Your data. Your money. Held carefully.

Confidentiality, in writing

Every partner and staff member is subject to written confidentiality obligations on commencement of employment, with breach being a terminating event. We do not discuss client matters in the office, in any client's hearing, or with our affiliated firms unless we have your written consent for that specific escalation. References to clients on our website appear only with consent.

Data — where it lives

Client documents are stored in a SOC 2 Type II-aligned client portal environment. Data resides on servers physically located in the European Union and the United Arab Emirates. Backups are encrypted at rest and in transit. No client document is transmitted in plain email; we use the portal for all document exchange. Access is restricted to the partner and named associates on your file.

UAE Personal Data Protection

We comply with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and, for EU data subjects, the EU GDPR. See our Privacy Notice for the full set of legal bases, retention periods and your rights.

AML & KYC oversight

ArxSetup is a registered Designated Non-Financial Business and Profession (DNFBP) under the UAE Anti-Money Laundering framework (Federal Decree-Law No. 20 of 2018). We have a designated Money Laundering Reporting Officer who reports directly to the Managing Partner. All staff complete annual AML training. The firm's risk assessment is reviewed and approved by the partners each year. See our AML & CFT Policy.

Regulator recognition

Neo International Consultancy FZ-LLC (trading as ArxSetup) is licensed by the Dubai Development Authority under commercial licence number 107229 to carry on Consultancy and Accounting & Bookkeeping activities from Unit L1-206, Floor 02, Loft Offices 1, Dubai Media City. Our accounting and corporate-services consultancy activities bring us within the UAE definition of a Designated Non-Financial Business and Profession (DNFBP), and we are registered with goAML as a reporting entity. Tax-specific work (UAE Corporate Tax, VAT, FTA representation) is delivered through the firm's affiliated FTA-registered tax-agent partners, and complex legal matters are escalated to Neo Legal (UAE) or Cornwalls (Australia). The full list of jurisdictions in which we file and the licensed partners with whom we coordinate is on the About page.

Sanctions screening

Every new client and beneficial owner is screened at onboarding against UAE Cabinet, UN Security Council, EU and OFAC sanctions lists. Screening is re-run on material changes (UBO change, new shareholder, change of activity). We decline matters where positive matches arise, without compromise.

Insurance & recourse

The firm maintains professional indemnity insurance commensurate with the work we undertake. Cover details available on request. Our Terms of Engagement set out the maximum aggregate liability cap — the greater of USD 100,000 or three times the professional fee paid in respect of the matter — and DIFC Courts exclusive jurisdiction for any dispute.

Suspicious activity reporting

Where we form a suspicion under the UAE AML framework, we are required to report to the UAE Financial Intelligence Unit via goAML, and we are prohibited from informing the client that a report has been made (the "tipping off" prohibition). This is a legal obligation of every UAE DNFBP. Where you are concerned about how a particular transaction might appear, raise it with us in writing in advance — many concerns can be resolved by structuring the underlying activity differently.

No payment until engagement letter is signed

We do not commence work and do not collect any fees until our written engagement letter is countersigned by both sides. Quotes carry no obligation. KYC submitted before engagement is retained for thirty days and then deleted unless you elect to proceed.

Security disclosure

If you believe you have identified a security vulnerability in our website, portal or processes, please write to security@arxsetup.ae. Our security disclosure policy is at /.well-known/security.txt (RFC 9116-compliant).

Updated 16 May 2026.