We dont have any reported performance problems related to AES 256 encryption.
We have had other clients pose the same questions as yours.
AES256 is absolutely a more CPU intensives solution than any other encryption methodology provided in the past. The hashing algorithm requires a significant number of instruction iterations to complete to achieve the desired levels of protection. Its approximately 4-5 times more.
It is strongly recommended that you consider the hardware implementations of ICSF Cryptographic services and CPACF (CP Assist for Cryptographic Function) functions to achieve the best performance (hardware is faster than software). Overall CPU utilization will be higher with AES256, the response to end users will be dependent on application requirements for logon activity.
With that said, from my experience, the majority of our clients implement when they migrated to r16 and we really dont have any reported problems indicating their was a sudden surge in CPU after implementing it, so this implies that the impact is not noticeable. Otherwise we would of heard something by now. The majority of CA Top Secret users are running r16. We rarely get any r15 calls.