That's great, in theory. In reality it will just lead people to create very easy to remember passwords, since people are good at routine and not at things that change constantly. Those easy passwords, in turn, are much more easily cracked. How would you mitigate that risk, increasing the password change frequency?
I've worked with highly sensitive systems (*ahem* the Ogone payment system for one) that use silly policies like these, and yet are horribly unsafe. At one time when I tried to login with an expired password I got an error message saying that the password was not "completely" valid and that I should understand that the password is case-sensitive! Well, that message implies that they can do a case-insensitive check, which means they don't even hash passwords.
In my experience these policies just shift the responsibility for proper security to the end-user. Even though, in theory, it may act as a complementary security measure, in practice that's counterproductive for 99% of users. Also it is more often than not used as the only security measure (apart from the basic $input == $password).