requirements for NBFIs?

Key requirements may include licensing, capitalization, governance, AML compliance, consumer protection, data privacy, reportorial filings, tax compliance, and internal controls.

Can an NBFI operate online?

Yes, but online operations may require additional compliance review involving digital disclosures, cybersecurity, data privacy, online collection practices, platform terms, consumer protection, and regulator-specific rules.

What happens if an NBFI operates without authority?

It may face penalties, cease-and-desist orders, suspension, revocation, public advisories, complaints, and possible legal action.

Should an NBFI have a compliance officer?

Yes. A compliance officer or responsible compliance team helps monitor regulatory obligations, deadlines, policies, AML controls, customer complaints, and reporting requirements.

Call-to-Action

Non-Bank Financial Institutions operate in a highly regulated environment.

Whether the business involves lending, financing, remittance, pawnshop operations, payment services, investment activity, or other financial services, compliance should be built before operations begin.

A strong compliance foundation helps protect the company, its directors, officers, customers, investors, and business partners.

Aureada CPA Law Firm assists financial businesses, investors, founders, directors, and compliance teams in business structuring, SEC and BSP compliance, licensing review, AML coordination, customer documentation, contracts, data privacy, tax compliance, and regulatory risk management.

If you are planning to start, operate, or review a Non-Bank Financial Institution in the Philippines, early legal and compliance guidance can help prevent costly regulatory problems and support long-term growth.