How does the recovery of a private vault in the Family account work

I’m trying to wrap my head around how private vault recovery works when someone forgets their Master Password. From what I understand, the Master Password plus the Secret Key are used to lock and unlock the keys that actually protect all the vault data.  The client device generates the Master Unlock Key each time a user accesses 1Password by providing the Master Password, which is combined with the Secret Key.  The asymmetric keys that are kept securely encrypted on the server, right?

If the Master Password is lost, the user can’t generate the Master Unlock Key to obtain keys, so they can’t get into their private vault. At that point, the account organizer can start the recovery process. 

What I don’t get is: what additional piece of information does the organizer and/or the server have that makes it possible to get back the keys needed to decrypt the vault?

I realize that the recovery process also involves extra safeguards, such as a secure email, which should keep outsiders locked out even if they somehow got the Secret Key. But if some piece of recovery data really is stored on the servers, what’s stopping a malicious insider from bypassing the email step and taking over the vault?

Could you point to documentation that explains this?

Thank you!