Manfred R. Bihy's answer is mainly correct. But regexp is capable of counting total character counts using lookaheads (please look at this article:
http://www.zorched.net/2009/05/08/password-strength-validation-with-regular-expressions/[
^]).
But strong password validation usually goes beyond this: for example not allowing sequence repetitions (like 123x123), not allowing parts of the username to be used in the passwords, not allowing previous passwords to be used, and so one, which can not be handled with regexp.
As I see, your requirements can be checked using the methods presented in the linked article.
[Update]
The following formula could be the one you are looking for:
^.*(?=.{12,})(?=.*([a-z].*?){3,})(?=.*([A-Z].*?){3,})(?=.*([\d].*?){3,})(?=.*([\W].*?){3,}).*$