You have found that email addresses listed in the BCC field of outbound emails are not detected by DLP Email Prevent.
When a policy-violating email is sent to multiple recipients, only the recipients listed in the TO field are shown in the DLP incident details, and any BCC'd recipients are not shown. When a policy-violating email is sent only to a recipient specified in the BCC field, no DLP incident is generated at all. 

It was confirmed to be expected behavior based on how the environment is configured. The gateway is just adding the email address for the DLP servers as an additional recipient on each outbound email, which means the DLP servers do not receive BCC recipient info.