For PCI compliance one may not reuse one of the last four passwords when changing a password.

The PCI-DSS (payment card industry data security standard) has this specification.