They're case sensitive.
Must contain a the minimum number of characters set by the firm, which cannot be set at fewer than 8 characters.
Must contain at least one uppercase letter, one lowercase letter, one number, and one symbol
Must not match any of the previous 10 passwords
Must not contain a previous password (for example, you cannot choose
P%ss@ord10
if one of previous passwords was
P%ss@ord1
).