.png){kind=logo}
Updated: 06 February 2026
For the purpose of this analysis, Governance, Regulatory, and Compliance (“GRC”) software companies refers to platforms that help organisations manage governance, risk, and regulatory compliance processes on an ongoing basis.
This includes software for:
The defining characteristics across these platforms is that they are embedded in recurring, mission-critical workflows, rather than used on a one-off or project basis.
This analysis does not include pure consulting-led offerings, standalone ESG data providers without workflow integration, or tools primarily focused on advisory or reporting services rather than software-driven processes.
GRC software platforms have attracted sustained buyer interest due to a combination of structural and regulatory dynamics.
For customers, compliance and risk management are non-discretionary activities. Regulatory requirements tend to increase in scope and complexity over time, rather than diminish, which supports long-term demand for software that can systemise and automate compliance processes.
From a buyer/investor perspective, this translates into:
In addition, many SaaS GRC platforms have expanded from point solutions into broader compliance or risk management suites, creating opportunities for upsell, cross-sell, and platform expansion post-acquisitions.
While often discussed as a single category, GRC software spans several distinct sub-segments with materially different characteristics.
At one end of the spectrum are enterprise-grade, regulated GRC platforms, typically serving financial institutions, trading firms, or heavily regulated industries. These platforms tend to be deeply embedded, high-ACV (annual contract value), and closely tied to regulatory frameworks.
A second group consists of operational and third-party risk platforms, including supplier compliance, audit workflows, and broader risk management tools used across regulated and non-regulated sectors. These businesses often serve a wider customer base and exhibit greater variation in scale and pricing.
In some cases, a third category includes lighter-weight or SMB-focused GRC tools, where regulatory depth is lower and customer usage patterns differ materially.
Understanding where a company sits within this spectrum is critical to understanding valuation outcomes.
Transaction details, valuation metrics, and supporting context are available to NKP subscribers.
January 2026: Carne Group (Ireland) minority acquired by Permira (private equity firm)
EV/Sales (2025-03R)
Carne Group provides governance, regulatory, and compliance services and technology to the asset management and funds industry, supporting fund governance, regulatory oversight, and operational compliance across multiple jurisdictions. The business operates at the intersection of regulatory compliance and financial services infrastructure, with strong exposure to recurring regulatory-driven workflows.
According to the official press release, the acquisition valued Carne Group at approximately EUR 1.4 billion. For the financial year ending 31 March, 2025, Carne Group reported revenues of EUR 119.6m, and the deal thus reflecting an EV/Sales (FY0) of 11.7x. Reportedly, Carne Group had been marketed off a 2025 adj. EBITDA of around EUR 30m, which would indicate an EV/EBITDA (FY0) of around 45-47x.
October 2025: Softway Medical (France) acquired by Bain Capital (private equity firm)
EV/Sales (2024-12R)
Softway Medical develops healthcare software solutions that include compliance, governance, and regulatory modules supporting healthcare providers in meeting clinical, data protection, and regulatory requirements. While not a pure-play GRC vendor, the business illustrates sector-specific, regulation-driven software models.
According to the official press release, the acquisition valued Softway Medical at EUR 1.2 billion, while the company had reportedly (according to our sources) been marketed off expected 2025 revenue of EUR 175m while it had reported 2024 revenue of EUR 150m, the deal thus reflecting an EV/Sales (FY1) of 6.9x and EV/Sales (FY0) of 8x. Reportedly, Softway Medical had been marketed off 2025E adj. EBITDA of around EUR 30m, the deal thus representing an EV/EBITDA (FY1) of 40x.
November 2025: Raptor Technologies (US) acquired by Warburg Pincus (PE firm)
EV/EBITDA (2025-12E)
Raptor Technologies provides risk and compliance software focused on safety, security, and incident management, primarily for education and enterprise environments. While not core regulatory compliance software, the business represents a risk-management adjacency where governance and compliance requirements are embedded in operational workflows.
According to multiple sources with knowledge of the matter, the transaction value Raptor Technologies at USD 1.8 billion, while the company reportedly expected full year 2025 adjusted EBITDA of USD c.80m the transaction thus representing an EV/EBITDA (FY1 ~ 2025E) of 22.5x.
September 2025: Decision Focus (Denmark) acquired by Keensight Capital (PE firm)
EV/EBITDA (2025-12E)
Decision Focus develops compliance and policy management software used by regulated organisations to manage regulatory obligations, internal controls, and governance processes across complex operational environments.
According to sources familiar with the matter and media reporting at the time, Keensight Capital paid an enterprise value of DKK 750-850m, while Decision Focus reportedly had estimated EBITDA (2025E) at the time of approximately DKK 40m. The transaction thus reflecting an estimated EV/EBITDA (2025E) of 18-20x (this figure is lower, but more accurate, than media reporting at the time we believe).
November 2022: Decision Focus (Denmark) acquired by Via Equity (private equity firm)
EV/EBITDA (2022-12E)
In November 2022, Danish private equity firm Via Equity acquired a 75% majority stake in Decision Focus from its founder, in a deal valuing the firm at DKK 183m according to our analysis of the balance sheet of the selling entity’s 2022 financial report. The company was reportedly marketed off adjusted EBITDA for 2022 of approximately DKK 19m, the transaction thus reflecting an EV/EBITDA (FY1) of 9.6x.
July 2025: FundApps (UK) receives investment by FTV Capital (private equity firm)
EV/ARR (at time of acq.)
FundApps is a compliance software provider focused on regulatory monitoring and reporting for asset managers, banks, and investment firms, with particular strength in automated regulatory rule tracking and breach detection across multiple jurisdictions.
According to our sources familiar with the matter, FTV’s investment valued FundApps at GBP 370m at a time when the UK firm had an estimated recurring revenue (ARR) of approximately GBP 35m, the deal thus reflecting an EV/ARR of 10.6x. For 2024, FundApps reported revenue of GBP 27.8m so the EV/Sales (FY0) amounted to 13.3x.
July 2025: Wolters Kluwer FRR unit (Netherlands) acquired by Regnology (strategic acquirer)
EV/Sales (2024-12R)
Wolters Kluwer’s Financial, Risk & Regulatory Reporting unit provides regulatory reporting and compliance software to financial institutions, supporting obligations across banking, insurance, and capital markets. The unit is deeply embedded in regulatory-driven, mission-critical workflows.
According to the official press release, the transaction valued the FRR unit at approximately EUR 450m, and 2024 revenue for the business unit had been reported at EUR 123m, the deal thus reflecting an EV/Sales (FY0) of 3.7x. Wolters Kluwer’s group level adjusted EBITDA margin was historically around 30% - if assuming this held true for the FRR unit, its EBITDA could cautiously be estimated at approximately EUR 35-40m at the time of Regnology’s acquisition, the deal thus reflecting an EV/EBITDA (FY0) of 12-14x.
July 2025: Goldman Sachs-led consortium acquires Navex (US) (private equity firm)
EV/ARR
NAVEX (formerly NAVEX Global) is a leading provider of integrated governance, risk, and compliance (GRC) software and services, centered around their cloud-based NAVEX One platform. It helps over 13,000 global organizations manage risks, automate compliance tasks, protect reputation, and foster ethical, secure cultures.
According to media coverage at the time, the deal valued Navex at USD 2.5 billion. Sources familiar with the matter estimate Navex had annual recurring revenue of approximately USD 360m at the time of acquisition, the deal thus valuing Navex at an EV/ARR of around 6.9x.
February 2025: OTPP (a pension fund) contemplates sale of Mitratech (US) at a valuation of more than USD 4 billion (acc. to Reuters)
EV/EBITDA (TTM)
(sell-side expectations - not a transaction)
Miratech provides governance, risk, and compliance software and services primarily to regulated financial institutions, supporting regulatory reporting, compliance monitoring, and operational risk management. The business combines software platforms with embedded compliance tooling in complex regulatory environments.
According to Reuters reporting at the time, OTPP was weighing a sale of its Austin, Texas based GRC platform Mitratech with expectations of a valuation (enterprise value) of more than USD 4 billion which would have reflected an EV/EBITDA (TTM) of approximately 20x.
September 2024: Biocatch (Israel) acquired by Permira (private equity firm)
EV/ARR
BioCatch develops behavioural analytics software used by financial institutions to detect fraud, financial crime, and compliance risks, supporting regulatory obligations related to transaction monitoring and risk mitigation. The platform sits at the intersection of compliance, risk, and financial-crime prevention.
Permira’s acquisition valued BioCatch at an enterprise value of EUR 1.3 billion, and an implied EV/ARR of 10.2x - in an interview in January 2025 with Tech TLV, Gadi Mazor, CEO of BioCatch, revealed the company had ARR of USD 150m ~ EUR 127m.
July 2024: AuditBoard (US) acquired by Hg (private equity firm)
EV/ARR
AuditBoard is a cloud-based GRC platform supporting audit management, risk assessment, internal controls, and compliance processes for large enterprises, with a particular focus on SOX compliance and enterprise risk management.
The transaction valued AuditBoard at more than USD 3 billion, according to sources and media reports at the time, while prior to the deal AuditBoard had publicly claimed surpassing an ARR of USD 200m. This would imply an EV/ARR of up to 15x.
June 2024: Model N (US) acquired by Vista Equity Partners (private equity firm)
EV/ARR
Model N provides revenue management and compliance software to life sciences and high-tech companies, supporting regulatory pricing, contracting, and compliance obligations in highly regulated markets. The business represents sector-specific regulatory compliance software rather than horizontal GRC.
Vista Equity’s all cash acquisitions valued (EV) Model N at approximately USD 1.25 billion according to the official communication at the time. As of Q2-2024, Model N reported having an ARR of USD 139.1m, the take-private deal thus valuing the company at an EV/ARR of ~9x.
February 2024: Marlowe’s GRC division (Axiom GRC) (United Kingdom) acquired by Inflexion (PE)
EV/EBITDA (2023-12R)
Axiom GRC comprises Marlowe’s governance, risk, and compliance software assets, providing compliance management, audit, risk, and assurance tools to regulated and non-regulated organisations. The carve-out created a standalone, software-led GRC platform with recurring revenues.
According to the official filings, the acquisition announced in February 2024 valued Marlowe’s GRC division (since rebranded as Axiom GRC) at an enterprise value of GBP 430m. For the financial year 2023, the business unit had adjusted EBITDA of GBP 26.5m, the deal thus implying an EV/EBITDA (FY0) of 16.2x.
April 2023: GIC (sovereign wealth fund) invests in Quantexa (United Kingdom)
EV/ARR
(series E funding round - not a buyout datapoint)
Quantexa provides data analytics and decision-intelligence software used for risk management, compliance, and financial crime prevention, leveraging advanced analytics to support regulatory and governance use cases. While analytics-driven, its primary applications are compliance- and risk-led.
The GIC-led series E funding round for London-based Quantexa valued the company at USD 1,800m, while it had ARR at the time of approximately USD 85m, the investment thus indicating an EV/ARR of around 21x.
June 2022: Ideagen (United Kingdom) acquired by Hg (private equity firm)
EV/ARR
Ideagen is a global provider of governance, risk, and compliance software, offering solutions for quality management, audit, compliance, and risk across regulated industries including aviation, healthcare, and financial services.
The take private of Ideagen by Hg valued the company at an enterprise value of around GBP 1,090m or 11.2x annualised pro-forma revenue of GBP 97m as of November 2021.
February 2022: ETQ (US) acquired by Hexagon (strategic)
EV/Sales (2022-12E)
ETQ is a quality management and compliance software provider, supporting regulated manufacturers with quality assurance, compliance, and risk management workflows across highly regulated industries.
Hexagon’s acquisition valued ETQ at an enterprise value of USD 1.2 billion according to the official filings while ETQ guided expected 2022 full year sales of around USD 75m, the transaction thus reflecting an EV/Sales (FY1) of 16x.
July 2021: CoreStream (US) acquired by Marlowe Plc (strategic)
EV/Sales (2021-03-31R)
CoreStream provides compliance and workforce management software focused on regulated labour markets, supporting organisations with compliance, accreditation, and workforce governance requirements.
According to the official press release at the time, Marlowe paid at enterprise value of GBP 18m while CoreStream, a small GRC firm at the time, had reported revenues of GBP 4.8m for financial year ending 31 March 2021, the deal thus reflecting an EV/Sales (FY0) of 4.4x.
November 2021: CompliSpace (Australia) acquired by Ideagen Plc (strategic)
EV/Sales (2021-06R)
CompliSpace is a compliance management software provider focused on governance, risk, and compliance in education, healthcare, and regulated public-sector environments, offering policy, incident, and compliance workflow tools.
Ideagen paid an enterprise value of AUD 105m according to the official filings at the time, while CompliSpace had reported revenues of AUD ~15m for the financial year ending 30 June 2021, the deal thus reflecting an EV/Sales (FY0) of 6.8x.
June 2020: Trapets (Sweden) acquired by Monterro (private equity firm)
EV/Sales (2019-12R)
Trapets provides compliance software for anti-money laundering (AML), transaction monitoring, and financial crime prevention, primarily serving financial institutions and other regulated entities.
According to our analysis of the statutory accounts of the acquiring entity, the transaction valued Trapets at SEK 320-330m, while the Swedish firm had reported 2019 revenues of SEK c.56m, the deal thus reflecting an EV/Sales (FY0) of approximately 5.7-5.9x.
Taken together, the transactions outlined above suggest that established GRC software platforms have typically transacted in an EV/Sales range of approximately 7–10x. For more mature, profitable platforms where EBITDA is a relevant valuation lens, this has broadly corresponded to EV/EBITDA outcomes in the mid-teens to low-twenties range, with dispersion driven by regulatory depth, customer segment, and degree of workflow embedment.
Valuation dispersion in GRC is driven less by the “GRC” label itself and more by a combination of commercial and structural factors.
Key drivers typically include:
International scalability and the ability to support multiple regulatory regimes can also materially influence buyer perception, particularly for cross-border acquirers.
As a result, superficially similar GRC platforms can trade at meaningfully different valuation levels.
The buyer universe for GRC software typically spans both private equity and strategic acquirers, often with different investment rationales.
Private equity buyers are generally attracted to the predictability of cash flows, low churn dynamics, and opportunities to build broader compliance platforms through add-on acquisitions.
Strategic buyers, including larger software vendors and data providers, often view GRC platforms as either:
Cross-border acquisition interest is common, particularly where regulatory complexity creates barriers to entry and local incumbency matters.
Despite broader macroeconomic uncertainty, buyer interest in GRC software has remained comparatively resilient.
While acquisition activity has become more selective, demand for compliance and risk management capabilities has not diminished. Buyers continue to prioritise quality assets with clear regulatory relevance, strong retention metrics, and defensible product positioning.
Valuation expectations in the sector have therefore tended to be more range-bound than in many other software categories, with outcomes driven primarily by company-specific fundamentals rather than sentiment alone.
One common misconception is that all GRC software commands uniformly high “SaaS-like” multiples. In practice, outcomes vary widely depending on customer profile, regulatory depth, and product maturity.
Another frequent assumption is that regulatory exposure alone guarantees valuation support. While regulation can create strong demand tailwinds, buyers place equal weight on commercial execution, scalability, and the sustainability of revenue streams.
Understanding these nuances is often critical for interpreting transaction outcomes correctly.
NKP’s focus is editorial coverage for professional investors and advisors. We do not provide bespoke valuation opinions or comp analyses on request.
In selected cases, we work directly with company owners or sell-side advisors where there is a clear rationale for coverage that would be relevant to our subscriber base - typically to ensure accurate context and positioning.
If you believe your company or situation fits that category, you are welcome to reach out in confidence - we will treat it confidentially, and with no obligations implied.
Valuation references are indicative and reflect NKP’s assessment of historical transactions based on available information at the time. Supporting detail and methodology are available to subscribers.
%20(6).png){kind=logo}