Many companies do this to protect against people registering names people have used to make fun of them. I've been instructed to do this for a few companies and had to register hundreds of variations of slurs. I personally think it's a waste of time given anyone can put literally any name in front of another domain name. e.g. ClownWhatever.SomeThrowAwayDomain.tld. I think it's really just donating money to registrars.
If anyone plans to do this, one lesson learned is to ensure that this process, the domains names and the purpose is documented in emails with JIRA numbers, in JIRA's with email threads including the head of legal, compliance, fraud, etc... as people come and go and there will be serious questions about why one registered all these domains. A TXT record with the JIRA number is probably also a good idea.
