Clerk refers to the National Institute of Standards and Technology (NIST) guidelines to determine its handling of leaked passwords:
When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised. For example, the list MAY include, but is not limited to:
Passwords obtained from previous breach corpuses.
Specifically, Clerk contracts with have i been pwned to compare prospective passwords against its corpus of over 10 billion leaked credentials.