If you run
sysadminctl -secureTokenStatus firstuseraccount and see a secure token is enabled for that first account but run
sysadminctl -secureTokenStatus seconduseraccount and see a secure token is not enabled for that second account, you can try adding a secure token to the second account, so it can turn on FileVault or become a FileVault-enabled account.
Try logging out of the second account and logging into the first account, and then running this command:
sysadminctl -secureTokenOn seconduseraccount -password - -adminUser firstuseraccount -adminPassword -
You should be prompted first for the password to the first account, and then for the password for the second account.
If it worked, then
sysadminctl -secureTokenStatus seconduseraccount should show a secure token enabled for the second account.
If, on the other hand, you get an error message like
Operation is not permitted without secure token unlock, you may have to wipe the Mac and reinstall macOS (I’d love to hear differently if folks have a working solution).