Special character # removed when calling a program

Answer

The ACF2 ALLCMDS parameter is the one making a difference.

According to CA-ACF2 documentation :

CA-ACF2 Security for z/OS System Programmer Guide, p. 73
Restricting TSO Commands
One of the TSO options available with eTrust CA-ACF2 is the restricted commands list. This option lets you specify a variable length list that contains the commands a given TSO user can use. The user can enter any valid TSO command, but only those commands that are specified in the restricted commands list are executed as valid TSO commands. Any command not found in the list is assumed to be a TSO CLIST command. If TSO cannot locate the specified command in a CLIST library, it indicates that the command was not found. Even though the command might exist, the command is not executed because it is not part of the restricted commands list.
The restricted commands list option also provides the ability to bypass the list if a user has the proper bypass authorization. This is accomplished through the use of an escape character, which is defined in the BYPASS field of the GSO TSO record. The pound sign (#) is the default escape character. By specifying # as the first character of the command name, a TSO command can be executed even though it is not included in the restricted commands list for that user. The user must be specifically authorized to use the escape character. To authorize him, specify the ALLCMDS attribute in his logonid record. Otherwise, the escape character is assumed to be part of the command name.

CLIST Considerations
Any TSO command that was previously available to a user but is excluded from the user's restricted commands list causes the following TSO message to be generated:
COMMAND xxx NOT FOUND
This implies that a CLIST with the same name as the xxx command is invoked. If the CLIST exists and it attempts to issue the same TSO command itself, a CLIST loop results. For instance, a user is no longer allowed to issue the OPER command, but he has a CLIST named OPER that issues the OPER command. Since OPER is no longer a valid TSO command, an implicit CLIST search is made for OPER that results in the OPER CLIST invoking the OPER CLIST. The result is a CLIST loop.

It is clearly stated that in order to use BYPASS parameter of the GSO(TSO), the user must have the ALLCMDS in his TSO user privileges.
When ALLCMDS is not activate for the USER the escape character is assumed to be part of the command name. When activated, it is interpreted as an escape character and is removed for the command name.

In the working environments, even if BYPASS(#) is specified in GSO(TSO), the ALLCMDS privilege is not activated in any TSO user.

In the failing environment, BYPASS(#) is part of the GSO(TSO), it is the default value, and ALLCMDS is activated in most of the TSO users.

We tested it by removing ALLCMDS from my TSO privileges and now it is working properly. Since there is less consequences to change the default value of BYPASS parameter (by nullifying it BYPASS()) than withdraw the ALLCMDS privilege in most TSO users, we choose this solution.