If we defined BadCSSChars as such:
BadCSSChars = <,>
Is this normal that URL encoded chars (%3C and %3E) are blocked by SiteMinder WebAgent?
Yes, this is normal.
Encoded characters are also blocked, even if the encoded value is not specifically defined in the BadCSSChars list. So when you define > in BadCSSChars, the character > and the corresponding encoded character %3E will be blocked by Siteminder WebAgent.