Paul McCulloch-Otero is a New York attorney and “Of Counsel” to the Pirillo Law Firm. He has extensive experience counseling Clients, including traditional financial and DeFi entities, and a wide range of technology companies, as well as government agencies (state, federal, and international), on an extensive number of highly technical and sophisticated matters in the fields of privacy, cybersecurity, money movement, and emerging technology.

Paul has more than 29 years of experience in the technology and financial sectors, working to help entities either launch new and innovative financial and/or technical applications, or otherwise plan and implement comprehensive digital transformation to maintain a competitive advantage in compliance with rapidly evolving legal and regulatory frameworks and licensing requirements. Areas of practice include corporate law, technology transactions, cybersecurity, blockchain, artificial intelligence, and emerging technologies, as well as financial services regulatory and compliance matters. Paul also regularly assists Clients on a strategy and documentation for activities ranging from internal corporate formation and policy development to a wide range of transactional agreements, including advisory agreements, SaaS agreements, digital asset-related agreements, master service agreements, and service level agreements. He is adept at assisting Clients of all sizes in developing and deploying optimal legal and technical architecture to optimize financial and business goals.

Paul developed an extensive expertise in technology and cybersecurity, having begun his career in highly technical roles within Deloitte, Oracle, Banco Santander, on through almost four years as VP of Intellectual Property and Technology Law and Digital Compliance at J.P. Morgan, and ultimately as Managing Partner of the NYC CyberLaw Group. He has honed an exceptional understanding of complex financial vehicles developed while serving Counsel within companies such as American Express (Digital Labs), USAA, and multilateral development banks such as the European Bank for Reconstruction and Development and the World Bank Group. In combining his technical and financial expertise with his experience advising domestic and foreign regulatory and government agencies, Paul is able provide Clients, ranging from startups to Fortune 500 companies, with legal advisory services that include: (i) understanding and optimizing technical and product service architecture; (ii) establishing and managing a comprehensive internal risk and compliance architecture; (iii) arming Clients with the contracts, templates, and guidance, to help navigate regulatory and third-party risk; (iv) assisting Clients in securing regulatory licensing (e.g. MTL/MSB, BitLicense, SPDI, IFE); and (vi) effectively engaging regulators in consultations, where required (e.g. breach response, No-Action Letters, consent orders, audits, etc…).

Paul is motivated by the desire to develop the legal, technical, and regulatory tools, to empower his Clients to keep pace with emerging technologies and innovate responsibly. In so doing, he also is motivated by the opportunity to develop new and innovative legal tools and vehicles to help Clients achieve success at the nexus of finance and emerging technology. He also dedicates time to sharing this expertise by serving as a conference speaker, visiting lecturer, and by providing more hands-on guidance as a mentor to a number of technology incubator / accelerator programs. He is admitted to the New York bar, is an International Association of Privacy Professionals (IAPP) Certified Information Privacy Manager, and serves as co-Chair in the Puerto Rico KnowledgeNet chapter of the IAPP.


  • Regulatory Advisory: Counseled regulatory agencies across five regions in the development of government policies and national regulation in the financial and technology fields, including developing policies on Artificial Intelligence, and drafting laws on cybersecurity.
  • NFT & Other Tokenized Exchange Initiatives: Advised multiple Clients on the creation and compliant deployment of decentralized public or private exchanges and NFT minting services, trading in the fields of artwork, luxury real estate (fractionalized and whole), gaming, treasuries, and more.
  • Token Development & Exchange Deployment: Assisted in the development and deployment of three (3) separate decentralized financial networks, and supporting ecosystem architecture (e.g. deployment of swap facilities; token raises, etc..)
  • E-Commerce & Advertising: Lead Counsel covering digital advertising, marketing, brand & business development, legal & compliance, technical advisory & development, including AI, financial, blockchain, and ad serving technologies. Assisted in the development and deployment of: (i) algorithmic discrimination audit & remediation platform; (ii) privacy mapping & consent software.
  • Crowdfunding Platform: Securities Counsel & Technology Compliance Architect for blockchain technology companies tokenizing equity for industries as a means to raise funds (Reg CF, S, A).
  • Money Movement: Payments counsel for transitioning Tier 2 to Tier 1 Bank, leading review and redesign of payment architecture (incl. integration w/ crypto-exchanges) and managing & (re)negotiating relationships with 3rd Party platforms (e.g. Zelle, ApplePay).
  • DAO Counsel: Counsel to Swiss and U.S. DAO’s organizing & establishing compliant operations, and addressing financial (e.g. AML/KYC), operational (e.g. privacy, technology), and corporate governance issues.
  • Privacy Counsel: Counseled multiple finance and FinTech Clients in creating and maintaining privacy operations including: (i) mapping out all privacy data flows; (ii) generating and updating Privacy Impact Assessments; (iii) establishing a robust consent management architecture (incl. DSAR’s); (iv) drafting all domestic & cross-border privacy documentation (e.g. incl. updated SCC’s); (v) working within technology groups to identify and determine regulatory notification threshold for privacy incidents; and (vi) reporting to regulators if/when required.
  • Digital Banking: Technology Legal and Compliance counsel for digital banks (i) establishing and drafting core operational framework and technical documentation (e.g. policies, procedures, controls, legal entity documentation (LEI)); (ii) negotiating and drafting contracts for vendors, joint ventures, and financing; and (iii) securing licenses as: IFE (Puerto Rico); EMI (Lithuania); SPDI (Wyoming); (iv) M&A, vendor review, and technical integration of bank license via bank acquisition.


  • University of London, LL.M.
  • Temple University, Beasley School of Law
  • Emory University, B.A.


  • New York (1st Appellate Division)



  • This field is for validation purposes and should be left unchanged.
Scroll to Top