People don't all independently come up with a plan of making up terrible password rules - it's just a difficult to extinguish meme propagated by clueless deal makers.
Many systems I've worked on have terrible password rules. Symbols and numbers, and requirements to change them all the time (thus guaranteeing they'll be written down)... but it was never really our decision. We had to follow the security document, and the security document had to have those rules, because we'd agreed to follow those rules in order to work with a certain client or vendor. Ever wonder why some system won't let you change your password more than once a day? It's dumb, right? It's just one of those things that makes it into someone's weird viral rules.
That client or vendor probably didn't want those rules either, but their security document said they could only use vendors and clients that agreed to those rules, and their security document said that because it was part of a deal with one of their clients.
And it's not just this. There's tons of companies out there trying to get in on this viral security racket. We'll work for you for free! And for extra security we'll do audits of all your vendors and/or clients... and then blackmail them all into buying our software, so that they can be assured they'll pass the security audit they now need to work with you (quite possibly something they need to survive). And maybe some of them, we'll offer a "free" deal with, as long as they set policies that will allow us to blackmail all their vendors. Some of them don't even bother to hide it, they just send you the audit notice, namecheck the client you'll lose, and a price.