Paul Mcculloch
CyberLaw: Former Coder / IT Architect Specialized in Corporate, DeFi, Privacy, & Emerging Technologies Law
New York
NY
About
-Startup - Includes incorporation advisory (e.g. structuring and location) & execution (e.g. founder/startup agreements, 83(b) guidance, token / stock assignment agreements,… read more confidentiality agreements, employment / advisor contracts), services / product review and strategy (e.g. design considerations, data residency strategies, available tools & resources)
-Regulatory Fitness & Triage - Identifies and addresses all issues that regulators, investors, partners, or others may be able to see from your external facing resources (e.g. website policies, representations, security, corporate standing)
-Compliance Foundation / Update - Establishes a robust compliance foundation for the Client including policies (e.g. IT, HR, AML/KYC), procedures, training, monitoring, and testing (e.g. BC/DR/IR; Tabletops), as well as guidance on available tools to integrate to automate processes and ensure compliance.
-Regulatory Affairs Package - Ensures Clients acquire all requisite licenses (e.g. IFE, SPDI, EMI, FedWire; Money transmitter), relationships (e.g. broker dealer; insurance), and/or certifications (e.g. FFIEC cybersecurity, NIST-800, FFIEC, PCI-DSS, HIPAA
-Third-Party / Business Engagement - Reviews vendors, vendor management, partners, and other third parties products and documentation, and drafts engagement accordingly (e.g. MNDA, LOI, MSA, SOW; Partnerships, JV’s, etc…). Review relationships with customers and draft documents accordingly (e.g. EULA, SaaS, E-Sign, etc…).
-Event Management - Enables Client agility (e.g. digital transformation, workplace to remote policies and practices) and compliance (e.g. incident / disaster response & forensics; response to regulatory inquiry)
-Privacy Management - Sets up a robust Privacy Program for Client.
-Blockchain / DeFi - Empowers Clients with tools and legal strategy to create digital assets (e.g. NFT’s, new cryptocurrencies, other tokenized assets such as real estate), decentralized autonomous organizations (DAO’s), raise / transfer funds (e.g. ICO’s) while addressing any securities risks (e.g. Howey analyses), draft corresponding regulatory filings (e.g. Reg A, Reg CF) or tokenomics analyses, and create and launch decentralized applications such as liquidity pools, swap facilities, and more.
experience
Representative Clients
Practice Areas
Client Reviews
"Paul did a fantastic job working on multiple aspects of our business. He helped write a provisional patent, reviewed compliance procedures and assisted with documentation. He is commercial and practical, making him very valuable as a lawyer. I would certainly recommend him."
Work History
NYC CyberLaw Group
Attorney
Jan 2018 - Present
Provide full scope cyber security and technology legal services, including technical and legal reviews for cyber security, data privacy, and information technology regulations, addressing any legal issues arising therefrom, and drafting any corresponding policies or controls documentation. Focus payments systems, tech compliance, blockchain architecture, cryptocurrencies, & other emerging tech.
Helm Solutions, Inc.
CEO
May 2015 - Present
Spearheaded, launched, & managed a web-based compliance-as-a-service IT audit & gap analysis platform to benchmark cybersecurity and IT frameworks against a consolidated database of direct regulatory API’s, refer users to most relevant market solutions to address gaps, and empower companies with continuous control monitoring & report generation (e.g. risk assessments, audit responses).
JP Morgan Chase & Co.
VP, Intellectual Property & Technology Law
Jul 2012 - May 2015
Reviewed legal issues impacting IT Risk & Security Management for products, services, and operations, either internally developed/used, offered externally, leveraged from third-parties. Negotiated, drafted, and executed corresponding documents for software & hardware (e.g. software licenses, EULA, terms of use, privacy policies, vendor agreements, etc…) and data & content (e.g. dev/licensing)
JP Morgan Chase & Co.
VP, Compliance Manager, Digital Compliance
Jul 2012 - May 2015
Advised JPMC-wide groups as expert for all matters involving branches/ATM’s, digital marketing, accessibility, online & mobile operations (including data privacy, data security, IAM, and technology management), and related products. Conducted extensive risk assessments, business impact assessments, & IT audits, periodically and in response to regulatory orders or developments, drafted policies.
JP Morgan Chase & Co.
BCC Chief Cyber Security Compliance
Jul 2012 - May 2015
SME in IT and Cyber Security Risk, risk management, end point and server technologies, network management/architecture, intrusion detection and prevention systems, vulnerability/pen testing management, and patch management systems. Informed & Directed SIEM process and tools, drove awareness on security thinking, and represented legal and compliance interests from SDLC to infrastructure hardening.
JP Morgan Chase & Co.
VP, Regulatory Change Management, Treasury & Security Services
Sep 2011 - Jul 2012
Designed procedures and systems for tracking global regulatory developments relevant to the JP Morgan Treasury and Security Services (T&SS) line of business, from the point a regulation is first discussed on through impact/risk assessments, government consultations and fully compliant integration into operations (i.e. project management). Created and implemented corresponding MIS & reporting.
United States Department of State
Senior Advisor
Sep 2008 - Sep 2011
Occupied three simultaneous roles advising senior management on 1.) policy and engagement strategies for global sub-national actors (S/SRGIA); 2.) Developing Economic and Energy Public Diplomacy initiatives and stances in response to socio-political developments (e.g. Arab Spring)(EEB/EPPD); 3.) Developed initiatives to track and effectively budget every dollar spent in the foreign aid budget (F)
The World Bank Group
Senior Advisor
Oct 2010 - Jun 2011
Coordinated and engaged a globally dispersed network of 12 high-level Commissioners in identifying and understanding the regulatory mechanisms and operational dynamics of governance and compliance in the World Bank Group and similar institutions, with a view to restructuring governance and defining the World Bank mission for the 21st Century. Researched, analyzed and drafted reporting for the G20
European Bank for Reconstruction and Development
Legal Counsel / Consultant
Sep 2007 - Jun 2008
Drafted and reviewed EBRD structured finance and project finance documents, country status reports, and articles for publication in English and Russian. Created, updated and maintained databases of relevant operational country legislation. Conducted assessments benchmarking the legislative frameworks of EBRD countries of operations for extensiveness and effectiveness against best practices.
New York City Commission on Human Rights
Staff Attorney
Jun 2006 - Jun 2007
Conducted intake interviews (in Spanish and English), drafted complaints, filed motions, mediated and litigated cases before the Office of Administrative Trials and Hearings regarding all matters covered by the Human Rights Code of the City of New York.
The McCulloch Law Firm
Litigation Associate
May 2005 - Jun 2006
Researched and drafted motions in preparation for litigation regarding employment law, real estate law, agency law, municipal law, wrongful death, RICO and products liability, specializing in structural engineering and architectural failures. Reviewed discovery material, digested depositions and participated in settlement conferences and depositions in federal and state court matters.