So the first question you need to ask yourself is how important/sensitive is the data that lives behind this application, if it is sensitive personal data of customers or employees then I would not recommend just allowing all meta characters for all parameters, even if it is just moderately valuable data I still may not do this. If it is public data though that you don't care who has it, then restricting meta character and white list security is probably not heavily needed
Allowing all Meta Characters for all parameters does contain an increased security risk, it is debatable as to how much of a risk increase you incur but that is mostly dependent on how your application is coded and what sort of technology is behind the application. If you code will compensate for unwanted characters by doing some sort of client side check or server side validation before allowing the value to process then you probably don't need to restrict many meta characters as you have good security built into the application.
The way I see it ASM is there to supplement security that has not or cannot be built into the application itself for whatever reason. As far as meta characters goes I tend to lean the opposite way from Torti and restrict what I don't want the user to be able to input. From a security standpoint what this does is narrow the scope that attackers can use against your application. Many of the attacks and bypasses used to get at data behind an application use meta characters or a combination of meta characters so restricting to allow only what is needed will take away some options attackers have. Yes Attack Signatures will still stop a known malicious pattern even if the single meta character is allowed, but this is for known exploits and attacks, restricting your site to only what is needed (or as best you can) will help limit your exposure to 0 day and unknown exploits.