Paul McCulloch-Otero is Of Counsel to Warren Law Group. 

Paul is a New York licensed attorney, information systems architect, & executive, advising Clients in the fields of Cybersecurity, Technology (including blockchain and emerging technologies), FinTech (including Decentralized Finance (“DeFi”)), Privacy, and Emerging Technologies. Paul is an expert at translating issues between technologies and the regulations that govern those technologies. Over the past decade, this expertise has expanded to assist Clients and regulatory agencies alike in understanding how those laws and regulations translate to decentralized ecosystems.

Paul’s clients range from SME’s to Fortune 500 companies and decentralized networks, and include technology services companies, payment services providers, cryptocurrency exchanges, international financial institutions & banks, international financial entities (IFE’s), FinTech banks, decentralized autonomous organizations, and more. Paul’s services, include but are not limited to: payment systems and money movement, banking (structuring, licensing, & operations), online crowdfunding / auction services, exchanges / ATS, ESG advisory, cybersecurity (e.g. bug bounties, threat management, breach/incident/ ransomware response), corporate strategy (e.g. IP, tax, technical architecture), corporate structuring & filing (e.g. master/feeder structures, funds, IFE’s), corporate digital transformation, IT / blockchain architecture, and DeFi. As a DeFi attorney Paul has helped Clients (and networks) develop/draft, launch, and manage: tokenomics strategies & coin offerings, token minting and issuances, blockchain network operations, DAPPS, decentralized autonomous organizations (DAO’s) and their respective legal wrappers, liquidity pools (including AMM’s), and additional innovative decentralized vehicles and other Web3 applications.

Paul also serves as an Advisor to Chrysalis Advisory Services, a company that assist Clients in conducting general IT audits & certifications (e.g. ISO 27001, SOC2, PCI-DSS), as well as assisting Clients and decentralized networks in developing and deploying operational risk and compliance frameworks to govern decentralized operations. These frameworks include: (i) Node Validator Security Audit Framework; (ii) ESG Protocols for Node Validators; and (iii) DAO Governance Standards.


JD, Temple University
LL.M, SOAS University of London
BA, Emory University

Bar Admissions & Memberships
State of New York

Representative Matters Include:

  • NFT & Exchange Initiatives. Advised multiple Clients on the creation and deployment of an NFT Minting and Exchange for artwork
    fractionalized luxury real estate, whole property real estate, and NFT filters for existing artwork
  • Token Development & Exchange Deployment: Assisted in the development and deployment of three (3) separate cryptocurrencies, and corresponding network initiatives (e.g. liquidity pools / AMM’s, Swap Facilities, EVM Leverage)
  • Emerging Technology & Non-Profit Law: Lead Counsel for a Swiss Non-Profit organizing & establishing one of the largest DAO’s in the world, addressing financial (e.g. AML/KYC), operational (e.g. privacy, technology), and corporate governance.
  • Initial Chief Privacy Officer: Served as Chief Privacy Officer for a digital bank covering U.S., Lithuania, and Singapore jurisdictions (i) mapping out all privacy data flows; (ii) generating and updating Privacy Impact Assessments; (iii) establishing a robust consent management architecture (incl. DSAR’s); (iv) drafting all domestic & cross-border privacy documentation (e.g. incl. updated SCC’s); (v) working within technology groups to identify and determine regulatory notification threshold for privacy incidents; (vi) reporting to regulators if/when required
  • Initial Digital Challenger Bank(s): Technology Compliance Lead for a digital bank (i) establishing and drafting core operational framework and technical documentation (e.g. policies, procedures, controls, legal entity documentation (LEI)); (ii) negotiating and drafting contracts for vendors, joint ventures, and financing; and (iii) securing licenses as: IFE (Puerto Rico); EMI (Lithuania); SPDI
    (Wyoming - withdrawn); (iv) M&A, vendor review, and technical integration of bank license via bank acquisition
  • Crowdfunding Platform: Securities Counsel & Technology Compliance Architect for a blockchain technology company tokenizing equity for industries as a means to raise funds (Reg CF, S, A+), (included broker-dealer legal & compliance review)
  • Money Movement: Payments counsel for transitioning Tier 2 to Tier 1 Bank, leading review and redesign of payment architecture (incl. integration w/ crypto-exchanges), and managing & (re)negotiating relationships with 3rd Party platforms (e.g. Zelle, ApplePay).
  • Cannabis: Reviewed payments architecture & secured regulatory approval for two cannabis payment processing companies, and one cannabis auction website

Your case matters. We can help.