RE: Registration Process Questions

Louise,

Thank you for the below email. It is good to clear up the confusion
regarding this process. At the end of the email you ask for our comments on
the ROETA execution process.

We would prefer that the ROETA be executed off-line. It is on that basis
that we have sought the opinion of overseas counsel. That said, you may
form the view that online execution of the ROETA is no different to the
operation of a website with a hotlinked disclaimer. On that basis you may
decide to execute the ROETA online. We have some concerns regarding
security issues because of the distribution of a password without a
supporting agreement, however, you may form the view that this is a minor
risk.

If you have any other questions, please do not hesitate contact me.

Regards

Timothy Hughes
Clifford Chance
200 Aldersgate St
EC1A 4JJ London UK
+44 171 282 7046 (direct)
+44 171 600 1000 (switch)
+44 171 600 5555 (fax)
timothy.hughes@cliffordchance.com

< -----Original Message-----
< From: lkitchen@enron.co.uk [SMTP:lkitchen@enron.co.uk]
< Sent: Monday, July 05, 1999 6:23 PM
< To: Elena Kapralova; Rahil Jafry; dport@enron.co.uk; Mark Dilworth;
< pgoddard@enron.co.uk; jboyd@enron.co.uk; jjuggins@enron.co.uk; Mark - ECT
< Legal Taylor; Jay Webb; Robert Campbell;
< Timothy.Hughes@cliffordchance.com; Andrew.Wilkinson@cliffordchance.com;
< ssefton@enron.co.uk; Edmund Cooper; David G Mally
< Subject: Registration Process Questions
<
<
<
< Let's be clear about all of the confusion which took place last week on
< how to
< register, this is what we are doing. Any comments or problems please
< reply. I
< have tried to address everyone's points (see end of email).
<
< 1. Current Customers
<
< We are going to pre-register a large number of customers prior to the
< launch.
< These customers will not receive any documentation from us apart from the
< one
< page application form (Password Application) and a nice glossy marketing
< brochure.
<
< They will not be asked to fill in any form of registration documentation.
< All
< of the approvals should be done internally as we already trade with these
< people.
<
< Procedure
< 1. A list of customers to be pre-registered is compiled.
< 2. Sign off on the list is obtained from Tax, Credit, Legal etc.
< 3. The customer receives from Enron a Password Application Form (postal)
< and a
< marketing brochure (this will be very glossy with only high level details
< nothing specific to the customer but will outline the registration process
< (to
< include whether to send to UK os US office). The PA will be specific to
< each
< country and therefore we should be able to send out the specific PA to
< each
< counterparty.
< 4. The customer signs the document (Password Application) and returns to
< Enron.
< 5. Enron dispatches the System Administrator password and login.
< 6. The customer logs in and the immediately is greeted with the ETA (as
< loaded
< for the specific counterparty profile which will be based on the country
< of
< origin of the customer). The ETA must be printable and the customer will
< scroll
< through the document to the end where he has the choice of either "I
< accept" or
< "I do not accept" (with no default on enter). This ETA must be printable.
< 7. The customer then enters the site and transacts. If the customer is
< transacting under a master then the GTC for a particular product will not
< need
< to be accepted, if the customer is dealing without a master then any
< person
< using the administrator password or any of its subsidiary passwords can
< accept
< the GTC (it only needs to be accepted once by any one person under this SA
< password). The system will need to be loaded with the information as to
< whether
< a counterparty requires GTC or not for each commodity/product type.
<
< Elena's questions
< Q: Will PA be available as well as ETA for viewing and printing in the
< "House"? No only in the garden. PA and ETA for all jurisdictions will be
< available and printable in the garden (drop down box would be my
< suggestion).
<
< 2. New Customers
<
< There are two alternative routes possible.
<
< Procedure 1: Off Line Registration
<
< Potential Customer will e-mail, phone to express their willingness to
< trade
< online, i.e. get the ID and Password
< Enron will mail Registration Pack to the Potential Customer with PA for
< appropriate jurisdiction.
< Customer will fill in Registration Form, sign PA and mail it back to
< Enron
< If the customer is approved for Online Trading by Enron, it will
< receive the
< system administrator login and password.
< The customer logs in and the immediately is greeted with the ETA (as
< loaded
< for the specific counterparty profile which will be based on the
< country of
< origin of the customer). The ETA must be printable and the customer
< will
< scroll through the document to the end where he has the choice of
< either "I
< accept" or "I do not accept" (with no default on enter). This ETA must
< be
< printable.
< The customer then enters the site and transacts.The customer is
< transacting
< GTCs for all products and any person using the administrator
< password or
< any of its subsidiary passwords can accept the GTC (it only needs to be
< accepted once by any one person under this SA password).
<
<
< Procedure Two: Partial OnLine Registration
< Registration Pack including PAs for all jurisdictions will be available
< in
< the Garden
< Customer has to chose (drop down box) which jurisdiction he is in,
< print out
< appropriate Registration Form and PA, fill in Registration Form, sign
< PA and
< mail it to Enron
< Customer will fill in Registration Form, sign PA and mail it back to
< Enron
< If the customer is approved for Online Trading by Enron, it will
< receive the
< system administrator login and password.
< The customer logs in and the immediately is greeted with the ETA (as
< loaded
< for the specific counterparty profile which will be based on the
< country of
< origin of the customer). The ETA must be printable and the customer
< will
< scroll through the document to the end where he has the choice of
< either "I
< accept" or "I do not accept" (with no default on enter). This ETA must
< be
< printable.
< The customer then enters the site and transacts.The customer is
< transacting
< GTCs for all products and any person using the administrator
< password or
< any of its subsidiary passwords can accept the GTC (it only needs to be
< accepted once by any one person under this SA password).
<
< The Registration Form is currently in draft form and I attach below but
< clearly
< Janine may want to add more on her side.
<
< Elena's questions
< Q: 1) Alternative 1 or 2? Both
< 2) In the Garden there must be a sentence (to be drafted by CC) to
< inform
< potential customers that there request for access may not be granted. YES
< - In
< the garden there must be a phrase that any access may not be granted and
< that
< it is solely on our discretion (this is not just for Read Only its for all
< applications)
< 3) Should all ETAs and PAs be available and printable in the Garden?
< CC
< prefers them to be available...YES
<
< 3. Read Only Customers
<
< If a customer / counterparty does not respond by signing our PA and
< therefore
< has not access to the site and we are very keen for them to be a trading
< counterparty over the Internet we want a way of showing them what they are
< missing. So we will be sending them a password and login for read only
< access.
< We could also send out to bodies like regulators or brokers etc but that
< will be
< up to the traders - any counterparties wanting access like this would
< apply
< through th eroute outlined above for new counterparties and we would
< authorise
< readonly access. We will no be advertising read only access as available.
<
< They will be able to enter the site for a period for time (Enron needs to
< be
< capable of setting system limits to the amount of time a
< customer/counterparty
< is given read-only access for) unable to transact but view only.
<
< Procedure
< 1. Either, Enron monitors the list of counterparties having registered
< against
< the full counterparty list and notes that specific counterparty has not
< registered. The trading desk with primary trading contact with such
< counterparty is contacted and asked if they would like to offer read only
< access
< for a period of time.
< or, a trader applies to the Online Product Control group for read only
< access
< for one of his customers.
< 2. The Product Control Group will issue a password/login which will be
< time
< dated (only valid for a certain period).
< 3. The counterparty will login and immediately greeted by a Read Only
< ETA -
< these are to be country specific.
< 4. The counterparty must accept the Read Only ETA online before entering
< the
< site where he has been given READ ONLY access.
< 5. Under this scenario there is only one password and no capability of
< creating any further passwords (not like a system administrator password).
< 6. When the password expires they will need a prompt box indicating how
< they
< should register to continue seeing prices.
<
< Elena's issues
< 1) Should Read Only ETA be printable and where? YES - should be printable
< when
< it appears on screen at login (no need for it to be in the garden)
< 2) What limitations will be imposed on the Guest User, i.e. one log in
< session,
< limited time etc. - This decision has to be made in order for CC to put an
< appropriate language into the Read Only ETA. Read Only ETAs for all
< jurisdictions have to be finalised by July 7th. Needs to be flexible
< although
< one password has no capability of creating further passwords, but the
< period of
< time they are allowed access will depend on each trader. Some customers
< may be
< allowed in for one day others for one month.
< 3) In the Garden there must be a sentence (to be drafted by CC) to inform
< potential Guest User that his request for Read Only access may not be
< granted.
< We will not be advertising this facility and it will therefore not be
< mentioned
< in the garden. The only phrase in the garden refers to customers who
< apply for
< a password may not get access (see above).
< 4) Is Read Only ETA accepted online or it should be signed and mailed back
< to
< Enron as a hard copy? The latest agreed was that it will be signed off
< line, but
< accepting it online should work as well, and seems to be a cleaner
< way...No this
< will be signed/clicked online just like the ETAs.
<
< Mark's comments
< System administrator will not be a trader as far as the system is
< concerned.
< If they are in reality that is none of our concern. Agreed - we need
< to
< change the name of System Administrator to Trader Administrator
< ETA acceptance process - we have legal confirmation of your comment? I
< would
< expect that all users that trade on the system should read and accept
< it
< (which I think is where Bob is coming from). Only one person per System
< Administration Password / Trader Adminstrator password accepts the ETA.
<
< Guest only users
< This concept was raised to us for the first time yesterday - and I have
< some
< process queries on it. See above.
< How do we separate/ identify the applications? See above.
< What will be the process for upgrading users f they successfully apply for
< full
< rights? They need to receive a notice when their password expires which
< prompts
< them to follow the application process.
<
< 2 other queries -
< Why do they need an ETA when they will not be allowed to trade
< electronically?
< Need a Read Only ETA - see document for further understanding
< Limitations to be imposed - where is this being coded and who by? There
< will be
< a timetable impact. This is not new and therefore isn't
<
< Bob's comments
<
< 1. Existing Enron Customers (approx 2,000)
< The first person from the customer's company logging Online has to
< accept
< ETA. After that ETA has to be available for viewing and printing for
< all
< other users.
< The first person logging on will always be the Administrator (to set up
< his
< users) so how can a probable non-trading user accept ETAs for his traders?
< Probably will be a trader - change the password to TRADER ADMINISTRATOR
< PASSWORD/ MASTER TRADING PASSWORD
<
< 3. Unknown Customers (currently not trading with Enron) willing to get
< Trading
< Access
< Alternative 1 most closely mirrors what we're doing for our existing
< customer
< base and so the procedures will already be in place for EOL Product
< Control /
< System Admin to run this. If the marketing pack mailing method is utilised
< we
< cut down on extra effort in a number of areas (marketing pack will be
< signed off
< by legal, business processes already there, no extra development effort,
< single
< point of reference).
< The marketing pack is a glossy brochure advertising our site within it
< there
< will be the registration form, I think we do both alternatives.
<
< Tim's comments
<
< The process you have described is as I understood things, except
< that for Guest Users ( also referred to as Read Only Users - Regulators,
< Lawyers, Brokers, Potential Traders etc). As we discussed on Wednesday
< and
< as Andrew mentioned yesterday, I understood the process to be as follows:
<
< The Guest will phone or sent e-mail (possibly fill in a form online,
< that will be automatically e-mailed) to Enron System Administrator.
< Customers will provide info on their name, e-mail address, mailing
< address,
< country of incorporation etc. If Enron approves the customer as a Guest
< user, the System Administrator will e-mail/fax to the Guest the Read Only
< ETA. The Guest will execute the Read only ETA in hard copy and return it
< to
< Enron (by fax or post). Enron will then issue a Guest ID and Password.
< The
< Read Only ETA will be available on the website as a reminder to the Guest.
< This will not be in hard copy it will be online, see above we are not
< going to
< advertise this read only capability.
<
< OK?
<
< Louise
<

***********************************************************************

The information in this email and in any attachments is confidential and
intended solely for the attention and use of the named addressee(s). This
information may be subject to legal professional or other privilege or may
otherwise be protected by work product immunity or other legal rules. It
must not be disclosed to any person without our authority.
If you are not the intended recipient, or a person responsible for delivering
it to the intended recipient, you are not authorised to and must not
disclose, copy, distribute, or retain this message or any part of it.