The user who currently holds escrow can distribute those recovery keys to other accounts in that family/team/enterprise. This is why 1Password SaaS forces you to have at least one account admin (aka the user with recovery keys). If you somehow have 0 account admins, creating a recovery key -- without full decryption access to a vault, aka, user still knows their password & account key -- is impossible.
My point is not so much to throw 1Password under the bus (I'm a happy user), but I'd be curious to see a description of how this works.