Biography

Paul McCulloch-Otero is a New York licensed attorney, information systems architect & consultant with 25+ years of experience. Paul is exceptional at identifying and managing issues between technologies and the regulations that govern those technologies, and empowering Clients with the tools and understanding to mitigate technical and legal risk, meet regulatory compliance requirements, and innovate efficiently and responsibly.

As a Partner at FisherBroyles, LLP, Paul advises Clients in the fields of Cybersecurity, Technology, and Privacy, primarily in the sectors of Banking & Finance, Healthcare, and Government. Paul’s clients range from SME’s to Fortune 500 companies, and his services include: (i) Transactional Counsel – negotiating, drafting, and reviewing technology agreements; (ii) Product Counsel – Advising technical teams on product development and implementation; (iii) Privacy / Cybersecurity Counsel – Mapping and assessing systems (e.g. PIA’s), informing policy, addressing emergent risk and coordinating data forensics and breach responses; (iv) Finance and Regulatory Counsel – Securing licenses (e.g. Bank, MTL) & coordinating regulatory engagements (e.g. CRADA); and (v) guiding Clients in developing and deploying innovative / emerging technologies while mitigating regulatory and corporate risks.

Paul is also a Managing Member of Cybercheck LLC, a cybersecurity and technology managed services company that assist Customers in (i) establishing effective security and compliance governance and operations; (ii) executing IT Audits & securing certifications; and (iii) providing Clients with managed services offerings for Virtual CISO, IT Compliance Manager, Vendor Management & Procurement, and AI Governance Officers.

Previously, Paul pioneered, launched and exited a multinational RegTech/FinTech company that automated cybersecurity and technology gap analyses. Additionally, he served in a variety of risk, regulation, compliance and intellectual property roles at J.P. Morgan. He also has served as a Senior Advisor for the U.S. Department of State, a legal advisor for several international banks, and staff attorney for the New York City’s Commission on Human Rights.

Paul is a Certified Information Privacy Manager, Board Member of the National Puerto Rico Chamber of Commerce, a visiting lecturer to various universities, a mentor to accelerator programs (e.g. Techstars, Parallel18), and has consistently dedicated his expertise in finance, technology, and government to assist post-disaster relief, recovery, and resiliency around the world.

Representative Transactions
  • Artificial Intelligence Legal & Compliance Counsel. Counsel to a public-private partnership tasked to select and deploy an artificial intelligence platform in 126 agencies to mitigate risk & comply with existing, emerging, and projected regulatory requirements.
  • Chief Privacy Officer: Served as Chief Privacy Officer for a digital bank covering U.S., Lithuania, and Singapore jurisdictions (i) mapping out all privacy data flows; (ii) generating and updating Privacy Impact Assessments; (iii) establishing a robust consent management architecture; (iv) responding to all DSARs or other subject requests; (v) working within technology groups to identify and determine regulatory notification threshold for privacy incidents; (vi) reporting to regulators if/when required.
  • Digital Challenger Bank(s) Technology Compliance Lead: (i) establishing and drafting operational core operational framework and technical documentation (e.g. policies, procedures, controls, legal entity documentation (LEI)); (ii) negotiating and drafting contracts for vendors, joint ventures, and financing; and (iii) securing licenses (e.g. IFE (Puerto Rico); EMI (Lithuania); SPDI (Wyoming – withdrawn)); (iv) M&A, vendor review, and technical integration of bank license via bank acquisition.
  • E-Commerce & Advertising: Lead Counsel covering digital advertising, marketing, brand & business development, legal & compliance, technical advisory & development, including AI, financial, blockchain, and ad serving technologies. Assisted in the development and deployment of: (i) algorithmic discrimination audit & remediation platform; (ii) privacy mapping & consent software.
  • Credit Card “Digital Labs” Division: Crafted innovative intellectual property strategies for emerging technologies with third-parties; conducted extensive legal research, regulatory engagement, & negotiations for involvement in a digital currency network.
  • Emerging Technology & Non-Profit Law: Served as Lead Counsel for financial (e.g. AML/KYC), operational (e.g. privacy, technology), and corporate governance for a Swiss Non-Profit organizing & establishing one of the largest DAO’s in the world. Drafted and operationalized node validator security audit standards, ESG standards, and additional DAO governance protocols.
  • Crowdfunding Platform: Securities Counsel & Technology Compliance Architect for a blockchain technology company tokenizing equity for industries as a means to raise funds (Reg CF, S, A+), (included broker-dealer legal & compliance review)
  • Money Movement: Payments counsel for transitioning Tier 2 to Tier 1 Bank, leading review and redesign of payment architecture (incl. integration w/ crypto-exchanges) and managing & (re)negotiating relationships with 3rd Party platforms (e.g. Zelle, ApplePay).
  • Cannabis: Secured payments architecture & secured regulatory approval for two cannabis payment processing companies, and one cannabis auction website.
Presentations & Teaching Experience
  • SUNY Purchase School of Law, Visiting Lecturer
Publications
  • Privacidad, ciberseguridad y tecnología en Puerto Rico para 2025, IAPPP Presentation January 27, 2025
  • Legal & Regulatory Considerations and Opportunities in Strengthening and Securing Healthcare Infrastructure and the Corresponding Supply Chain in Puerto Rico, BSidesPR · Apr 12, 2024
  • Reseña de: Yves Dezalay and Bryant G. Garth, The Internationalization of Palace Wars: Lawyers, Economists, and the Contest to Transform Latin American States, Revista internacional de pensamiento político, Año 2010, Número 5. · Jan 31, 2011
  • Repowering the World BankRepowering the World Bank, World Bank Group · Oct 25, 2009
  • EBA Energy Law Academy Course 105: Cybersecurity in the Energy Industry – Data Privacy, Energy Bar Association

 

Awards and Recognitions
  • Certified Special Investigator, Elliptic
  • Certified Information Privacy Manager, International Association of Privacy Professionals (IAPP)
  • IAPP Puerto Rico KnowledgeNet Chapter Chair
  • Board Member, Puerto Rico Chamber of Commerce

vCard

Paul McCulloch  

Partner

[email protected]
+1.646.596.3574

Credentials

Admissions

  • New York

New York – First Judicial District 2006

New York – Southern District of New York, 2006

Education

Temple University, Beasley School of Law, 2005

Emory University, B.A., 2002

LL.M. (International Finance and Development), University of London

Prior Law Firm Experience

Eversheds Sutherland

NYC CyberLaw Group, PLLC

Gilbert Firm

Practice Areas