You find a SaaS listing with solid ARR, clean churn numbers, and a reasonable multiple. Then you see it in the customer breakdown: one customer accounts for 28% of revenue. The checklist turns red. Your broker calls it a concern. Half the forums say walk away. So you pass, and the business sells to someone who knew what you didn't. Concentration is a pricing input, not a veto.
What the Standard Checklists Actually Say
Conventional due diligence guidance on customer concentration is consistent. Any single customer above 15% to 20% of ARR gets flagged as a risk that needs addressing. ScaleWithCFO treats a top customer above 20% of revenue as a concern. GSquaredCFO goes further: every customer representing more than 5% of revenue gets individual analysis. 1
The logic is straightforward. If that customer churns, you lose a disproportionate share of your revenue base overnight. For a business doing $500K in SDE with a 25%-concentration customer, losing that account might cut SDE by $125K or more, depending on margin. That's not a papercut. That's a restructuring event.
None of this is wrong. The risk is real. The problem is that most checklists stop there: they identify the risk, assign it a red status, and imply you should move on. What they don't do is tell you what to do with that information when the business is otherwise attractive.
Concentration as a Structural Input, Not a Disqualifier
FE International takes a different position. Their framework treats customer concentration as a deal-structuring variable: something you price into the valuation or address through an earnout tied to retention, rather than a condition that ends the conversation. That's a meaningfully different posture, and it opens up a category of acquisitions that most first-time buyers filter out entirely. 2
Small SaaS businesses almost always have some degree of concentration. Requiring diversification before buying means disqualifying most of the market. A business with ten customers where the top three each account for 20% isn't unusual. It's typical for products with high ACVs and long sales cycles. If you need a perfectly distributed customer base before you'll sign an LOI, you'll be waiting a long time.
The Math That Makes This Work
Run the actual numbers. SDE multiples for SaaS businesses under $5M typically sit between 2.5x and 4x, depending on growth rate, churn, and owner involvement. Take a $500K SDE business that would normally trade at 3.5x, or $1.75M. One customer accounts for 25% of ARR. You negotiate a 15% discount on that basis: $1.75M x 0.85 = $1.49M. That's $262K back in your pocket at close. 3
If that anchor customer stays for two years post-close, which is the modal outcome for a satisfied B2B SaaS customer, you've captured the full $262K discount as margin. You took on a priced risk and the risk didn't materialize. That's what repricing is supposed to accomplish.
Even if the customer churns in year one, you're still better off than the buyer who paid full price and absorbed the same churn without a discount. The price reduction partially insulates you. The deal isn't riskless. It's a fair trade.
How Earnouts Shift the Risk Back to the Seller
A price discount prices the risk at close. An earnout prices it over time, which is often the better structure when you can't confidently estimate churn probability. A typical SaaS earnout runs roughly 70% cash at closing with 30% in performance-based provisions over 12 to 36 months. Tie that 30% to retention of the anchor customer and you've aligned the seller's incentives directly with your biggest risk. 2
Here's what that looks like on a $1.75M deal: $1.225M at close, $525K contingent on the anchor customer's retention over 24 months. Customer stays, seller gets paid in full, you bought a business that performed as expected. Customer churns, the seller absorbs the loss through reduced deferred consideration rather than you absorbing it through reduced cash flow. The seller has the relationship and the product knowledge. They're better positioned to predict and influence that outcome than you are.
Escrow and holdbacks work alongside this. Reserving 5% to 15% of the purchase price for post-close issues gives you an additional buffer if undisclosed problems surface after signing. On a concentration-heavy deal, push toward the upper end of that range. 2
The Real Risk: Change-of-Control Clauses
The concentration percentage itself isn't what kills deals. What kills deals is a change-of-control clause in the anchor customer's contract that gives them the right to terminate or renegotiate when the business changes hands. If that clause exists and the customer is personally tied to the founder, you don't have a concentration problem. You have a customer-won't-survive-the-acquisition problem. That's a different situation entirely.
This is where most checklists fail first-time buyers. They flag the revenue percentage and stop. The real diligence task is reading the contract. Does a change of control trigger a termination right? Is pricing locked, or does it reset on transfer? Is there a notice requirement that exposes the deal before close? You can't answer these questions from a revenue breakdown. You need the actual agreement.
- Does the customer contract include a change-of-control clause, and what does it trigger: termination, renegotiation, or just notification?
- Is the customer relationship held by the founder personally, or does it sit with a team or account manager who'll transition with the business?
- What's the customer's contract term and renewal date relative to the expected close date?
- Has the customer expanded usage over time, or has spend been flat or declining?
- Does the product deliver measurable value to the customer's core workflow, or is it a discretionary tool that could get cut?
If the answers come back clean: no termination clause, relationship isn't founder-dependent, contract is multi-year and recently renewed, then the concentration figure is mostly noise. You're looking at a stable, high-value customer who grew faster than the rest of the base. Price it appropriately and move forward.
When Concentration Should Actually Give You Pause
This isn't a blanket argument that concentration is always fine. Some configurations genuinely change the risk profile enough that you'd need a very steep discount to make the math work. A few configurations have no right price at all.
| Scenario | Risk Level | Best Response |
|---|---|---|
| One customer at 25% ARR, multi-year contract, no change-of-control clause, expanding usage | Low to moderate | Reprice 10–15%, standard earnout |
| One customer at 40%+ ARR, month-to-month contract, founder-held relationship | High | Steep discount plus retention-tied earnout, or pass |
| One customer at 25% ARR with explicit termination-on-transfer clause | Very high | Get a waiver before close, or pass |
| Top 3 customers each at 20% ARR, all under long-term contracts | Moderate | Reprice on aggregate concentration, confirm each contract |
| How to respond to different concentration configurations during due diligence |
Concentration becomes a genuine disqualifier less because of the percentage and more because of the combination: short contract terms, founder-dependent relationships, and bad change-of-control terms together create a situation where the risk isn't priceable. You can't estimate the probability of loss, so you can't set a fair price. Any one of those factors alone is manageable. All three together is a pass.
What This Means for How You Evaluate Listings
If you've been filtering out listings the moment you see concentration above 20%, you've probably passed on businesses worth a second look. The better filter is whether the risk is contractually bounded and whether the deal structure can price it correctly. Most of the time, it can.
The buyers who consistently find value in the small SaaS market aren't the ones who avoid all risk. They're the ones who identify which risks are priceable and which aren't, then build deal structures accordingly. Customer concentration almost always falls in the priceable category. Change-of-control exposure with no mitigation path does not.
Run the DealScorer acquisition checklist on any listing you're evaluating to surface contract-level risks alongside the revenue breakdown. Concentration looks very different once you know what the underlying contracts actually say.
Key takeaways
- Customer concentration above 20% is a pricing input that warrants a discount,such as 15% off a $1.75M deal, saving $262K at close,rather than an automatic reason to walk away.
- An earnout structure, typically 70% cash at close with 30% contingent on anchor-customer retention over 12 to 36 months, shifts the churn risk back to the seller who best understands the relationship.
- The more dangerous issue is a change-of-control clause in the anchor customer's contract, which can trigger termination or renegotiation when the business changes hands,something a revenue breakdown alone won't reveal.
- Concentration becomes a genuine disqualifier only when short contract terms, founder-dependent relationships, and unfavorable change-of-control provisions appear together, since that combination makes the risk impossible to price.
- Buyers who filter out every listing above 20% concentration likely pass on attractively priced businesses, since small SaaS companies with high ACVs and long sales cycles routinely carry top customers at that level.
Footnotes
-
https://www.scalewithcfo.com/post/saas-due-diligence-checklist — ScaleWithCFO's SaaS due diligence checklist, which flags top customers above 20% of revenue as a concern and provides the standard treatment of concentration risk. ↩
-
https://www.feinternational.com/blog/saas-due-diligence-checklist-buyers — FE International's buyer-focused due diligence framework, including earnout structures, escrow ranges, and the treatment of customer concentration as a deal-structuring variable rather than a disqualifier. ↩ ↩2 ↩3
-
https://www.feinternational.com/blog/saas-due-diligence-checklist-buyers — Source for typical SDE multiples on SaaS businesses under $5M in value, ranging from 2.5x to 4x depending on growth rate, churn, and owner involvement. ↩