Stay up to date

INSIGHTS > SaaS TALK > A Conversation with MetricStream

SaaS Talk

A Conversation with MetricStream

Gunjan Sinha

Executive Chairman, MetricStream

Gunjan Sinha serves as the Executive Chairman of MetricStream. Prior in his career, he was the founder of WhoWhere?, an internet search engine, and also the co-founder of eGain, a customer engagement software company.

Learn More
Gunjan Sinha

INTERVIEWER

About MetricStream

MetricStream is an independent global provider of governance, risk and compliance (GRC) apps and solutions.

Learn More

Robert

At a high level, why is GRC so important, and why is it becoming even more important for enterprises in all verticals?

Gunjan

GRC has become important in the last 30 years due to technology and software adoption with the advent of SaaS. Technology is permeating every facet of global enterprises, and there is a real acceleration in every direction of the digital transformation. This acceleration is all very good, but with it comes a challenge.

When you’re trying to build, let’s say, a high-performance car, you need the accelerator, but you also need the brakes. You need the controls. You need the ability to regulate. In the GRC industry, you need to look at the reverse side of the growth equation and ask, “How do I think about risk management, regulators, compliance and governance?” Ask about your policies, both the written and unwritten social contract that your company has to adhere to.

But GRC is not just about complying with regulations. It is the reason a firm will ultimately win the race in a sustainable manner, because you know when to tap the breaks while accelerating, and it means you’re able to make the turns without crashing into walls, so to speak. You need both the brakes and the accelerators to succeed. You can’t simply operate on accelerators.

Robert

Financial services firms focus a lot on risk, and understandably so. Are there other industries that should place a higher emphasis on risk, too?

Gunjan

In addition to financial services, healthcare, energy and utilities are highly regulated industries, so there’s an automatic driver for firms in these industries to focus more on risk.

GRC is not just about the fines or penalties; the reputational damage of making a mistake can be significant. That’s why in the next 10 years, this is going to be an area where we will have to exercise a greater degree of self-regulation, if not government regulation, and better risk management, governance and compliance.

When I look at industries now, especially where there’s a high technology quotient, where people have access to digital transformation and digital data, there’s a rise in the volume, velocity and variety of data. Therein lies the ability to do and think about the opportunity around GRC, because it allows you to now leverage all the data to get into different markets, especially regulated markets.

Robert

How do you think GRC is going to affect the technology landscape, on both the B2B and B2C sides?

Gunjan

Technology companies are amassing unprecedented amounts of data. Data is the new oil. It is the currency that’s going to drive profits and market competitiveness. With data comes a tremendous amount of responsibility. You have to make sure that you’re treating it with the right controls, so that the owners of the data are actually benefiting from their own data. You have to understand where not to use data in a way that compromises data privacy. This is particularly important in the technology sector because we are swimming in data. Our sector is harnessing data to the fullest, but we need to become more responsible about how we manage our own data.

Robert

You need to be mindful of where you have access to data, and ensure that data is kept private. Correct?

Gunjan

You want the balance of privacy. You want to make sure that the data is readily accessible, yet private. Governance, risk management and compliance have to be thought of as the core in your strategy. You have to create the balance of how you may give people access in a way that doesn’t compromise the policies, regulations, risk profile and risk appetite of your customers.

Robert

For a growing enterprise SaaS company, when do you think is a good starting point to think about GRC?

Gunjan

You need to start thinking about the elements of GRC from day one, because this is what allows you to stay in business. It allows you to build trust with your customers, to prove that you know how to handle their data with the highest level of security, privacy and care. GRC allows you to build your business in a sustainable manner where you stay within the boundaries of corporate governance, risk management and compliance that are represented to your stakeholders. Long before you become a Ferrari, even if you had a bicycle, you still need the brakes on your bicycle.

I would urge the enterprise SaaS companies, including management and board members, to make sure that the GRC journey is a part of the blueprint and not an afterthought. It is not something that you do after you go public or after you become a certain size. You’re responsible for your customers’ data and applications, starting at day one.

Robert

Especially within the enterprise, what advice do you have on the right way to scale a business? What advice would you share with companies that are taking off and growing now?

Gunjan

My biggest piece of advice is to find a problem that’s worth solving with a real need in the marketplace. Then, you need to surround yourself with high-quality people. I don’t mean people with certain experience levels or certain degrees. You have to really think through, in your universe, what does high-quality mean? Entrepreneurship is a game of high performance, and it starts with people. When I look at everything that I’ve done, I see that it’s because I had a really good set of people around me. I urge people, entrepreneurs and founders, to be more open-minded when curating their ecosystem and environment. You maximize your chances of success by including the right set of people.

Robert

We’ve been in a bull market now for almost 10 years. What do you think the impact of a recession will be on the tech sector, and specifically on enterprise SaaS companies? Would you share your perspective from a public market and private company standpoint on what would happen in a downturn?

Gunjan

Today, more companies are going public later and later in their lifecycle. With the amount of capital that is sitting in the private markets, and if you assume a downturn to be a couple of years, there’s ample private capital you can deploy to help build your business. So, you don’t need the public markets to build your business.

The fundamental change that happens is how your customers perceive their ability to invest in a recession. When it comes down to that, the things that matter, when the markets are buoyant versus when markets are down, are going to be things which “have deeper value proposition.” Some of the best businesses have actually been built in recessionary times. For example, Google came out of the dotcom crash. Companies that have deep value propositions are going to thrive when the recession puts pressure on all the software companies.

Robert

Often GRC companies perform just as well in a downturn as they would when markets are performing well, but compliance and regulatory issues are more likely to surface once growth slows. Would you agree that there’s a focus on protecting the downside and eliminating any potential risk when the market is unstable?

Gunjan

In a downturn, people are going to be more operationally focused on their risk tolerance and risk appetite, and turn their attention toward executing risk management more soundly within higher margins. Your value proposition has to go deeper to make the cut, to get the funding needed to be able to help you continue to stand up and grow.

The second thing I would highlight is that, by definition, the SaaS business is about a recurring business model, which is very powerful. That’s what investors and entrepreneurs like about them. That’s the positive part of it, that you actually are building a business that you can rely on, even if your growth has slowed down. The only counter thing would be to make sure that customer engagement and customer success go deeper. You need to be able to count on your revenues and not see a spike in customer churn or other metrics that take away from your base of recurring business.

Robert

How has GRC evolved over the last decade, and how is it going to continue to evolve in the future?

Gunjan

First, you’re going to see more and more applications of artificial intelligence (AI) in the world of GRC. You’re going to see more intelligence flowing in, so that GRC can be more of a preventative tool, instead of a reactive tool. It won’t be quite like autopilot where the car runs on its own, but it will be like keeping your hands on the wheel while the car knows how to make turns and navigate through traffic. GRC will become more AI-driven and semi-autonomous in many places. It will avoid failures, risk, catastrophic fines and brand damage for companies, with little intervention from people.

The other trend I see is people coming together as hubs to build a GRC ecosystem not just for one company, but a set of companies. This way, they can come together to create things that help a segment of the industry, or vertical, over time.

Golub Growth is not responsible for the information or views communicated by representatives of other companies. This material is not indicative of the past or future performance of any Golub Growth product and should not be considered as investment advice or a recommendation by Golub Growth of any particular security, strategy or investment product. Golub Growth has distributed this material for informational purposes only.