Buying a SaaS business sounds clean on paper. Recurring revenue. High margins. Predictable churn. Then you look closer and realize the entire product runs on one developer’s custom code, the top three customers all have the founder’s personal cell number, and nobody else on the team has ever touched the backend.
That is key person risk. And in SaaS deals, it kills more transactions and destroys more post-close value than almost any other single factor we see.
Here is what SaaS business key person risk actually looks like in practice, how lenders think about it, and what you can do to price it correctly before you sign anything.
What SaaS Business Key Person Risk Actually Means
Key person risk in a SaaS business is the degree to which the company’s revenue, operations, or intellectual property depends on a single individual who may not stay after the sale.
That individual is almost always the founder. But not always. Could be the one developer who built and maintains the entire codebase. The salesperson who owns 80% of the new business pipeline. The customer success manager every enterprise client calls by name.
The core question for any buyer: if this person walks out the door on day 31 after close, what happens to the business?
If the honest answer is “revenue falls significantly” or “the product breaks and we can’t fix it,” you have a real problem. Not a theoretical one.
Why SBA Lenders Scrutinize This Hard
SBA 7(a) lenders underwrite the business’s ability to service debt. So anything that threatens cash flow continuity after you take over gets heavy attention.
Key person risk sits near the top of that list. A lender looking at a $2M SaaS acquisition with a 1.7x DSCR does not have much room for error. If the founder’s departure triggers 20% churn in the first year, that DSCR collapses and the loan becomes a problem fast.
Expect SBA underwriters to ask pointed questions about customer concentration, founder involvement in sales and delivery, and what institutional knowledge exists outside the founder’s head. They have seen enough deals unwind post-close to know exactly where to probe.
We see this come up on nearly every SaaS deal we work. The lender wants to know two things: is the business sellable operationally, and does the cash flow hold after transition. If you cannot answer both clearly, the deal stalls.
The Four Forms It Takes in SaaS
Not all key person risk looks the same. It shows up in four distinct ways, and you need to check for each one separately.
Technical dependency. The codebase was written entirely by the founder or a single senior developer. No documentation. No other engineer understands the architecture. Bugs and feature requests can only be addressed by one person. This is extremely common in bootstrapped SaaS businesses under $3M in annual recurring revenue (and honestly, we see it at higher revenue levels too, more often than you would expect).
Customer relationship concentration. Three to five customers represent 60% or more of revenue, and all of them have a personal relationship with the founder. They signed because of trust in that individual, not trust in the product. If the founder leaves, those conversations start.
Sales process dependency. The founder closes all new business personally. No defined sales process, no CRM with meaningful data, no other team member who has ever run a sales call. The pipeline lives in the founder’s head.
Operational single points of failure. The founder handles billing, vendor relationships, customer onboarding, and support escalations simultaneously. There are no SOPs. Training a replacement would take 12 to 18 months.
Most deals have one or two of these. The deals that have all four are restructuring projects, not acquisitions, regardless of the multiple being asked.
How to Quantify It Before You Make an Offer
All of that matters conceptually. But the practical question is harder: how do you put a number on it before you commit?
The worst thing you can do is acknowledge key person risk in the abstract and then keep marching through diligence as though you have accounted for it. You need to quantify it. Here is the framework we use when evaluating SaaS deals for clients.
Start with the customer conversation test. Can you get on a call with the top five customers without the seller present? If the seller resists this or the customers are consistently unavailable, that tells you something real about how embedded those relationships are.
Then look at churn data segmented by cohort. Monthly or quarterly churn broken down by when customers signed up. If the seller cannot produce this, that is a data organization problem that signals larger operational gaps underneath. Side note: this is also one of the first things an SBA underwriter will ask for during diligence, so if the seller cannot produce it for you, they will not be able to produce it for the lender either.
Ask for a technical audit. Hire a developer for a day to review the codebase, documentation, and deployment infrastructure. A few hundred dollars upfront can save you six figures on the wrong deal.
Run the “bus test” directly with the seller. Ask them plainly: if you were unavailable for 30 days starting tomorrow, what would break? Their answer reveals more about the business than most of the financials do.
Finally, map every revenue dollar back to a relationship. How many customers signed because of the product versus because of a personal connection with the founder? This is not always a clean number, but you can get a directional answer through customer interviews. And that directional answer is usually enough to know whether you are buying a business or buying a relationship.
Structuring Around Key Person Risk in the Deal Terms
You cannot eliminate key person risk through deal structure alone. But you can price it correctly and protect yourself if it materializes.
The most effective tool is an earnout tied to post-close revenue retention. If the seller believes their departure will not hurt the business, they will accept terms that pay them more if that proves true. If they push back hard on any retention-linked component, take note. That reaction is data.
A seller note on full standby is standard on most SBA deals we work. The 10-year standby, 0% interest structure we achieve on the majority of our deals (roughly 90% or more) means the seller has real skin in the game post-close. That alignment matters significantly more on high key person risk deals than on clean ones, because the seller’s eventual payout depends on the business continuing to perform.
Extended transition periods are the other lever. A 90-day consulting agreement post-close is common. On high dependency deals, we push for 12 to 24 months with specific milestones: documented SOPs for every core process, introductions to all major customers, code review sessions with the incoming technical team.
You can also negotiate a price reduction. If the business has genuine key person risk that you can demonstrate concretely, that is a legitimate reason to haircut the multiple. A business that should trade at 4x clean ARR might be more appropriately priced at 3x to 3.2x with significant unmitigated dependency on the founder. Structure matters more than price on most deals, but when key person risk is real and measurable, it should affect price too.
And do not forget working capital. Buyers get focused on the purchase price and deal terms and overlook the 2 to 6 months of working capital they need on hand post-close. On a SaaS deal with key person risk, working capital matters even more, because the transition period is where unexpected costs show up. Budget for it as a non-negotiable part of your total capital requirement.
What Good Looks Like: A Reduced-Risk SaaS Deal
To make this concrete, here is what a lower-risk SaaS acquisition looks like when you are screening deals.
Say you are looking at a $1.8M ARR project management SaaS serving construction companies. 140 customers. Average contract value around $13K. The founder has been running it for six years and wants to exit.
You want to see: a small team (two to three people) handling support and implementation independently. A customer success process that is documented and repeatable. No single customer representing more than 8% of ARR. A sales process the founder has already handed to a sales hire. And technical documentation thorough enough that an outside developer can work in the codebase within a week.
That business still has key person risk, because every owner-operated business does. But it is manageable. You can build a transition plan around it, get an SBA lender comfortable, and close with reasonable confidence the revenue holds.
The businesses where key person risk becomes a genuine deal-killer are the ones where none of that infrastructure exists, the seller has had no reason to build it, and the buyer would essentially be acquiring a job that only one specific person knows how to do.
The Post-Close Reality Most Buyers Underestimate
Most buyers spend 90% of their energy evaluating a business pre-close and not nearly enough planning the post-close transition. SaaS business key person risk is specifically a post-close problem.
Pre-close, the founder is still running everything. The risk is latent. Invisible, almost. Post-close, it becomes real and immediate. Every customer who emails the founder directly. Every bug that requires their institutional knowledge. Every sales call that was supposed to follow the old playbook but now needs someone who does not have the context.
The buyers who get through this cleanly are the ones who treated the transition plan as a deliverable, not an afterthought. They documented every dependency before close, structured earnouts and consulting agreements to keep the seller invested, and built technical and operational redundancy in the first 90 days.
The ones who struggle assumed the business would “figure itself out” once they took the keys. It does not.
Frequently Asked Questions
What is key person risk in a SaaS business?
Key person risk in a SaaS business is the operational or revenue exposure that exists when critical functions depend on a single individual, usually the founder. It includes technical dependency on one developer, customer relationships tied to one person, or a sales process that exists only in someone’s head. When that individual exits post-close, the business becomes vulnerable to revenue loss and operational disruption.
How does key person risk affect SBA loan approval for a SaaS acquisition?
SBA lenders underwrite to the business’s ability to service debt. If cash flow projections depend on revenue that could erode after a founder departure, lenders will either require stronger deal structure protections or decline the deal outright. Expect underwriters to ask specifically about customer concentration, transition plans, and whether the business can operate without the seller on a daily basis.
Can you negotiate a lower price because of key person risk?
Yes. Documented key person risk is a legitimate basis for price reduction. If you can demonstrate through customer interviews, a technical audit, or churn analysis that meaningful revenue depends on the seller’s continued involvement, that justifies a lower multiple. A business with significant dependency should trade at a discount to a comparable business with documented processes and distributed relationships.
What deal terms help protect against key person risk post-close?
The most effective protections are an earnout tied to revenue retention, an extended seller consulting agreement with specific milestones, and a seller note that keeps the seller financially aligned with post-close performance. A 10-year full standby seller note at 0% interest means the seller’s exit payment depends on the business generating enough cash flow to service debt, which creates real alignment during the transition.
How long should a seller transition period be for a high-dependency SaaS deal?
For most SaaS deals, 90 days is the standard consulting period. For high dependency deals where the seller is deeply embedded in customer relationships or serves as the primary technical resource, push for 12 to 24 months with defined deliverables. Those deliverables should include documented SOPs, code documentation, completed customer introductions, and a fully operational handoff of ongoing systems and vendor relationships.
Thinking About Acquiring a SaaS Business?
Key person risk is one of dozens of variables we evaluate on every deal. We review 120 to 150 deals per week across industries, and SaaS acquisitions require a particular level of technical and structural diligence to get right.
Regalis Capital runs a done-for-you acquisition advisory service. We find deals, underwrite the risk, structure the terms, and manage the full SBA process from LOI to close.
If you are serious about acquiring a SaaS business and want a team that has worked through these deals before, start here.