There's a lot more regulation and guidance around taking down a phishing site at the domain level, rather than at the provider level. (E.g. Hosting company, CloudFlare and other DNS providers, etc.) If I remember correctly, ICANN requires takedowns to be either compelled by law enforcement, or done through the UDRP[1], whereas the providers themselves are typically more able to quickly respond to abuse. In addition, phishing domains are typically short lived, as once they're flagged by Google Safe Browsing[2] and the like, they're essentially worthless to the ne'er-do-wells that purchase them, regardless of if they're actually taken down.

[1]: http://www.icann.org/en/dndr/udrp/policy.htm [2]: https://safebrowsing.google.com/